Avast WEBforum
Other => General Topics => Topic started by: diane blanx on May 03, 2011, 01:23:13 PM
-
since upgrading to avast 6 i keep getting messages saying malicious url or trojan horse blocked every 5 to 10 mins. i know nothing about computers can anyone tell me why this is happening and if its safe to use my computer.
-
1. Don't panic. As long as the word "blocked" is there, no need to be afraid. ;D
2. What is your operating system? Windows 7? Vista? XP?
3. Do you have any other antivirus software installed?
-
xp and no not that i am aware of
-
Okay, so here we go:
Download Malwarebytes Antimalware free by clicking on the blue MBAM in my signature.
Install it.
Start it.
Go to the update tab and update it.
Then start a "Quick scan" (takes only few minutes).
A log will appear after the scan - save that to your disk and post the file here (click "Additional Options" at the bottom of post editor window to attach the saved log file).
We'll continue then.
-
Scanning now but seems to be taking a while hope you still there
-
At least two more hours... then it's time to drive home and I'll be online again for 2 or 3 more hrs.
We'll get this done.
You selected "Quick Scan"?
-
Yes
-
Still scanning...? :o
-
wont let me upload file
-
What? Why not? What does it say?
Can you copy the content and paste it as normal text in a post?
-
Don't know how to do that
-
Open the log-file with notepad.
Mark the text.
Copy it (ctrl + C) and paste (ctrl + V) it in your post.
What is the error message when you try to upload it?
-
www Malwarebytes' Anti-Malware 1.50.1.1100
.malwarebytes.org
Database version: 6498
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
03/05/2011 14:04:12
errors2
Scan type: Quick scan
Objects scanned: 185484
Time elapsed: 58 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 22
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 22
Files Infected: 42
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
c:\WINDOWS\igasetacokuvomu.dll (IPH.Trojan.Hiloti.B) -> No action taken.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AMService (Spyware.Passwords.XGen) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Spyware.Passwords.XGen) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{6F098504-CDB1-420f-A2E6-DDC0B835FEDF} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\HBLiteAX.Info.1 (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\HBLiteAX.Info (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4E674574-3F0B-491d-8AE3-F90B43A34FD6} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\HBLiteAX.UserProfiles.1 (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\HBLiteAX.UserProfiles (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4E674574-3F0B-491D-8AE3-F90B43A34FD6} (Adware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> No action taken.
-
CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-E229-4942-87CE-E717109FC8C6 HKEY } (Adware.ShoppingReport2) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> No action taken.
HKEY_CURRENT_USER\Software\hblitesa (Adware.HotBar) -> No action taken.
HKEY_CURRENT_USER\Software\ShoppingReport2 (Adware.ShoppingReport2) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\HBLite (Adware.HotBar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HBLiteSA (HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54- Adware.HotBar) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Aqiquba (IPH.Trojan.Hiloti.B) -> Value: Aqiquba -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\HBLite@HBLite.com (Adware.HotBar) -> Value: HBLite@HBLite.com -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\documents and settings\all users\application data\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> No action taken.
c:\documents and settings\charlotte\application data\HBLite (Adware.Hotbar) -> No action taken.
c:\documents and settings\all users\application data\HBLiteSA (Adware.Hotbar) -> No action taken.
c:\documents and settings\Diane\application data\shoppingreport2 (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Diane\application data\shoppingreport2\cs (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Diane\application data\shoppingreport2\cs\db (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Diane\application data\shoppingreport2\cs\dwld (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Diane\application data\shoppingreport2\cs\report (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Diane\application data\shoppingreport2\cs\res1 (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Liam\application data\shoppingreport2 (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Liam\application data\shoppingreport2\cs (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Liam\application data\shoppingreport2\cs\db (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Liam\application data\shoppingreport2\cs\dwld (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Liam\application data\shoppingreport2\cs\report (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Liam\application data\shoppingreport2\cs\res1 (Adware.ShoppingReport2) -> No action taken.
c:\program files\HBLite (Adware.Hotbar) -> No action taken.
c:\program files\HBLite\bin (Adware.Hotbar) -> No action taken.
c:\program files\HBLite\bin\11.0.363.0 (Adware.Hotbar) -> No action taken.
-
c:\program files\HBLite\bin\11.0.363.0\firefox (Adware.Hotbar) -> No action taken.
c:\program files\HBLite\bin\11.0.363.0\firefox\extensions (Adware.Hotbar) -> No action taken.
c:\program files\HBLite\bin\11.0.363.0\firefox\extensions\plugins (Adware.Hotbar) -> No action taken.
c:\documents and settings\all users\start menu\Programs\Hotbar (Adware.Hotbar) -> No action taken.
