Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to boot up Windows XP after running Norton Power Eraser


  • This topic is locked This topic is locked
22 replies to this topic

#1 mhakkinen68

mhakkinen68

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 30 April 2015 - 06:18 AM

Installed NPE and my system is basically stuck in an infinite loop. Can't pick start windows normally or start in safe mode (regardless of choice it just generates an infinite loop where I can't exit this screen).

 

Tried following instructions (downloading MBRfix and fixlist.txt into a USB and plugged that USB into the affected computer at bootup) here: http://www.bleepingcomputer.com/forums/t/479411/cant-boot-apparent-norton-power-eraser-issue/ to no avail. Appreciate any advice you folks can render. Thanks. 



BC AdBot (Login to Remove)

 


#2 mhakkinen68

mhakkinen68
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 30 April 2015 - 06:46 AM

Merged topics.  Topic title was: Bestwebnutfunblack: How to remove this? ~ OB
 
I believe my PC is infected with "Bestwebnutfunblack".
 
Please advise how I can remove this?


Edited by Orange Blossom, 01 May 2015 - 01:23 PM.


#3 mhakkinen68

mhakkinen68
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 01 May 2015 - 12:12 AM

Yes, it's the same PC.

 

Anyway, I am now able to boot up my PC, but the adware/spyware still seems to persist.



#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,962 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:08 AM

Posted 01 May 2015 - 01:20 PM

Okay, to avoid confusion, I'm going to merge the two topics.  I will edit the topic somewhat after the merging so that it will make sense in the new context.

 

Orange Blossom :cherry:


Edited by Orange Blossom, 01 May 2015 - 01:24 PM.
Topics merged. Will remove this post tomorrow. ~ OB

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,539 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:08 AM

Posted 04 May 2015 - 08:35 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running?
Wait for further instructions.

#6 mhakkinen68

mhakkinen68
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 07 May 2015 - 09:00 AM

Malwarebytes Application Log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/7/2015
Scan Time: 4:05:55 PM
Logfile: Malwarebytes.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.07.01
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: user
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 332869
Time Elapsed: 5 hr, 13 min, 11 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

AdwCleaner[S0].txt

 

# AdwCleaner v4.203 - Logfile created 07/05/2015 at 21:36:56

# Updated 30/04/2015 by Xplode
# Database : 2015-05-05.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : user - ACER
# Running from : C:\Documents and Settings\user\My Documents\Downloads\adwcleaner_4.203.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\19bb401200007a35
Folder Deleted : C:\Documents and Settings\All Users\Application Data\9847d14c00003946
Folder Deleted : C:\Documents and Settings\All Users\Application Data\{295667b0-4eec-9b22-2956-667b04ee9ec1}
Folder Deleted : C:\Documents and Settings\All Users\Application Data\{cd65db0a-ad1a-0fca-cd65-5db0aad16c2a}
Folder Deleted : C:\Program Files\Faster Chrome Pro
Folder Deleted : C:\Program Files\GroeatSave4U
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\c8430185-909f-6185-4fcf-2e98cbfb362a
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E52324B-66BF-44AE-A8C5-2DB48E90E729}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Google Chrome v42.0.2311.135
 
 
*************************
 
AdwCleaner[R0].txt - [1946 bytes] - [07/05/2015 21:29:22]
AdwCleaner[S0].txt - [1899 bytes] - [07/05/2015 21:36:56]


#7 mhakkinen68

mhakkinen68
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 07 May 2015 - 09:01 AM

FARBAR (all I have is a FSS.txt which is appended below)

 

Farbar Service Scanner Version: 17-01-2015

Ran by user (administrator) on 07-05-2015 at 21:43:16
Running from "C:\Documents and Settings\user\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Other Services:
==============
 
 
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
 
Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) 
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.
 
**** End of log ****


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,539 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:08 AM

Posted 08 May 2015 - 06:21 AM

You have submitted the log from the Farbar Service Scanner

I need to see the logs from this tool.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

How is the computer running?

