Solved Win7 Toshiba Virus Problems Found

August 19, 2014 at 17:57:31
Specs: Window 7
I've run Malwarebytes (found problem), ESET (found issue), Unhide, AdwCleaner (found issues) and RogueKiller (won't complete and prompts for kernalmode issues). I'll post all results below.

message edited by Bangkokindy


See More: Win7 Toshiba Virus Problems Found

Report •


✔ Best Answer
August 20, 2014 at 04:13:50
OTL logs look good.

Just a bit of cleaning up to do.

Have posted the Wise cleaning instructions again, just in case you need them.

RunTFC
http://www.geekstogo.com/forum/file...
http://www.bleepingcomputer.com/dow...
http://oldtimer.geekstogo.com/TFC.exe
http://www.itxassociates.com/OT-Too...
Please double-click TFC.exe to run it. Note: If you are running on Vista/Windows 7/8, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Run both of these, in this order.

Run Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/download...
http://i.imgur.com/Jecnfvb.gif
http://i.imgur.com/0xHwdom.gif
http://i.imgur.com/JZLYOLf.gif
http://i.imgur.com/4kfaeGW.gif

Run Wise Registry Cleaner ( Only use Registry Cleaner & with default settings. Don't use System Tuneup, that is for Experts, you really have to know what you are doing ) Reboot when finished.
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/wiseregi...
http://i.imgur.com/Qy7HWcA.gif



#1
August 19, 2014 at 17:59:00
BTW JohnW (if you pick this up), I've had issues before and you've been a great help.

RogueKiller:

RogueKiller V9.2.8.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/rog...
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Indy [Admin rights]
Mode : Scan -- Date : 08/20/2014 07:49:35

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{609ACF50-E3B0-461A-9229-6E4316964023} | DhcpNameServer : 44.0.0.253 44.0.0.3 44.0.0.4 8.8.8.8 -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{609ACF50-E3B0-461A-9229-6E4316964023} | DhcpNameServer : 44.0.0.253 44.0.0.3 44.0.0.4 8.8.8.8 -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{609ACF50-E3B0-461A-9229-6E4316964023} | DhcpNameServer : 44.0.0.253 44.0.0.3 44.0.0.4 8.8.8.8 -> FOUND
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redi... -> FOUND
[PUM.HomePage] HKEY_USERS\S-1-5-21-165395240-540117260-740471157-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/ -> FOUND
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redi... -> FOUND
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redi... -> FOUND
[PUM.SearchPage] HKEY_USERS\S-1-5-21-165395240-540117260-740471157-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redi... -> FOUND
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redi... -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 2 ¤¤¤
[C:\windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\windows\System32\drivers\etc\hosts] 127.0.0.1 activate.adobe.com

¤¤¤ Antirootkit : 2 (Driver: LOADED) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP2T0L0-2 : \Driver\tdcmdpst @ Unknown (\SystemRoot\system32\DRIVERS\Rt86win7.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\CdRom0 : \Driver\GEARAspiWDM @ Unknown (\SystemRoot\system32\DRIVERS\tdcmdpst.sys)

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 976omnfo.default : user_pref("browser.startup.homepage", "google.com"); -> FOUND

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9320325AS ATA Device +++++
--- User ---
[MBR] 614046c0c6081d43eb4887f31ca0d874
[BSP] e58067dc9dfe83a00a047cdc68f4fff3 : HP MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 295636 MB
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 608536576 | Size: 8108 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_06242014_101650.log - RKreport_DEL_06242014_102657.log - RKreport_DEL_06242014_104313.log - RKreport_DEL_06242014_120550.log
RKreport_DEL_06242014_121656.log - RKreport_DEL_07022014_083135.log - RKreport_SCN_06242014_093501.log - RKreport_SCN_06242014_095538.log
RKreport_SCN_06242014_101548.log - RKreport_SCN_06242014_101645.log - RKreport_SCN_06242014_102400.log - RKreport_SCN_06242014_102747.log
RKreport_SCN_06242014_104017.log - RKreport_SCN_06242014_114959.log - RKreport_SCN_06242014_115449.log - RKreport_SCN_06242014_120324.log
RKreport_SCN_06242014_121449.log - RKreport_SCN_07022014_081935.log - RKreport_SCN_07022014_114239.log - RKreport_SCN_08202014_073426.log


Report •

#2
August 19, 2014 at 18:01:23
I should note that I run a VPN SpotFlux almost constantly and MalwareBytes found the virus within an installation file from SpotFlux. SpotFlux was NOT running during these scans with the exception of the services from the program that run in the background constantly.