Files Infected:
c:\WINDOWS\igasetacokuvomu.dll (IPH.Trojan.Hiloti.B) -> No action taken.
c:\WINDOWS\Temp\cveo\setup.exe (Spyware.Passwords.XGen) -> No action taken.
c:\documents and settings\liam\local settings\temp\38.tmp (Malware.Gen) -> No action taken.
c:\documents and settings\liam\local settings\temp\ecsxamwonr.tmp (Trojan.Hiloti) -> No action taken.
c:\documents and settings\liam\local settings\temp\tcj.exe (Heuristics.Shuriken) -> No action taken.
c:\documents and settings\liam\local settings\temp\tck.exe (Heuristics.Shuriken) -> No action taken.
c:\documents and settings\liam\local settings\temp\tcl.exe (Heuristics.Shuriken) -> No action taken.
c:\documents and settings\liam\local settings\temp\tcm.exe (Trojan.FraudPack.Gen) -> No action taken.
c:\documents and settings\liam\local settings\temp\tcn.exe (Trojan.FraudPack.Gen) -> No action taken.
c:\documents and settings\liam\local settings\temp\tco.exe (Trojan.FraudPack.Gen) -> No action taken.
c:\documents and settings\liam\local settings\temp\tcp.exe (Trojan.FraudPack.Gen) -> No action taken.
c:\documents and settings\liam\local settings\temp\tcr.exe (Trojan.FraudPack.Gen) -> No action taken.
c:\documents and settings\liam\local settings\temp\tcs.exe (Trojan.FraudPack.Gen) -> No action taken.
c:\documents and settings\liam\local settings\temp\tct.exe (Trojan.FraudPack.Gen) -> No action taken.
c:\windows\temp\trz19.tmp (Trojan.Downloader) -> No action taken.
c:\windows\temp\trz1e.tmp (Trojan.Downloader) -> No action taken.
c:\windows\temp\trz3b.tmp (Trojan.Downloader) -> No action taken.
c:\windows\iz3dps.dll (Trojan.Hiloti) -> No action taken.
c:\windows\tfozua.exe (Trojan.FraudPack.Gen) -> No action taken.
c:\documents and settings\all users\application data\HBLiteSA\HBLiteSA.dat (Adware.Hotbar) -> No action taken.
c:\documents and settings\all users\application data\HBLiteSA\hblitesaabout.mht (Adware.Hotbar) -> No action taken.
c:\documents and settings\all users\application data\HBLiteSA\hblitesaau.dat (Adware.Hotbar) -> No action taken.
c:\documents and settings\all users\application data\HBLiteSA\hblitesaeula.mht (Adware.Hotbar) -> No action taken.
c:\documents and settings\all users\application data\HBLiteSA\hblitesa_kyf.dat (Adware.Hotbar) -> No action taken.
c:\documents and settings\Diane\application data\shoppingreport2\cs\Config.xml (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Diane\application data\shoppingreport2\cs\db\Aliases.dbs (Adware.ShoppingReport2) -> No action taken.
-
c:\documents and settings\Diane\application data\shoppingreport2\cs\db\Sites.dbs (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Diane\application data\shoppingreport2\cs\dwld\whitelist.xip (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Diane\application data\shoppingreport2\cs\report\aggr_storage.xml (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Diane\application data\shoppingreport2\cs\report\send_storage.xml (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Diane\application data\shoppingreport2\cs\res1\whitelist.dbs (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Liam\application data\shoppingreport2\cs\Config.xml (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Liam\application data\shoppingreport2\cs\db\Aliases.dbs (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Liam\application data\shoppingreport2\cs\db\Sites.dbs (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Liam\application data\shoppingreport2\cs\dwld\whitelist.xip (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Liam\application data\shoppingreport2\cs\report\aggr_storage.xml (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Liam\application data\shoppingreport2\cs\report\send_storage.xml (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Liam\application data\shoppingreport2\cs\res1\whitelist.dbs (Adware.ShoppingReport2) -> No action taken.
c:\program files\HBLite\bin\11.0.363.0\firefox\extensions\install.rdf (Adware.Hotbar) -> No action taken.
c:\documents and settings\all users\start menu\Programs\Hotbar\about hotbar.lnk (Adware.Hotbar) -> No action taken.
c:\documents and settings\all users\start menu\Programs\Hotbar\hotbar customer support center.lnk (Adware.Hotbar) -> No action taken.
c:\documents and settings\ lnk (Adware.Hotbar) -> No action all users\start menu\Programs\Hotbar\hotbar uninstall instructions.taken.
thats all of it
-
www Malwarebytes' Anti-Malware 1.50.1.1100
.malwarebytes.org
Database version: 6498
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
03/05/2011 14:04:12
errors2
Scan type: Quick scan
Objects scanned: 185484
Time elapsed: 58 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 22
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 22
Files Infected: 42
8) Rather heavyly infected...