#9 mhakkinen68

mhakkinen68
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 09 May 2015 - 12:15 PM

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-05-2015
Ran by user (administrator) on ACER on 10-05-2015 01:12:26
Running from C:\Documents and Settings\user\My Documents\Downloads
Loaded Profiles: user (Available profiles: user)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd.exe
(Hewlett-Packard Company) C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [30208 2005-12-08] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [49152 2006-05-19] ()
HKLM\...\Run: [Microsoft Pinyin IME Migration] => c:\Program Files\Common Files\Microsoft Shared\ime12lite\imesc\IMSCMig.exe [38432 2008-04-12] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-21] (Adobe Systems Incorporated)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20118088 2013-01-10] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd.exe [49152 2003-06-25] (Hewlett-Packard)
HKLM\...\Run: [HP Component Manager] => C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [212992 2003-06-26] (Hewlett-Packard Company)
HKLM\...\Run: [DXDllRegExe] => dxdllreg.exe
HKU\S-1-5-21-2834238565-960584999-2119143532-1003\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony)
HKU\S-1-5-21-2834238565-960584999-2119143532-1003\...\MountPoints2: G - G:\Startme.exe
HKU\S-1-5-21-2834238565-960584999-2119143532-1003\...\MountPoints2: {469598f1-91c6-11e4-af6f-7427eab3532e} - G:\Startme.exe
HKU\S-1-5-21-2834238565-960584999-2119143532-1003\...\MountPoints2: {9db0be8e-81f7-11e4-af1f-7427eab3532e} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2834238565-960584999-2119143532-1003\...\MountPoints2: {b67d2f1f-06b6-11e3-a861-7427eab3532e} - G:\LaunchU3.exe -a
HKU\S-1-5-21-2834238565-960584999-2119143532-1003\...\MountPoints2: {e86fb9a9-8450-11e4-af34-7427eab3532e} - G:\HTC_Sync_Manager_PC.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-06-19]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-05-03]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OpenVPN Client.lnk [2014-09-09]
ShortcutTarget: OpenVPN Client.lnk -> C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\uiboot.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2834238565-960584999-2119143532-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2834238565-960584999-2119143532-1003\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2834238565-960584999-2119143532-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-2834238565-960584999-2119143532-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-sg/?ocid=iehp
HKU\S-1-5-21-2834238565-960584999-2119143532-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2834238565-960584999-2119143532-1003 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll [2003-06-26] (Hewlett-Packard Company)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-07] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-07] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-03-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-03-16] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-02-28]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Profile 2
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-02]
CHR Extension: (Google Wallet) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-30]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-03-16] (Oracle Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 OpenVPNAccessClient; C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [24064 2010-08-12] () [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [167936 2005-08-08] () [File not signed]
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [35840 2004-10-08] (Oak Technology Inc.)
S0 ahcix86; C:\WINDOWS\System32\DRIVERS\ahcix86.sys [189968 2009-04-09] (Advanced Micro Devices, Inc)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51056 2003-08-11] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2003-08-11] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21488 2003-08-11] (HP)
R3 MEI; C:\WINDOWS\System32\DRIVERS\HECI.sys [56432 2013-01-23] (Intel Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
U0 nvgts; No ImagePath
U0 nvrd32; No ImagePath
S3 qcserxp; C:\WINDOWS\System32\DRIVERS\qcserxp.sys [103424 2009-01-24] (QUALCOMM Incorporated)
R3 RtlWlanu; C:\WINDOWS\System32\DRIVERS\rtwlanu.sys [1345936 2012-12-05] (Realtek Semiconductor Corporation                           )
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 tapoas; C:\WINDOWS\System32\DRIVERS\tapoas.sys [26112 2010-08-03] (The OpenVPN Project) [File not signed]
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-10 01:12 - 2015-05-10 01:12 - 00000000 ____D () C:\FRST
2015-05-07 21:43 - 2015-05-07 21:43 - 00001330 _____ () C:\Documents and Settings\user\Desktop\FSS.txt
2015-05-07 21:40 - 2015-05-07 21:40 - 00002038 _____ () C:\Documents and Settings\user\Desktop\AdwCleaner[S0].txt
2015-05-07 21:29 - 2015-05-07 21:37 - 00000000 ____D () C:\AdwCleaner
2015-05-07 21:27 - 2015-05-07 21:27 - 00052440 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\cobvqpid.sys