Unhide:

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/for...

Program started at: 08/20/2014 06:56:51 AM
Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 259685 files processed.

Processing the M:\ drive
Finished processing the M:\ drive. 9042 files processed.

The C:\Users\Indy\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/for...

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.

Program finished at: 08/20/2014 07:04:04 AM
Execution time: 0 hours(s), 7 minute(s), and 13 seconds(s)



Report •

#3
August 19, 2014 at 18:05:09
AdwCleaner:

# AdwCleaner v3.307 - Report created 20/08/2014 at 07:16:21
# Updated 17/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Indy - INDYSHIBA
# Running from : C:\Users\Indy\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\windows\system32\GroupPolicy\Machine\Registry.pol

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Indy\AppData\Roaming\Mozilla\Firefox\Profiles\976omnfo.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Indy\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1107 octets] - [20/08/2014 07:11:08]
AdwCleaner[S0].txt - [1033 octets] - [20/08/2014 07:16:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1093 octets] ##########


Report •

Related Solutions

#4
August 19, 2014 at 18:06:44
Malwarebytes:

<?xml version="1.0" encoding="UTF-16"?>

-<mbam-log>


-<header>

<date>2014/08/20 04:13:23 +0700</date>

<logfile>mbam-log-2014-08-20 (04-12-10).xml</logfile>

<isadmin>yes</isadmin>

</header>


-<engine>

<version>2.00.2.1012</version>

<malware-database>v2014.08.19.10</malware-database>

<rootkit-database>v2014.08.16.01</rootkit-database>

<license>free</license>

<file-protection>disabled</file-protection>

<web-protection>disabled</web-protection>

<self-protection>disabled</self-protection>

</engine>


-<system>

<osversion>Windows 7 Service Pack 1</osversion>

<arch>x86</arch>

<username>Indy</username>

<filesys>NTFS</filesys>

</system>


-<summary>

<type>threat</type>

<result>completed</result>

<objects>312270</objects>

<time>1266</time>

<processes>0</processes>

<modules>0</modules>

<keys>0</keys>

<values>0</values>

<datas>0</datas>

<folders>0</folders>

<files>1</files>

<sectors>0</sectors>

</summary>


-<options>

<memory>enabled</memory>

<startup>enabled</startup>

<filesystem>enabled</filesystem>

<archives>enabled</archives>

<rootkits>enabled</rootkits>

<deeprootkit>disabled</deeprootkit>

<heuristics>enabled</heuristics>

<pup>warn</pup>

<pum>enabled</pum>

</options>


-<items>


-<file>

<path>C:\Users\Indy\Downloads\spotflux-3.0.0-118.exe</path>

<vendor>PUP.Optional.OpenCandy.A</vendor>

<action>success</action>

<hash>b2956c5b7efd2412366154ee699727d9</hash>

</file>

</items>

</mbam-log>


Report •

#5
August 19, 2014 at 18:11:55
ESET #1:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=13695
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-04-25 05:06:38
# local_time=2013-04-26 12:06:38 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 30035 13381020 0 0
# compatibility_mode=5893 16776574 100 94 2929954 118540789 0 0
# scanned=105881
# found=1
# cleaned=1
# scan_time=6517
sh=868492D9D85623296822F01CCE6D5FA68D5E4443 ft=1 fh=923a72f4e0fb597d vn="a variant of Win32/Hao123.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Indy\Downloads\setup.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=13699
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-04-26 01:04:50
# local_time=2013-04-26 08:04:50 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 26824 13409712 0 0
# compatibility_mode=5893 16776574 100 94 2958646 118569481 0 0
# scanned=105424
# found=0
# cleaned=0
# scan_time=6231
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=13713
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-04-28 02:11:31
# local_time=2013-04-28 09:11:31 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 22093 13629713 0 0
# compatibility_mode=5893 16776574 100 94 3178647 118789482 0 0
# scanned=108069
# found=2
# cleaned=2
# scan_time=7370