Run MBAM again and have everything it finds deleted and quarantined.
Then run it again and post the log again.
-
i still have the malware bytes file on computer should i just quarentine everything now or do i have to run it again first
-
You can quarantine now. Good. (Reboot may be required)
Then post the log after that.
-
Pressing quarantine nothing happening should I try remove selected
-
Yes. Select everything (if not already) and remove.
Post log.
-
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6498
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
03/05/2011 15:15:03
mbam-log-2011-05-03 (15-14-07).txt
Scan type: Quick scan
Objects scanned: 187204
Time elapsed: 19 minute(s), 40 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\windows\temp\trz5f.tmp (Trojan.Downloader) -> No action taken.
c:\windows\temp\trz60.tmp (Trojan.Downloader) -> No action taken.
-
Select the two infected temp files in MBAM and remove them.
-
what do i do now
-
Select the two infected temp files in MBAM and remove them.
-
I'll be off now for about 60 minutes.
Check here later again, we'll do some scanning then.
CU
Zyndstoff
-
Should I go back on my computer now
-
Here I am. ;D
So, check your PC now.
Any strange behavior?
Perform an Avast Full System Scan. (See screenshot)
-
have started doing that but it takes about 3 hours will you stii be around then .it is still saying malicious url
-
Don't worry Diane,
If he isn't available,there are many others on here who will pitch in and help.
As long as Zydstoff is doing such a good job, you don't need any one else. :)
-
seems to be going quicker than its ever done before so may need your help soon
-
have started doing that but it takes about 3 hours will you stii be around then .it is still saying malicious url
Please specify: what is saying malicious url? Avast?
Can you give a screenshot of the error message?
-
Use this MS-tool to fix the Hosts-file: TOOL (http://support.microsoft.com/kb/972034/en-us)
Download the file to disk and then run it
then
Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/) to your desktop
- Quit all running programs
- For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
- When prompted, type 1 and validate
- The RKreport.txt shall be generated next to the executable.
- If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.
then
Download OTS (http://oldtimer.geekstogo.com/OTS.exe) to your Desktop and double-click on it to run it
- Make sure you close all other programs and don't use the PC while the scan runs.
- Select All Users
- Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
- Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
- When the scan is complete Notepad will open with the report file loaded in it.
- Please attach the log in your next post.
-
Don't worry Diane,
If he isn't available,there are many others on here who will pitch in and help.
As long as Zyndstoff is doing such a good job, you don't need any one else. :)
BTW: thanks, Bob... :)
-
i am panicing now because that sounds really complicated.how can i not use my pc when i need to follow your instructions and paste things.the 2 malicious url are called Longtrip-todayz.com and ikckclckl1i1i.com
-
i am panicing now because that sounds really complicated.how can i not use my pc when i need to follow your instructions and paste things.the 2 malicious url are called Longtrip-todayz.com and ikckclckl1i1i.com
Don't panic.
It's all easy, and you can do it. Don't worry.
When you start the OTS scan, then don't use the PC until the scan is done. Just leave him alone, scanning.
Just go step by step through the above instructions.
All the posting is done after the above instructions have been completed. Okay? ;)
-
scan completed no threat found to i come out of avast before i run the ots scan
-
scan completed no threat found to i come out of avast before i run the ots scan
Pardon me?
What do you mean "to I come out of Avast" ?
-
do i log out of the avast forum before i do the ots scan the scan that was completed with no threat was the avast full scan
-
Okay, we'll do this step by step.
Easy things first.
Download the HostsXpert 3.7 - Hosts File Manager (http://www.funkytoad.com/download/HostsXpert.zip)
Unzip it in any folder you like and run it.
What does it show in the right window side?
Click "Editing", "copy to clipboard" and paste in your next post.
-
# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
#
127.0.0.1 localhost
-
Okay, that file is clean.
Now:
Download OTS (http://oldtimer.geekstogo.com/OTS.exe) to your Desktop and double-click on it to run it
- Select All Users
- Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
- Now close all other programs running (including browser). You will have to log off the forum and log back in when the scan is done. Shouldn't take too long.
- Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
- When the scan is complete Notepad will open with the report file loaded in it.
- Please attach the log in your next post.
-
cant get it to download how do i download it
-
have you left me ???
-
Just click on the blue OTS in the post above...
-
have you left me ???