2015-05-07 21:25 - 2015-05-07 21:25 - 00001069 _____ () C:\Documents and Settings\user\Desktop\Malwarebytes.txt
2015-05-07 16:04 - 2015-05-07 16:05 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-07 16:03 - 2015-05-07 16:03 - 00000783 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-07 16:03 - 2015-05-07 16:03 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-07 16:03 - 2015-05-07 16:03 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-07 16:03 - 2015-05-07 16:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-05-07 16:03 - 2015-04-14 09:37 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-07 16:03 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-06 12:13 - 2015-05-06 12:18 - 00000000 ____D () C:\Documents and Settings\user\My Documents\Medishield
2015-05-01 00:23 - 2015-05-01 00:23 - 00000000 ____D () C:\Documents and Settings\user\Local Settings\Application Data\Temp
2015-05-01 00:11 - 2015-05-02 00:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-04-30 18:48 - 2015-04-30 18:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SMR430
2015-04-30 18:47 - 2015-04-30 19:32 - 00000000 ____D () C:\Documents and Settings\user\Local Settings\Application Data\NPE
2015-04-30 18:47 - 2015-04-30 18:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
2015-04-26 17:39 - 2015-04-26 17:39 - 00000000 ___RD () C:\Program Files\Skype
2015-04-26 17:39 - 2015-04-26 17:39 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-04-26 17:39 - 2015-04-26 17:39 - 00000000 ____D () C:\Documents and Settings\user\Local Settings\Application Data\Skype
2015-04-26 17:39 - 2015-04-26 17:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2015-04-15 20:14 - 2015-04-15 20:14 - 18178736 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2015-04-12 10:18 - 2015-05-08 11:36 - 00000020 _____ () C:\Documents and Settings\user\Application Data\appdataFr3.bin
2015-04-12 10:18 - 2015-04-27 01:54 - 00000000 ____D () C:\Program Files\Infusionsoft Sync for Gmail
2015-04-12 10:17 - 2015-04-22 21:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\10077761372645422305
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-10 01:12 - 2010-02-28 09:55 - 00000000 ____D () C:\Documents and Settings\user\Local Settings\Temp
2015-05-10 01:03 - 2014-03-19 07:43 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-05-10 01:03 - 2013-08-16 20:33 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-05-10 01:03 - 2013-08-16 20:33 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-05-10 01:03 - 2013-08-16 19:52 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-10 01:03 - 2010-02-28 11:13 - 00000256 _____ () C:\WINDOWS\Tasks\WGASetup.job
2015-05-10 01:03 - 2010-02-28 09:53 - 00032420 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-10 01:03 - 2010-02-28 09:53 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-10 01:03 - 2010-02-28 09:47 - 01357507 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-09 22:22 - 2010-02-28 09:55 - 00000178 ___SH () C:\Documents and Settings\user\ntuser.ini
2015-05-09 22:14 - 2013-08-24 06:23 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-09 21:46 - 2013-08-16 19:52 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-07 04:16 - 2014-12-12 20:09 - 00000000 ____D () C:\Temp
2015-05-04 02:20 - 2013-10-12 01:21 - 00000000 ____D () C:\Documents and Settings\user\Desktop\Vacation Bookings
2015-04-30 18:48 - 2010-02-28 01:32 - 00000220 __RSH () C:\boot.ini
2015-04-30 17:51 - 2013-09-09 16:58 - 00857232 _____ () C:\WINDOWS\DPINST.LOG
2015-04-30 17:51 - 2013-09-09 16:58 - 00001745 _____ () C:\Documents and Settings\All Users\Desktop\Sony PC Companion 2.1.lnk
2015-04-30 17:51 - 2013-09-09 16:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Sony
2015-04-30 17:51 - 2010-02-28 10:00 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-04-29 22:47 - 2013-08-16 19:54 - 00001819 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-04-28 00:36 - 2013-08-16 19:41 - 00000000 ____D () C:\Documents and Settings\user\Application Data\Skype
2015-04-27 23:36 - 2013-08-16 19:41 - 00002265 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
2015-04-26 17:39 - 2013-08-16 19:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2015-04-26 03:23 - 2013-08-23 19:33 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2015-04-18 20:46 - 2010-02-28 01:35 - 00607032 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-15 20:14 - 2013-08-24 06:23 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-04-15 20:14 - 2013-08-24 06:23 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-04-15 18:26 - 2013-08-23 19:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-04-15 18:26 - 2013-08-16 16:32 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-15 18:23 - 2010-02-28 11:19 - 125832184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-15 18:22 - 2008-04-14 20:00 - 00000637 _____ () C:\WINDOWS\win.ini
2015-04-13 21:07 - 2013-08-16 16:03 - 00000000 ____D () C:\Documents and Settings\user\Desktop\Edwin
2015-04-11 21:11 - 2013-08-16 16:00 - 00000000 ____D () C:\Documents and Settings\user\Desktop\MP3's
2015-04-11 00:11 - 2014-05-26 19:07 - 00000000 ____D () C:\Documents and Settings\user\My Documents\Outlook Files
 
