Solved 1 site blocked sears.com all of a sudden

February 22, 2014 at 09:59:13
Specs: Windows 7
All of a sudden I get a call from sears.com, about a purchase I didn't make!! I said cancel it, and I canceled my c/c but sears.com, I can't get into it get's rejected with firefox, or error 403 on IE

See More: 1 site blocked sears.com all of a sudden

Report •

✔ Best Answer
March 1, 2014 at 07:15:50
Just 2 issues left Jim. We got rid of 8 others that ZHPDiag identified.

1. Close all applications

2. Select and copy all of the text below.

Script ZHPFix
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\mkdganzr.default-1393085853367\prefs.js (.not file.)

3. ZHPDiag created a short cut on your desktop called ZHPFix, launch ZHPFix (For Windows 7 click right to run as admin. Answer yes if you get an enquiry as to whether you want to run it or not.

4. Click on the the Import button and the lines will automatically paste themselves.

5. Click on the Go button to clean.

6. Confirm by clicking OK.

7. ZHPFix will ask if you wish to empty the bin, click on your choice...it may take time.

8. A report will appear on your desktop and on C:\ZHP\ZHPFix[R1].txt which you can copy and paste into your reply.

message edited by Johnw



#1
February 22, 2014 at 12:41:52
You are infected.

Download OTL, save & run from your Desktop.
http://oldtimer.geekstogo.com/OTL.exe
Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)
1: When the window appears, underneath Output at the top, make sure Standard output is selected.
2: Select Scan all users
3: Change Drivers to All
4: Under the Extra Registry section, check Use SafeList
5: In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
6: Click Run Scan and let the program run uninterrupted.
Screenshots ( SS ) of 1 - 6
http://i.imgur.com/rvTDUlL.gif
When the scan is complete, two text files will be created on your Desktop
OTL.Txt <- this one will be opened
Extras.txt <- this one will be minimized

Upload the logs using this. I upload to Imgur.com for images & load.to for files ( neither need an account ) Give us the links please.
Image Uploader
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://zenden.ws/imageuploader_ru
How to use for files.
http://i.imgur.com/FhtnM6c.gif
http://i.imgur.com/yBtjlpb.gif
http://i.imgur.com/txFkgpT.gif


Report •

#2
February 22, 2014 at 15:46:55
I have Mcafee, I ran a full scan, nothing showed, so infected by what???

Report •

#3
February 22, 2014 at 18:02:52
"I ran a full scan"
Once you are infected with todays malware, your AV cannot help you, special programs are needed.

"so infected by what???"
No idea at this stage, trillions out there, that is why I need the OTL logs.


Report •

Related Solutions

#4
February 23, 2014 at 05:06:23
sent the logs Sat evening.

Thanks for all the help!!


Report •

#5
February 23, 2014 at 13:48:53
"sent the logs Sat evening"
Need the links.

Free file sharing sites come & go, if Imgur.com & load.to are too busy ( or not working ) here are others to try.
free file upload no account needed
http://is.gd/ije9W6
http://www.filedropper.com/index.php
http://www.wikisend.com/
https://www.speedyshare.com/
https://www.sendspace.com/
http://www.megafileupload.com/


Report •

#6
February 23, 2014 at 14:53:53

Report •

#7
February 23, 2014 at 16:10:14
Whew, that's by far the biggest OTL log I have ever seen.

We need to clean your comp step by step.

Run both of these, in this order.

1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
How to download from Softpedia
http://i.imgur.com/BWELEfV.gif
http://i.imgur.com/4luY3rU.gif
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Please download AdwCleaner by Xplode onto your Desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
How to download from Softpedia
http://i.imgur.com/qO92huz.gif
http://i.imgur.com/qzTUYkX.gif
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool to your Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#8
February 23, 2014 at 16:56:12
# AdwCleaner v3.019 - Report created 23/02/2014 at 19:50:06
# Updated 17/02/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : User - HP
# Running from : C:\Users\User\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[x] Not Deleted : hlnfd