Alas! I am a human being, and as such I tend to eat and drink sometimes - in this case, I was away doing the opposite.. ;D
Other than that, I will never ever leave you. 8)
-
do i run or save
-
do i run or save
Save to desktop
-
code]
OTS logfile created on: 03/05/2011 18:52:41 - Run 1
OTS by OldTimer - Version 3.1.42.0 Folder = D:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
511.00 Mb Total Physical Memory | 222.00 Mb Available Physical Memory | 43.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 11.72 Gb Total Space | 0.53 Gb Free Space | 4.49% Space Free | Partition Type: NTFS
Drive D: | 102.76 Gb Total Space | 5.56 Gb Free Space | 5.41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 74.52 Gb Total Space | 60.31 Gb Free Space | 80.93% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HOME-PC
Current User Name: Diane
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Da
-
Processes - Safe List]
ots.exe -> D:\OTS.exe -> [2011/05/03 18:47:56 | 000,645,632 | ---- | M] (OldTimer Tools)
avastui.exe -> C:\Program Files\AVAST Software\Avast\AvastUI.exe -> [2011/04/18 18:25:12 | 003,460,784 | ---- | M] (AVAST Software)
avastsvc.exe -> C:\Program Files\AVAST Software\Avast\AvastSvc.exe -> [2011/04/18 18:25:10 | 000,042,184 | ---- | M] (AVAST Software)
runservice.exe -> C:\WINDOWS\Runservice.exe -> [2010/07/18 21:30:50 | 000,002,560 | ---- | M] ()
seaport.exe -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
sprtcmd.exe -> C:\Program Files\TalkTalk\bin\sprtcmd.exe -> [2005/08/16 00:12:02 | 000,192,512 | ---- | M] (SupportSoft, Inc.)
dragdiag.exe -> C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe -> [2004/01/26 11:38:38 | 000,866,816 | ---- | M] (THOMSON Telecom Belgium)
mixer.exe -> C:\WINDOWS\mixer.exe -> [2001/10/22 10:24:28 | 001,216,512 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw))
[Modules - Safe List]
ots.exe -> D:\OTS.exe -> [2011/05/03 18:47:56 | 000,645,632 | ---- | M] (OldTimer Tools)
snxhk.dll -> C:\Program Files\AVAST Software\Avast\snxhk.dll -> [2011/04/18 18:25:09 | 000,199,792 | ---- | M] (AVAST Software)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll -> [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation)
framedyn.dll -> C:\WINDOWS\system32\framedyn.dll -> [2006/05/03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation)
sprthook.dll -> C:\Program Files\TalkTalk\bin\sprthook.dll -> [2005/08/16 00:12:16 | 000,102,400 | ---- | M] (SupportSoft, Inc.)
[Win32 Services - Safe List]
(WMPNetworkSvc) Windows Media Player Network Sharing Service [On_Demand | Stopped] -> -> File not found
(oeldy1bfyefa2) Ati External Event Utility [Auto | Stopped] -> -> File not found
(AMService) AMService [Auto | Stopped] -> -> File not found
(avast! Antivirus) avast! Antivirus [Auto | Running] -> C:\Program Files\AVAST Software\Avast\AvastSvc.exe -> [2011/04/18 18:25:10 | 000,042,184 | ---- | M] (AVAST Software)
(LicCtrlService) LicCtrl Service [Auto | Running] -> C:\WINDOWS\Runservice.exe -> [2010/07/18 21:30:50 | 000,002,560 | ---- | M] ()
(SeaPort) SeaPort [Auto | Running] -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation)
[Driver Services - Safe List]
(aswSnx) aswSnx [File_System | System | Running] -> C:\WINDOWS\System32\drivers\aswSnx.sys -> [2011/04/18 18:17:46 | 000,441,176 | ---- | M] (AVAST Software)
(aswSP) aswSP [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\aswSP.sys -> [2011/04/18 18:17:34 | 000,307,288 | ---- | M] (AVAST Software)
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\aswTdi.sys -> [2011/04/18 18:16:18 | 000,049,240 | ---- | M] (AVAST Software)
(aswMon2) aswMon2 [File_System | Auto | Running] -> C:\WINDOWS\System32\drivers\aswmon2.sys -> [2011/04/18 18:16:06 | 000,102,488 | ---- | M] (AVAST Software)
(aswRdr) aswRdr [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\aswRdr.sys -> [2011/04/18 18:13:21 | 000,025,432 | ---- | M] (AVAST Software)
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\aavmker4.sys -> [2011/04/18 18:13:02 | 000,030,680 | ---- | M] (AVAST Software)
(aswFsBlk) aswFsBlk [File_System | Auto | Running] -> C:\WINDOWS\System32\drivers\aswFsBlk.sys -> [2011/04/18 18:12:58 | 000,019,544 | ---- | M] (AVAST Software)
(fssfltr) fssfltr [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -> [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation)
(gameenum) Game Port Enumerator [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\gameenum.sys -> [2008/04/14 06:51:44 | 000,010,624 | ---- | M] (Microsoft Corporation)