==================== Files in the root of some directories =======
 
2015-04-12 10:18 - 2015-05-08 11:36 - 0000020 _____ () C:\Documents and Settings\user\Application Data\appdataFr3.bin
2013-08-17 05:29 - 2015-03-23 10:48 - 0022016 _____ () C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-05 23:34 - 2014-10-05 23:34 - 0000127 _____ () C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat
 
Some content of TEMP:
====================
C:\Documents and Settings\user\Local Settings\Temp\DseShExt-x86.dll
C:\Documents and Settings\user\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\user\Local Settings\Temp\RemoveTD.exe
C:\Documents and Settings\user\Local Settings\Temp\SDShelEx-win32.dll
C:\Documents and Settings\user\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\user\Local Settings\Temp\TDCompression.exe
C:\Documents and Settings\user\Local Settings\Temp\{4ED7B378-0762-4489-9B90-27B626BA5DE1}-32.0.1700.76_32.0.1700.72_chrome_updater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 

 

==================== End Of Log ============================


#10 mhakkinen68

mhakkinen68
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 09 May 2015 - 12:16 PM

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-05-2015
Ran by user at 2015-05-10 01:13:20
Running from C:\Documents and Settings\user\My Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2834238565-960584999-2119143532-500 - Administrator - Enabled)
ASPNET (S-1-5-21-2834238565-960584999-2119143532-1005 - Limited - Enabled)
Guest (S-1-5-21-2834238565-960584999-2119143532-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-2834238565-960584999-2119143532-1007 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-2834238565-960584999-2119143532-1002 - Limited - Disabled)
user (S-1-5-21-2834238565-960584999-2119143532-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\user
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
1300 (Version: 5.31.1.27 - Hewlett-Packard) Hidden
1300_Help (Version: 5.31.1.27 -  Hewlett-Packard) Hidden
1300Tour (Version: 5.31.1.27 -  Hewlett-Packard) Hidden
1300Trb (Version: 5.31.1.27 -  Hewlett-Packard) Hidden
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader 9.4.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.0 - Adobe Systems Incorporated)
AiO_Scan (Version: 5.31.1.27 - Hewlett-Packard) Hidden
AIOMinimal (Version: 5.31.1.27 - Hewlett-Packard) Hidden
AiOSoftware (Version: 5.31.1.27 - Hewlett-Packard) Hidden
AVG PC TuneUp 2014 (en-GB) (Version: 14.0.1001.380 - AVG) Hidden
Copy (Version: 5.31.0.150 - Hewlett-Packard) Hidden
CreativeProjects (Version: 5.31.0.150 - Hewlett-Packard) Hidden
Director (Version: 5.31.0.154 - Hewlett-Packard) Hidden
DocProc (Version: 3.1.0.0 - Hewlett-Packard) Hidden
Fax (Version: 5.31.2.31 - Hewlett-Packard) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HP Photo & Imaging 3.1 (HKLM\...\HP Photo & Imaging) (Version: 3.1 - HP)
HP PSC & OfficeJet 3.0 (HKLM\...\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}) (Version: 3.0 - HP)