Report •

#6
August 19, 2014 at 18:12:39
ESET #2:

sh=468DE5D77ACB5C81065B05852C3C3FA3CB5F69E9 ft=1 fh=b49088e24536a2a6 vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Indy\Downloads\KeyFinderInstaller.exe"
sh=ED7FBFBC0B644CA1BAB5A70FB8C0D3B0733DCB9B ft=1 fh=fe534b1e8ca575ff vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="C:\VTRoot\HarddiskVolume2\Users\Indy\AppData\Local\Temp\is-EE7GI.tmp\OCSetupHlp.dll"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=13715
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-04-29 03:23:11
# local_time=2013-04-29 10:23:11 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 0 13677213 0 0
# compatibility_mode=5893 16776574 100 94 3226147 118836982 0 0
# scanned=19
# found=0
# cleaned=0
# scan_time=0
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=13715
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-04-29 06:44:19
# local_time=2013-04-29 01:44:19 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 0 13689281 0 0
# compatibility_mode=5893 16776574 100 94 3238215 118849050 0 0
# scanned=106124
# found=0
# cleaned=0
# scan_time=3715
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=13715
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-04-29 08:13:59
# local_time=2013-04-29 03:13:59 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 0 13694661 0 0
# compatibility_mode=5893 16776574 100 94 3243595 118854430 0 0
# scanned=106136
# found=0
# cleaned=0
# scan_time=3626
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=13743
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-05-02 09:37:13
# local_time=2013-05-03 04:37:13 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 0 14002055 0 0
# compatibility_mode=5893 16776574 100 94 3550989 119161824 0 0
# scanned=104212
# found=0
# cleaned=0
# scan_time=6116
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=13823
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-05-14 06:38:07
# local_time=2013-05-14 01:38:07 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 0 14984909 0 0
# compatibility_mode=5893 16776574 100 94 4533843 120144678 0 0
# scanned=182341
# found=2
# cleaned=1
# scan_time=11685
sh=9E3624911C97E9BEE6B16CEA9BFF0739DCD3F3A3 ft=1 fh=27668b19bdf9a05a vn="a variant of Win32/Keygen.BH application" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{7044D1A5-2A5F-4334-8928-90584AC6E1B3}"
sh=9E3624911C97E9BEE6B16CEA9BFF0739DCD3F3A3 ft=1 fh=27668b19bdf9a05a vn="a variant of Win32/Keygen.BH application (cleaned by deleting - quarantined)" ac=C fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{7044D1A5-2A5F-4334-8928-90584AC6E1B3}"
ESETSmartInstaller@High as downloader log:
all ok


Report •

#7
August 19, 2014 at 18:13:16
ESET #3:

# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=13933
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-05-28 10:12:15
# local_time=2013-05-28 05:12:15 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 0 16207357 0 0
# compatibility_mode=5893 16776574 100 94 5756291 121367126 0 0
# scanned=179981
# found=0
# cleaned=0
# scan_time=13054
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=14067
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-06-13 08:54:34
# local_time=2013-06-14 03:54:34 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 22049 17628296 0 0
# compatibility_mode=5893 16776574 100 94 7177230 122788065 0 0
# scanned=184863
# found=0
# cleaned=0
# scan_time=10166
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=15652
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-10-27 05:04:17
# local_time=2013-10-28 12:04:17 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 0 21425101 0 0
# compatibility_mode=5893 16776574 100 94 4863916 134524648 0 0
# scanned=208171
# found=1
# cleaned=1
# scan_time=12635
sh=34FB13B8E40C47E8CBE6B2E784A2F34D6E557173 ft=1 fh=06b7d218bd23a67b vn="a variant of Win32/Bunndle application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Indy\AppData\Roaming\.spotflux\updates\dist\install.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=16262
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-12-13 10:42:32
# local_time=2013-12-14 05:42:32 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 37895 25506196 0 0
# compatibility_mode=5893 16776574 100 94 8945011 138605743 0 0
# scanned=208784
# found=2
# cleaned=2
# scan_time=15247
sh=6525F85F423A8ACB9DE261FCE7C1BFDCAF0651EC ft=1 fh=e751b5239200023c vn="Win32/Bundled.Toolbar.Google.D application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Indy\Downloads\ccsetup404.exe"
sh=0AF4DFDA2A73CB03661D99B48E4CD8138FBD7C8A ft=1 fh=970fdf5557fe4452 vn="a variant of Win32/Bunndle application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Indy\Downloads\spotflux-2.9.12-preview.exe"
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=16271
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-12-14 08:33:34
# local_time=2013-12-15 03:33:34 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 25416 25584858 0 0
# compatibility_mode=5893 16776574 100 94 9023673 138684405 0 0
# scanned=208839
# found=0
# cleaned=0
# scan_time=16140
ESETSmartInstaller@High as downloader log:
Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=16328
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-12-19 07:58:08
# local_time=2013-12-20 02:58:08 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 0 26014732 0 0
# compatibility_mode=5893 16776574 100 94 9453547 139114279 0 0
# scanned=212020
# found=0
# cleaned=0
# scan_time=23606
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=16442
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-12-30 12:39:32
# local_time=2013-12-30 07:39:32 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 18091 26895616 0 0
# compatibility_mode=5893 16776574 100 94 10334431 139995163 0 0
# scanned=88142
# found=0
# cleaned=0
# scan_time=8611
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=16442
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-12-30 06:45:45
# local_time=2013-12-30 01:45:45 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 0 26917589 0 0
# compatibility_mode=5893 16776574 100 94 10356404 140017136 0 0
# scanned=211435
# found=0
# cleaned=0
# scan_time=7562
ESETSmartInstaller@High as downloader log:
all ok