(StarOpen) StarOpen [File_System | System | Running] -> C:\WINDOWS\System32\drivers\StarOpen.sys -> [2006/07/24 16:05:00 | 000,005,632 | ---- | M] ()
(ss_mdm) SAMSUNG Mobile USB Modem 1.0 Drivers [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ss_mdm.sys -> [2005/08/30 18:59:00 | 000,094,000 | ---- | M] (MCCI)
(ss_mdfl) SAMSUNG Mobile USB Modem 1.0 Filter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ss_mdfl.sys -> [2005/08/30 18:58:56 | 000,008,304 | ---- | M] (MCCI)
(ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ss_bus.sys -> [2005/08/30 18:57:18 | 000,058,320 | ---- | M] (MCCI)
(ssm_mdm) SAMSUNG Mobile USB Modem II 1.0 Drivers [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ssm_mdm.sys -> [2005/08/30 02:49:38 | 000,094,000 | ---- | M] (MCCI)
(ssm_mdfl) SAMSUNG Mobile USB Modem II 1.0 Filter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ssm_mdfl.sys -> [2005/08/30 02:49:34 | 000,008,336 | ---- | M] (MCCI)
(ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ssm_bus.sys -> [2005/08/30 02:47:38 | 000,058,320 | ---- | M] (MCCI)
(SISNIC) SiS PCI Fast Ethernet Adapter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\sisnic.sys -> [2004/08/03 22:31:36 | 000,032,768 | ---- | M] (SiS Corporation)
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ati2mtag.sys -> [2004/08/03 22:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.)
(alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\alcan5wn.sys -> [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON)
(alcaudsl) SpeedTouch ADSL Modem ATM Transport [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\alcaudsl.sys -> [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON)
(cmpci) C-Media PCI Audio Driver (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\cmaudio.sys -> [2001/10/30 13:01:50 | 000,280,782 | ---- | M] (C-Media Inc)
-
Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.mytalktalk.co.uk ->
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com/ie ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\__aswSnx private storage\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\] > -> ->
HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\: Main\\"Start Page" -> http://www.mytalktalk.co.uk ->
HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\: Main\\"Start Page Redirect Cache" -> http://uk.msn.com/?ocid=iehp ->
HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-gb ->
HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> AC 2C CD CF 9E 6A CA 01 [binary data] ->
HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\: URLSearchHooks\\"{00000000-6E41-4FD3-8538-502F5495E5FC}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [UrlSearchHook Class] -> [2011/02/01 19:17:24 | 001,487,240 | ---- | M] (Ask)
HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\: "ProxyEnable" -> 0 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\{B339B6F2-77FD-4E58-B2A4-BAC1C8536C95} -> C:\Documents and Settings\Liam\Local Settings\Application Data\{B339B6F2-77FD-4E58-B2A4-BAC1C8536C95} [C:\DOCUMENTS AND SETTINGS\LIAM\LOCAL SETTINGS\APPLICATION DATA\{B339B6F2-77FD-4E58-B2A4-BAC1C8536C95}] -> [2011/05/02 17:49:40 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{053530DC-6E55-4935-A879-42149E9D9AF2} -> C:\Documents and Settings\Diane\Local Settings\Application Data\{053530DC-6E55-4935-A879-42149E9D9AF2} [C:\DOCUMENTS AND SETTINGS\DIANE\LOCAL SETTINGS\APPLICATION DATA\{053530DC-6E55-4935-A879-42149E9D9AF2}] -> [2011/05/03 08:39:20 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
< HOSTS File > ([2011/05/03 18:28:18 | 000,000,698 | ---- | M] - 19 lines) -> C:\WINDOWS\system32\drivers\etc\HOSTS ->
Reset Hosts
-
27.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{0974BA1E-64EC-11DE-B2A5-E43756D89593} [HKLM] -> [MediaBar] -> File not found
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Search Helper] -> [2010/05/14 11:00:26 | 000,191,792 | ---- | M] (Microsoft Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre6\bin\ssv.dll [SSVHelper Class] -> [2010/06/29 16:14:30 | 000,321,312 | ---- | M] (Sun Microsystems, Inc.)
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [avast! WebRep] -> [2011/04/18 18:25:08 | 000,818,280 | ---- | M] (AVAST Software)
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} [HKLM] -> [Skype Plug-In] -> File not found
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll [Google Toolbar Notifier BHO] -> [2011/04/26 21:48:03 | 001,007,160 | ---- | M] (Google Inc.)