HP Software Update (HKLM\...\{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}) (Version: 1.0.18.20030625 - Hewlett-Packard)
hpmdtab (Version: 2.0.470.1598 - Hewlett-Packard) Hidden
HPSystemDiagnostics (Version: 1.5.0.0 - Your Company Name) Hidden
InstantShare (Version: 3.1.0.13 - Hewlett-Packard) Hidden
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.10.5436 - Intel Corporation)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Jays Snipping Tool (HKU\S-1-5-21-2834238565-960584999-2119143532-1003\...\e891758400ca417b) (Version: 1.0.0.12 - Missoula Software)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Memories Disc Creator 2.0 (HKLM\...\{2E132061-C78A-48D4-A899-1D13B9D189FA}) (Version: 2.0.470.1598 - Memories Disc Creator 2.0)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version:  - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenVPN Client (HKLM\...\{072A5217-8165-4AB7-8366-36CB3245DB60}) (Version: 1.5.6 - OpenVPN Technologies)
Overland (Version: 1.76.0 - Hewlett-Packard) Hidden
PhotoGallery (Version: 5.31.0.158 - Hewlett-Packard) Hidden
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.1815.0 - CyberLink Corporation)
PrintScreen (Version: 5.31.0.147 - Hewlett-Packard) Hidden
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
QuickProjects (Version: 5.31.0.147 - Hewlett-Packard) Hidden
Readme (Version: 5.31.1.27 - Hewlett-Packard) Hidden
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.30.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6828 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.20.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.20.0 - Renesas Electronics Corporation) Hidden
Scan (Version: 3.1.0.0 - Hewlett-Packard) Hidden
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SkinsHP1 (Version: 5.31.0.147 - Hewlett-Packard) Hidden
SkinsHP2 (Version: 5.31.0.147 - Hewlett-Packard) Hidden
Skype™ 7.4 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Sony PC Companion 2.10.259 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.259 - Sony)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
TrayApp (Version: 5.31.0.147 - Hewlett-Packard) Hidden
Unload (Version: 3.1.0 - Hewlett-Packard) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 5.31.0.147 - Hewlett-Packard) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
微软拼音输入法2007 (HKLM\...\{52307374-EA35-4003-B7E4-8F1FB422749F}) (Version: 12.0.5000.1001 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2834238565-960584999-2119143532-1003_Classes\CLSID\{0FB8DE1A-E991-40E5-83CA-5172084B2073}\InprocServer32 -> C:\Program Files\HP\Digital Imaging\bin\hpISdownsampler.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-2834238565-960584999-2119143532-1003_Classes\CLSID\{DA7A2849-2E3F-4F87-A1C4-43843592BAED}\InprocServer32 -> C:\Program Files\HP\Digital Imaging\bin\hpodcpxe.dll (Hewlett-Packard Company)
CustomCLSID: HKU\S-1-5-21-2834238565-960584999-2119143532-1003_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\DOCUME~1\user\LOCALS~1\Temp\18F0\temp\Norton Antivirus Pro v21 6 0 32 Final Patch 2Shot.exe No Fi (the data entry has 2 more characters).
 