Report •

#8
August 19, 2014 at 18:13:56
ESET #4:

# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=17901
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-04-15 11:19:12
# local_time=2014-04-16 06:19:12 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 35342 36135596 0 0
# compatibility_mode=5893 16776574 100 94 19574411 149235143 0 0
# scanned=228543
# found=16
# cleaned=16
# scan_time=6640
sh=6BABC7490140E695A8035DF4A246A5B929410784 ft=1 fh=61884bf72039249e vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe.vir"
sh=CBAB120A71D05DE269C4BBCDFD06C59DE2E3066D ft=1 fh=bb01aad6d40db984 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir"
sh=6BABC7490140E695A8035DF4A246A5B929410784 ft=1 fh=61884bf72039249e vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\SPCV7\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe.vir"
sh=FACE9BBA1FF3E1F5D7CB5348A709DFB5BAC4842D ft=1 fh=3db04141f70fec2e vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\SPCV7\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll.vir"
sh=FD5513165EBDDECDCA4F5066D3602E983AB47CD1 ft=1 fh=4f94c437fb297e13 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\SPCV7\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe.vir"
sh=E332F0E0C5A4584933D5B7AB17AC733554539F2F ft=1 fh=3c3d3ee0308ac16c vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\SPCV7\Source\program files\AskPartnerNetwork\Toolbar\SO.dll.vir"
sh=474B13B580579BE423D76FA539728B26836C46EE ft=1 fh=f602f19539c8c5ae vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\SPCV7\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll.vir"
sh=6954360B0A4960A236AB6C925B5D97083AFECF1D ft=1 fh=89a7c9a802708b09 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\SPCV7\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe.vir"
sh=EE96AAC85BE787DB991AD619D69D4E812D99801E ft=1 fh=fd62fe862833977b vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\SPCV7\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll.vir"
sh=CBAB120A71D05DE269C4BBCDFD06C59DE2E3066D ft=1 fh=bb01aad6d40db984 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\SPCV7\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir"
sh=3EFA3170090965C4934DBC5BA529C38717004123 ft=1 fh=a69d77468276b8b0 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\SPCV7\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe.vir"
sh=CFF22BA59E295DD0ACE520069E60619D42AB69AD ft=1 fh=eebadf33cfcd409d vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\SPCV7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll.vir"
sh=3EFA3170090965C4934DBC5BA529C38717004123 ft=1 fh=a69d77468276b8b0 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe.vir"
sh=6525F85F423A8ACB9DE261FCE7C1BFDCAF0651EC ft=1 fh=e751b5239200023c vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Indy\Downloads\ccsetup404.exe"
sh=C662A89E2318810A6012EF702A9C39F6E0AC3B36 ft=1 fh=e8789dd77b481b56 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Indy\Downloads\ccsetup411.exe"
sh=E1B02137CD4BF12C430D92211A0B617158BC2AB7 ft=1 fh=8bd297c0ebb45e4f vn="a variant of Win32/Bunndle potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Indy\Downloads\spotflux-latestPC.exe"
ESETSmartInstaller@High as downloader log:
Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=17910
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-04-16 12:52:27
# local_time=2014-04-16 07:52:27 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 12766 36184391 0 0
# compatibility_mode=5893 16776574 100 94 19623206 149283938 0 0
# scanned=104567
# found=0
# cleaned=0
# scan_time=4819
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=17910
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-04-16 02:59:57
# local_time=2014-04-16 09:59:57 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 20416 36192041 0 0
# compatibility_mode=5893 16776574 100 94 19630856 149291588 0 0
# scanned=223836
# found=0
# cleaned=0
# scan_time=7256
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=18417
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-26 07:49:30
# local_time=2014-05-27 02:49:30 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 33 84 18354 35107812 0 0
# compatibility_mode=5893 16776574 100 94 23104229 152764961 0 0
# scanned=236042
# found=0
# cleaned=0
# scan_time=16710
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=18495
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-01 04:21:17
# local_time=2014-06-01 11:21:17 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 23566936 153227668 0 0
# scanned=236275
# found=0
# cleaned=0
# scan_time=16449
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=18810
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-21 06:27:41
# local_time=2014-06-21 01:27:41 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 25302520 154963252 0 0
# scanned=225071
# found=1
# cleaned=1
# scan_time=10970
sh=19876B0C21073CE7AC4725124851FC36B7EA7301 ft=1 fh=31b372839de59c7b vn="a variant of Win32/CNETInstaller.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Indy\Downloads\cbsidlm-cbsi188-WinToFlash-ORG-10974471.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=18831
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-23 09:11:58
# local_time=2014-06-23 04:11:58 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 25485177 155145909 0 0
# scanned=241555
# found=0
# cleaned=0
# scan_time=16638
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=18977
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-02 06:40:32
# local_time=2014-07-02 01:40:32 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 26253691 155914423 0 0
# scanned=215863
# found=0
# cleaned=0
# scan_time=6363
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=19736
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-19 11:47:07
# local_time=2014-08-20 06:47:07 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='COMODO Antivirus'
# compatibility_mode=3081 16777213 100 100 10678640 42466069 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 30462486 160123218 0 0
# scanned=233308
# found=1
# cleaned=1
# scan_time=7078
sh=D12F2B7B95F3EB52E57E5E034F4315F4716670FF ft=1 fh=fa0e3acfd523f7f9 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Indy\Downloads\ccsetup415.exe"