{D4027C7F-154A-4066-A1AD-4243D8127440} [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Support.com Toolbar] -> [2011/02/01 19:17:24 | 001,487,240 | ---- | M] (Ask)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}" [HKLM] -> [MediaBar] -> File not found
"{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [avast! WebRep] -> [2011/04/18 18:25:08 | 000,818,280 | ---- | M] (AVAST Software)
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Support.com Toolbar] -> [2011/02/01 19:17:24 | 001,487,240 | ---- | M] (Ask)
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Support.com Toolbar] -> [2011/02/01 19:17:24 | 001,487,240 | ---- | M] (Ask)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Support.com Toolbar] -> [2011/02/01 19:17:24 | 001,487,240 | ---- | M] (Ask)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\] > -> HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Support.com Toolbar] -> [2011/02/01 19:17:24 | 001,487,240 | ---- | M] (Ask)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"avast" -> C:\Program Files\AVAST Software\Avast\avastUI.exe ["C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui] -> [2011/04/18 18:25:12 | 003,460,784 | ---- | M] (AVAST Software)
"C-Media Mixer" -> C:\WINDOWS\mixer.exe [Mixer.exe /startup] -> [2001/10/22 10:24:28 | 001,216,512 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw))
"SM_IAN" -> [C:\Program Files\AdvancedCleaner Free\ian_monitor.exe] -> File not found
"SpeedTouch USB Diagnostics" -> C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe ["C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon] -> [2004/01/26 11:38:38 | 000,866,816 | ---- | M] (THOMSON Telecom Belgium)
"SunJavaUpdateSched" -> ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> File not found
"TalkTalk" -> C:\Program Files\TalkTalk\bin\sprtcmd.exe ["C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk] -> [2005/08/16 00:12:02 | 000,192,512 | ---- | M] (SupportSoft, Inc.)
"UADC_4215311620" -> ["C:\Program Files\AdvancedCleaner Free\UADCcw.exe" -c] -> File not found
"UADC_534121639" -> ["C:\Program Files\AdvancedCleaner Free\UADCcw.exe" -c] -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< Charlotte Startup Folder > -> C:\Documents and Settings\Charlotte\Start Menu\Programs\Startup ->
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Diane Startup Folder > -> C:\Documents and Settings\Diane\Start Menu\Programs\Startup ->
< Liam Startup Folder > -> C:\Documents and Settings\Liam\Start Menu\Programs\Startup
-
CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003] > -> HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Windows &Live Favorites -> [http://favorites.live.com/quickadd.aspx] -> File not found
Google Sidewiki... -> C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html] -> [2011/04/26 20:54:18 | 001,967,792 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Windows &Live Favorites -> [http://favorites.live.com/quickadd.aspx] -> File not found
Google Sidewiki... -> C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html] -> [2011/04/26 20:54:18 | 001,967,792 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\] > -> HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Windows &Live Favorites -> [http://favorites.live.com/quickadd.aspx] -> File not found
Google Sidewiki... -> C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html] -> [2011/04/26 20:54:18 | 001,967,792 | ---- | M] (Google Inc.)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_20.dll [Menu: Sun Java Console] -> [2010/04/12 17:29:21 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> [Button: Skype Plug-In] -> File not found
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> [Menu: Skype Plug-In] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Pr
-
Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\__aswSnx private storage\] > -> HKEY_USERS\__aswSnx private storage\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\__aswSnx private storage\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\__aswSnx private storage\] > -> HKEY_USERS\__aswSnx private storage\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\__aswSnx private storage\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\] > -> HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\] > -> HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab [Facebook Photo Uploader 5 Control] ->
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] ->
{5C051655-FCD5-4969-9182-770EA5AA5565} [HKLM] -> http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab [Solitaire Showdown Class] ->
{5D6F45B3-9043-443D-A792-115447494D24} [HKLM] -> http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab [UnoCtrl Class] ->
{8100D56A-5661-482C-BEE8-AFECE305D968} [HKLM] -> http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab [Facebook Photo Uploader 5 Control] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} [HKLM] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab [MessengerStatsClient Class] ->
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] ->
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} [HKLM] -> http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab [Minesweeper Flags Class] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.1.1 ->
-
STOP!
-
Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{CBBA2003-F830-4722-94CA-0C4CF69B8798}\\DhcpNameServer -> 192.168.1.1 (SiS 900-Based PCI Fast Ethernet Adapter) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" -> [C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare] -> File not found
"C:\Program Files\MSN Messenger\livecall.exe" -> [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> File not found
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" -> [C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare] -> File not found
"C:\Program Files\LimeWire\LimeWire.exe" -> [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> File not found
"C:\Program Files\MSN Messenger\livecall.exe" -> [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> File not found
"C:\Program Files\NetMeeting\conf.exe" -> C:\Program Files\NetMeeting\conf.exe [C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®] -> [2008/04/14 06:42:16 | 001,032,192 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\rtcshare.exe" -> C:\WINDOWS\System32\rtcshare.exe [C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing] -> [2008/04/14 06:42:34 | 000,077,312 | ---- | M] (Microsoft Corporation)
"D:\FrostWire\FrostWire.exe" -> D:\FrostWire\FrostWire.exe [D:\FrostWire\FrostWire.exe:*:Enabled:FrostWire] -> [2010/11/20 05:50:52 | 000,114,688 | ---- | M] (FrostWire Group)
"D:\LimeWire\LimeWire.exe" -> [D:\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> File not found
"D:\Winmx\WinMX.exe" -> [D:\Winmx\WinMX.exe:*:Enabled:WinMX Application] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [System32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2007/10/24 13:36:34 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
-
Please send as attachement.