==================== Restore Points  =========================
 
10-02-2015 21:13:56 System Checkpoint
11-02-2015 09:05:52 Software Distribution Service 3.0
12-02-2015 07:20:52 Software Distribution Service 3.0
14-02-2015 03:59:04 System Checkpoint
18-02-2015 12:52:10 System Checkpoint
21-02-2015 19:13:46 System Checkpoint
25-02-2015 20:52:27 System Checkpoint
28-02-2015 23:13:04 System Checkpoint
02-03-2015 09:01:54 System Checkpoint
03-03-2015 09:03:58 System Checkpoint
08-03-2015 15:04:25 System Checkpoint
10-03-2015 20:29:03 System Checkpoint
11-03-2015 20:44:52 System Checkpoint
11-03-2015 23:41:54 Software Distribution Service 3.0
13-03-2015 08:25:34 System Checkpoint
15-03-2015 21:42:44 System Checkpoint
18-03-2015 17:21:05 System Checkpoint
21-03-2015 05:56:22 System Checkpoint
22-03-2015 06:36:08 System Checkpoint
25-03-2015 22:51:46 System Checkpoint
04-04-2015 13:15:01 System Checkpoint
05-04-2015 13:20:59 System Checkpoint
07-04-2015 09:05:21 System Checkpoint
09-04-2015 21:46:31 System Checkpoint
11-04-2015 04:10:04 System Checkpoint
12-04-2015 04:54:53 System Checkpoint
13-04-2015 20:36:28 System Checkpoint
14-04-2015 21:39:27 System Checkpoint
15-04-2015 18:21:44 Software Distribution Service 3.0
18-04-2015 20:37:57 System Checkpoint
20-04-2015 19:13:35 System Checkpoint
26-04-2015 00:38:09 System Checkpoint
28-04-2015 09:07:16 System Checkpoint
30-04-2015 19:34:04 Norton_Power_Eraser_20150430193401468
30-04-2015 23:12:58 Removed Windows Live Upload Tool
01-05-2015 00:12:28 avast! antivirus system restore point
02-05-2015 00:10:35 avast! antivirus system restore point
03-05-2015 00:46:59 System Checkpoint
04-05-2015 18:33:41 System Checkpoint
06-05-2015 02:59:47 System Checkpoint
07-05-2015 03:02:10 System Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2008-04-14 20:00 - 2008-04-14 20:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\WGASetup.job => C:\WINDOWS\system32\KB905474\wgasetup.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2010-08-12 17:45 - 2010-08-12 17:45 - 00024064 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
2009-07-05 06:35 - 2009-07-05 06:35 - 00028160 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\servicemanager.pyd
2009-07-05 06:35 - 2009-07-05 06:35 - 00110592 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\pywintypes26.dll
2009-07-05 06:35 - 2009-07-05 06:35 - 00041472 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32service.pyd
2009-07-05 06:35 - 2009-07-05 06:35 - 00096256 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32api.pyd
2009-10-26 09:27 - 2009-10-26 09:27 - 00153088 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\pyexpat.pyd
2009-10-26 09:25 - 2009-10-26 09:25 - 00040448 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\_socket.pyd
2009-10-26 09:25 - 2009-10-26 09:25 - 00645120 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\_ssl.pyd
2010-03-16 13:05 - 2010-03-16 13:05 - 00020480 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\zope.interface._zope_interface_coptimizations.pyd
2009-10-26 09:27 - 2009-10-26 09:27 - 00311808 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\_hashlib.pyd
2009-10-26 09:25 - 2009-10-26 09:25 - 00073728 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\_ctypes.pyd
2009-10-26 09:27 - 2009-10-26 09:27 - 00011776 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\select.pyd
2010-05-05 13:44 - 2010-05-05 13:44 - 00010752 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.rand.pyd
2010-05-05 13:44 - 2010-05-05 13:44 - 00051200 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.crypto.pyd
2010-05-05 13:44 - 2010-05-05 13:44 - 00039936 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.SSL.pyd
2009-07-05 06:35 - 2009-07-05 06:35 - 00036352 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32process.pyd
2010-05-05 13:43 - 2010-05-05 13:43 - 00008192 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\twisted.protocols._c_urlarg.pyd
2009-07-05 06:35 - 2009-07-05 06:35 - 00110592 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32security.pyd
2009-07-05 06:35 - 2009-07-05 06:35 - 00017920 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32event.pyd
2009-07-06 04:16 - 2009-07-06 04:16 - 00111104 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32file.pyd
2009-07-05 06:35 - 2009-07-05 06:35 - 00024064 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32pipe.pyd
2010-02-28 10:01 - 2005-08-08 13:54 - 00167936 _____ () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2013-09-09 16:58 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
2013-09-09 16:58 - 2014-12-04 15:18 - 00241152 _____ () C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files\Sony\Sony PC Companion\Report.dll
2013-09-09 16:58 - 2013-05-20 12:58 - 00620718 _____ () C:\Program Files\Sony\Sony PC Companion\sqlite3.dll
2014-06-12 10:19 - 2014-06-12 10:19 - 00643584 _____ () C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll
2013-09-09 16:58 - 2014-06-23 09:07 - 00113376 _____ () C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
2008-04-14 20:00 - 2013-01-02 14:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2008-04-14 20:00 - 2008-04-14 20:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2008-04-14 20:00 - 2008-04-14 20:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2015-04-29 22:47 - 2015-04-28 10:07 - 14980424 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2834238565-960584999-2119143532-1003\...\hola.org -> hxxp://hola.org
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2834238565-960584999-2119143532-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 89.233.43.71 - 91.239.100.100
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dpvsetup.exe] => Enabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\rundll32.exe] => Enabled:Run a DLL as an App
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE] => Enabled:Microsoft OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Hola\app\hola_updater.exe] => Enabled:Hola Internet Acceleration. Faster Internet, Anywhere!
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/04/2015 06:15:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application hpcmpmgr.exe, version 1.76.0.0, faulting module hpcmpmgr.exe, version 1.76.0.0, fault address 0x000119a6.
Processing media-specific event for [hpcmpmgr.exe!ws!]
 