Report •

#9
August 19, 2014 at 18:21:33
Just realized ESET justs tacks the new scans to a running log. Didn't realize that. I should have just posted just the last piece. Sorry.

Report •

#10
August 19, 2014 at 21:50:23
" JohnW (if you pick this up"
yep, remember you Bangkokindy. back in April.

You are probably in bed now, I'm here.
http://www.timeanddate.com/worldclo...

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/


Report •

#11
August 19, 2014 at 22:39:40
"Just realized ESET justs tacks the new scans to a running log"
Even then, it doesn't seem right.

ESET #4:
# utc_time=2014-04-15 11:19:12
# local_time=2014-04-16 06:19:12 (+0700, SE Asia Standard Time)


Report •

#12
August 20, 2014 at 00:40:38
ESET - You have to scroll down to the bottom of that one and it will show the august date that I just ran.

http://www61.zippyshare.com/v/35567...

http://www62.zippyshare.com/v/67879...


Report •

#13
August 20, 2014 at 01:45:33
"ESET - You have to scroll down to the bottom of that one and it will show the august date that I just ran"
Sorry, because you mentioned it was there, I looked real hard & used search & still didn't pick up the august date.

Copy & Paste the text below ( starting > AlternateDataStreams: ), save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

AlternateDataStreams: C:\ProgramData\TEMP:93C2F41D
Duplicate Cleaner Free 3.2.4 (HKLM\...\Duplicate Cleaner Free) (Version: 3.2.4 - DigitalVolcano Software Ltd) <==== ATTENTION
SearchScopes: HKLM - {0EF3D5EE-B833-43EC-8265-E0B5C71D50AB} URL = http://www.google.com/search?source...
SearchScopes: HKCU - {0EF3D5EE-B833-43EC-8265-E0B5C71D50AB} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\pdf.dll No File
C:\Users\Indy\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Web Player\npdivx32.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
CHR Plugin: (Google Update) - C:\Users\Indy\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Indy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
C:\Users\Indy\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
C:\Users\Public\SlingPlayer-2.0.4-Setup.exe
R2 SpotfluxConnectionManager; C:\Program Files\Spotflux\services\SpotfluxConnectionManager.exe [93184 2014-07-11] (Microsoft) [File not signed]
R2 SpotfluxUpdateService; C:\Program Files\Spotflux\services\SpotfluxUpdateService.exe [20992 2014-07-11] (Microsoft) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R0 Achernar; C:\windows\System32\Drivers\Achernar.sys [18432 2007-02-05] (NewSoft Technology Corporation) [File not signed]
S3 CoachUsb; C:\windows\System32\DRIVERS\CoachUsb.sys [50368 2007-06-27] (FotoNation Inc.) [File not signed]
S3 CoachVid; C:\windows\System32\DRIVERS\CoachVid.sys [45344 2007-06-27] (FotoNation Inc.) [File not signed]