Save the log file to disk and then attach with "Additional Options" please.
-
how do i save to disc
-
The log file is opened in notepad, isn't it? Just click on "File", "Save".
-
not sure if this has worked
-
has it or should i do something else
-
No, did not work. File empty.
Try again.
-
Let's try something else:
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
(http://public.avast.com/~gmerek/aswMBR1.png)
On completion of the scan click save log, save it to your desktop and post in your next reply
(http://public.avast.com/~gmerek/aswMBR2.png)
-
hope this works
-
did that work
-
yes. wait a moment please...
-
Okay,
run aswMBR again, click scan and then click the "Fix" Button after the scan is complete.
-
Would you like a copy of this Thomas ?
Re-Run aswMBR
Click Scan
On completion of the scan
Click the Fix Button
(http://public.avast.com/~gmerek/aswMBR3.png)
Save the log as before and post in your next reply
-
essex!
I was about to call on you earlier, but did not find you in the online list! :D
I might need some help...
-
I will send the canned via PM ;D
-
My computer has frozen
-
Press Ctrl+Alt+Del and restart via task manager, if that don't work then restart it by pressing the "Power Off" Button for ~4 sec.
-
ok im back what do i do now
-
Run aswMBR, start a scan and post the log, please.
-
here goes
-
have to go to work in 10 mins if we not finished will it be safe to leave until tomorrow
-
You're getting faster... ;D
This is looking good to me.
Do some testing. Pop ups gone?
-
have to go to work in 10 mins if we not finished will it be safe to leave until tomorrow
We are almost there... I think we are done.
Do some tests.
-
what kind of tests
-
what kind of tests
Basically, do whatever it was that you were doing before when you were experiencing problems. check to see if said problems are gone.
-
Well, whatever you did that made the pop ups occur.
You can use the pc now. We will meet tomorrow here again, okay?
Just some last looks at it, but I think you are fine now. ;D
-
Hi Diane,
I presume your computer is running okay without pop-ups but anyway we will now do some scanning to see if any miscreant leftovers have to be removed.
Run OTS (http://oldtimer.geekstogo.com/OTS.exe) by double-clicking on it. (We downloaded the program already yesterday)
- Select All Users
- Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
- Now close all other programs running (including browser).
- Click the Run Scan button. Do not use the PC while the scan is running as the computer might freeze.
- When the scan is complete Notepad will open automatically with the log file loaded in it. Save the log file to disk by clicking "File" -> "Save" and name it "OTSlog". Make sure that it is saved as "ANSI". (See screenshot)
- Please attach the log in your next post.
- I will review the log and come back later with ( I hope final) instructions, but this may take a while since I am at work now and can fully analyze the file only after I get home this afternoon. So please be patient, anyhow it is safe for you to use your PC.
;D
You should open Avast, Maintenance tab, and click on "Update Program" to ensure your Avast is fully up to date.
Please come back here this evening.
Cheers
Zyndstoff
-
problem seems to be fixed you are a genius thank you very much.do you know how i got these infections when i was using avast and also how do i stop my computer from getting infected again
-
problem seems to be fixed you are a genius thank you very much.do you know how i got these infections when i was using avast and also how do i stop my computer from getting infected again
Ha ha ha... no, I'm no genius.
Please do the scan I advised in the post above and post the log, we'll have to do some cleaning up for sure.
To your question: even if you use Avast (or any other AV btw) you will never be 100% protected. Malware authors are very quick in slightly altering their crap - so every AV has it's moments of vulnerability.
To avoid infection: use your brains when surfing. Don't click on buttons, links or ads that are promising something too tempting to believe or to be true. Do not open unasked for attachements in your emails just like this - make sure that the sender really knew what he was sending, even if it was a known friend.
Also p2p file exchange is a great source of malware (Bearshare, Limewire and the like), not to mention sites that "offer" cracks, hacks and porn.
You can increase protection if you are willing to invest $ 24,95 for a lifetime licence of MBAM Pro (http://www.malwarebytes.org/products/malwarebytes_pro). Unlike MBAM free, the Pro version will be a resident scanner when you start the PC and protect you from lots of stuff that may get by Avast.