Error: (05/01/2015 02:41:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 42.0.2311.135, faulting module chrome.dll, version 42.0.2311.135, fault address 0x00016c35.
Processing media-specific event for [chrome.exe!ws!]
 
Error: (04/26/2015 04:33:25 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved
 
Error: (04/10/2015 11:28:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module msctf.dll, version 5.1.2600.5512, fault address 0x0003567c.
Processing media-specific event for [explorer.exe!ws!]
 
Error: (03/21/2015 10:52:35 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established
 
 
System errors:
=============
Error: (05/10/2015 01:03:12 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
ahcix86
 
Error: (05/09/2015 09:07:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
ahcix86
 
Error: (05/09/2015 11:44:57 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
ahcix86
 
Error: (05/09/2015 11:34:07 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
ahcix86
 
Error: (05/08/2015 00:50:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
ahcix86
 
Error: (05/08/2015 10:45:05 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
ahcix86
 
Error: (05/08/2015 02:24:52 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
ahcix86
 
Error: (05/07/2015 09:40:04 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
ahcix86
 
Error: (05/07/2015 09:36:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/07/2015 09:36:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (05/04/2015 06:15:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: hpcmpmgr.exe1.76.0.0hpcmpmgr.exe1.76.0.0000119a6
 
Error: (05/01/2015 02:41:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe42.0.2311.135chrome.dll42.0.2311.13500016c35
 
Error: (04/26/2015 04:33:25 PM) (Source: crypt32) (EventID: 8) (User: )
 
Error: (04/10/2015 11:28:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.5512msctf.dll5.1.2600.55120003567c
 
Error: (03/21/2015 10:52:35 AM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtA connection with the server could not be established
 
 
==================== Memory info =========================== 
 
Processor:  Intel® Pentium® CPU G2030 @ 3.00GHz
Percentage of memory in use: 27%
Total physical RAM: 3522.31 MB
Available physical RAM: 2541.35 MB
Total Pagefile: 5402.58 MB
Available Pagefile: 4506.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1920.42 MB
 
==================== Drives ================================
 
Drive c: (XPP_EN) (Fixed) (Total:465.76 GB) (Free:369.93 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B2334A43)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#11 mhakkinen68

mhakkinen68
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 09 May 2015 - 12:18 PM

My PC is generally running okay, although when multiple programs are opened, one of the existing one could take a prolonged period to open. I also notice the bootup is around a minute or two longer than in the past.

 

That said, the adware "Bestwebnutfunblack" still exists. When I click on some links, I automatically get directed to that site. Other times, when I linger on a particular site for too long, it automatically gets routed to some advertising sites too.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,539 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:08 AM

Posted 10 May 2015 - 08:12 AM

There could be some remnant items.

Run an online scan with Eset (easiest with Internet Explorer): http://www.eset.com/onlinescan/
To shorten the scanning time disable your antivirus program while scanning.

Select Enable detection of potentially unwanted applications.
Click Advanced Settings.

Deselect Remove found threats.

Select:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology


Click Start.

When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply.
<<<>>>

#13 mhakkinen68

mhakkinen68
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 12 May 2015 - 07:03 AM

There could be some remnant items.

Run an online scan with Eset (easiest with Internet Explorer): http://www.eset.com/onlinescan/
To shorten the scanning time disable your antivirus program while scanning.

Select Enable detection of potentially unwanted applications.
Click Advanced Settings.

Deselect Remove found threats.

Select:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology


Click Start.

When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply.
<<<>>>

 

I am unable to run ESET as it detects my IP to be outside North America. I reside in Asia. Any alternate sites I could rely on?



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,539 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:08 AM

Posted 12 May 2015 - 08:20 AM

Try this one.

http://www.kaspersky.com/free-virus-scan

#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,539 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:08 AM

Posted 18 May 2015 - 08:38 AM

Are you still with me?

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users