Report •

#14
August 20, 2014 at 02:14:01
ESET... I copied and pasted:

# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=19736
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-19 11:47:07
# local_time=2014-08-20 06:47:07 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='COMODO Antivirus'
# compatibility_mode=3081 16777213 100 100 10678640 42466069 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 30462486 160123218 0 0
# scanned=233308
# found=1
# cleaned=1
# scan_time=7078
sh=D12F2B7B95F3EB52E57E5E034F4315F4716670FF ft=1 fh=fa0e3acfd523f7f9 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Indy\Downloads\ccsetup415.exe"


Report •

#15
August 20, 2014 at 02:56:46
Something went wrong. I restarted and the computer said it could not start windows. I attempted startup repair, but it failed. I'm now attempting a restore from 8/19. It has been working on that for a while...

Report •

#16
August 20, 2014 at 03:24:40
Since the farbar program had not been closed yet, I just pasted the info provided and created the notepad file. Then clicked fix. Should I have closed the program and reopened it again? Or does that matter? Still waiting on restore.

Report •

#17
August 20, 2014 at 03:34:24
"Then clicked fix"
As long as the Notepad file was on the Desktop, which is where the Farbar file is, that was correct.

Report •

#18
August 20, 2014 at 03:41:26
Other than the computer being a little slower on its first restart, it seems to be operating fine. However, I somehow didn't save the file like I thought I had. Strange. Should I re-do? I've created the file in notepad and confirmed it is on the desktop.

message edited by Bangkokindy


Report •

#19
August 20, 2014 at 03:44:42
"Should I re-do?"
No.

Let me have a look at the OTL logs please.

Download OTL, save & run from your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://oldtimer.geekstogo.com/OTL.exe
http://www.itxassociates.com/OT-Too...
Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)
1: When the window appears, underneath Output at the top, make sure Standard output is selected.
2: Select Scan all users
3: Change Drivers to All
4: Under the Extra Registry section, check Use SafeList
5: In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
6: Click Run Scan and let the program run uninterrupted.
Screenshots ( SS ) of 1 - 6
http://i.imgur.com/rvTDUlL.gif
When the scan is complete, two text files will be created on your Desktop
OTL.Txt <- this one will be opened
Extras.txt <- this one will be minimized

The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/


Report •

#20
Report •

#21
August 20, 2014 at 04:13:50
✔ Best Answer
OTL logs look good.

Just a bit of cleaning up to do.

Have posted the Wise cleaning instructions again, just in case you need them.

RunTFC
http://www.geekstogo.com/forum/file...
http://www.bleepingcomputer.com/dow...
http://oldtimer.geekstogo.com/TFC.exe
http://www.itxassociates.com/OT-Too...
Please double-click TFC.exe to run it. Note: If you are running on Vista/Windows 7/8, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Run both of these, in this order.

Run Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/download...
http://i.imgur.com/Jecnfvb.gif
http://i.imgur.com/0xHwdom.gif
http://i.imgur.com/JZLYOLf.gif
http://i.imgur.com/4kfaeGW.gif

Run Wise Registry Cleaner ( Only use Registry Cleaner & with default settings. Don't use System Tuneup, that is for Experts, you really have to know what you are doing ) Reboot when finished.
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/wiseregi...
http://i.imgur.com/Qy7HWcA.gif


Report •

#22
August 20, 2014 at 04:17:54
Ok will do. Anything else or all good for now?

Report •

#23
August 20, 2014 at 04:20:54
Tell me if you have your speed back & nothing unusual going on after doing the above. We still can run stronger tools if needed.

Report •

#24
August 20, 2014 at 04:58:30
It seems to be working normally now. I am downloading the Comodo virus signatures. I think some of those were lost due to the restore.

Report •

#25
August 20, 2014 at 05:03:06
"It seems to be working normally now"
Ok.

Report •

#26
August 20, 2014 at 05:23:15
Yep, thanks again for your help! Enjoy your evening.

Report •


Ask Question