Also it is always a good decision to have one windows user account with admin rights (only to use when software must be installed or anything else needs to be done that requires admin rights) and to have all other user accounts as "restricted" and do all daily stuff with this restricted account. This enables working / surfing / playing, but it prevents malware that is caught on this particular account to tamper with the system.
-
hope this works .i am not available tonight so will speak to you tomorrow
-
Wonderful.
I'll look at it and we do the cleaning tomorrow!
Have fun. ;D
-
Hi Diane.
Start OTS and copy the code below to where it says Paste fix here (make sure you copy all of the code in the box below, the last line reads [Create Restore Point]) and then click the Run Fix button.
[Unregister Dlls]
[Registry - Safe List]
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
YY -> HKLM\software\mozilla\Firefox\Extensions\\{B339B6F2-77FD-4E58-B2A4-BAC1C8536C95} -> C:\Documents and Settings\Liam\Local Settings\Application Data\{B339B6F2-77FD-4E58-B2A4-BAC1C8536C95} [C:\DOCUMENTS AND SETTINGS\LIAM\LOCAL SETTINGS\APPLICATION DATA\{B339B6F2-77FD-4E58-B2A4-BAC1C8536C95}]
YY -> HKLM\software\mozilla\Firefox\Extensions\\{053530DC-6E55-4935-A879-42149E9D9AF2} -> C:\Documents and Settings\Diane\Local Settings\Application Data\{053530DC-6E55-4935-A879-42149E9D9AF2} [C:\DOCUMENTS AND SETTINGS\DIANE\LOCAL SETTINGS\APPLICATION DATA\{053530DC-6E55-4935-A879-42149E9D9AF2}]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{0974BA1E-64EC-11DE-B2A5-E43756D89593}" [HKLM] -> [MediaBar]
YN -> "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "SM_IAN" -> [C:\Program Files\AdvancedCleaner Free\ian_monitor.exe]
YN -> "SunJavaUpdateSched" -> ["C:\Program Files\Java\jre6\bin\jusched.exe"]
YN -> "UADC_4215311620" -> ["C:\Program Files\AdvancedCleaner Free\UADCcw.exe" -c]
YN -> "UADC_534121639" -> ["C:\Program Files\AdvancedCleaner Free\UADCcw.exe" -c]
[Files/Folders - Created Within 30 Days]
NY -> spupdwxp3.dll -> C:\WINDOWS\System32\spupdwxp3.dll
[Files/Folders - Modified Within 30 Days]
NY -> ufdvrw.sys -> C:\WINDOWS\System32\drivers\ufdvrw.sys
NY -> qtpwsuji.sys -> C:\WINDOWS\System32\drivers\qtpwsuji.sys
NY -> Nliqilojihume.bin -> C:\WINDOWS\Nliqilojihume.bin
NY -> Odotejidedu.dat -> C:\WINDOWS\Odotejidedu.dat
NY -> 5it12s5a.dat -> C:\Documents and Settings\All Users\Application Data\5it12s5a.dat
NY -> spupdwxp3.dll -> C:\WINDOWS\System32\spupdwxp3.dll
[Files - No Company Name]
NY -> ufdvrw.sys -> C:\WINDOWS\System32\drivers\ufdvrw.sys
NY -> qtpwsuji.sys -> C:\WINDOWS\System32\drivers\qtpwsuji.sys
NY -> Odotejidedu.dat -> C:\WINDOWS\Odotejidedu.dat
NY -> Nliqilojihume.bin -> C:\WINDOWS\Nliqilojihume.bin
NY -> 5it12s5a.dat -> C:\Documents and Settings\All Users\Application Data\5it12s5a.dat
NY -> Oeiipkf.job -> C:\WINDOWS\tasks\Oeiipkf.job
[File - Lop Check]
NY -> Install.job -> C:\WINDOWS\Tasks\Install.job
NY -> Oeiipkf.job -> C:\WINDOWS\Tasks\Oeiipkf.job
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Save the log (make sure ANSI is selected) and attach the log file to your next post.
I will look at the information when it is posted.
-
hope this is right
-
Perfect.
:D
Just to be sure: please run MBAM once more: update it via Update-tab and run a quick scan and post the log.
But I think we have succeeded.
-
here goes
-
Again: Perfect.
Start OTS. Copy the bold text below into the panel where it says Paste fix here and then click the Run Fix button.
[Empty Temp Folders]
[EmptyFlash]
[ClearAllRestorePoints]
Run OTS once more and hit the cleanup button.
It will remove all the programmes we have used plus itself.
Finally, go to your first post and click modify in the upper right corner of that post and add [SOLVED] at the front of your thread title.
Thank you
-
thank you very much
-
It was my pleasure.
Safe surfin' ;)
Zyndstoff