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard
Folder Deleted : C:\Program Files (x86)\BrowserSafeguard
Folder Deleted : C:\Program Files (x86)\Kozaka
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files (x86)\optimizer pro
Folder Deleted : C:\Users\User\AppData\Local\BrowserSafeguard
Folder Deleted : C:\Users\User\AppData\Local\genienext
Folder Deleted : C:\Users\User\AppData\Local\Mobogenie
Folder Deleted : C:\Users\User\AppData\LocalLow\Inbox Toolbar
Folder Deleted : C:\Users\User\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\User\AppData\Roaming\goforfiles
Folder Deleted : C:\Users\User\AppData\Roaming\newnext.me
Folder Deleted : C:\Users\User\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\User\Documents\Mobogenie
Folder Deleted : C:\Users\User\Documents\optimizer pro
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8i7kc2ot.default-1391621471204\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
File Deleted : C:\END
File Deleted : C:\Users\User\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8i7kc2ot.default-1391621471204\searchplugins\conduit-search.xml
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8i7kc2ot.default-1391621471204\user.js
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\mkdganzr.default-1393085853367\user.js
File Deleted : C:\WINDOWS\System32\Tasks\GoforFilesUpdate
File Deleted : C:\WINDOWS\System32\Tasks\LaunchApp

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [gethighlightly@gethighlightly.com]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\caphyon
Key Deleted : HKLM\Software\GoforFiles
Key Deleted : HKLM\Software\ParetoLogic

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8i7kc2ot.default-1391621471204\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Conduit Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Conduit Search");

-\\ Google Chrome v33.0.1750.117

[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6035 octets] - [23/02/2014 19:49:05]
AdwCleaner[S0].txt - [5479 octets] - [23/02/2014 19:50:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5539 octets] ##########


Report •

#9
February 23, 2014 at 17:06:59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8.1 x64
Ran by User on Sun 02/23/2014 at 19:57:51.32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browsersafeguard

~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{94ABB986-B9B9-48EF-8863-F360491B5C7F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{94ABB986-B9B9-48EF-8863-F360491B5C7F}

~~~ Files

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{4420A863-AB84-4E8B-959A-2301A16F127E}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{A620482F-B725-44D4-A57D-CA1AA560CD69}

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/23/2014 at 20:05:05.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

#10
February 23, 2014 at 17:08:41
another question, if I may ask, I'm running a wired/wireless, my laptop is wireless, but when I do a restart, network doesn't connect, but if I shut down and restart, then it connects, any ideas as to the problem??

Report •

#11
February 23, 2014 at 17:40:49
"another question, if I may ask, I'm running a wired/wireless, my laptop is wireless, but when I do a restart, network doesn't connect, but if I shut down and restart, then it connects, any ideas as to the problem??"

Has it always been that way?

Regardless, I shall finish the clean up first. Always a good basis for fixing other problems.


Report •

#12
February 23, 2014 at 17:41:32
1: Download & run Unhide
http://www.bleepingcomputer.com/for...
http://download.bleepingcomputer.co...
To run Unhide, simply download it to your Desktop and then double-click on the Unhide icon. The program will open a black box and start making the files on your fixed disks visible again. Please note, that this program will not unhide removable drives like flash cards and usb drives as the FakeHDD rogues do not target these types of drives. Once it has finished, the program will display a Windows alert stating that your files have been restored. You should then reboot your computer for all of the settings to go into effect.
When Unhide is complete, it will create a logfile on the Windows Desktop called Unhide.txt.
Copy & Paste the contents of the log in your next post please. Let me know if it doesn't produce a log.

2: Reboot

3: Run Malwarebytes' Anti-Malware ( MBAM ) Free Version. Use Quick scan. Copy and Paste the contents of the log please. Note how to avoid the trial period.
If you can't find the log, do a search for malwarebytes or look in here.
C:\Users\Pete\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
Replace Pete with the User's name.
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://i.imgur.com/3DtG68Y.gif
http://www.malwarebytes.org/mbam.php
Make sure you Uncheck > Enable free trial at the End of the install.
http://i.imgur.com/tUFCbYz.gif
If your MBAM log indicates "No action taken". That's usually a result of NOT clicking the Remove Selected button after the scan.
Quick Scan versus Full Scan
http://forums.malwarebytes.org/inde...


Report •

#13
February 24, 2014 at 06:15:19
Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/for...

Program started at: 02/24/2014 09:05:51 AM
Windows Version: Windows 8

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 264212 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 340 files processed.

Processing the F:\ drive
Finished processing the F:\ drive. 47618 files processed.

The C:\Users\User\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/for...

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
* NoRun policy was found and deleted!
* NoActiveDesktopChanges policy was found and deleted!
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

Program finished at: 02/24/2014 09:10:46 AM
Execution time: 0 hours(s), 4 minute(s), and 54 seconds(s)


Report •

#14
February 24, 2014 at 06:38:13
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.24.04

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16518
User :: HP [administrator]

2/24/2014 9:19:18 AM
mbam-log-2014-02-24 (09-19-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223690
Time elapsed: 8 minute(s), 53 second(s)

Memory Processes Detected: 2
C:\Program Files (x86)\FindRight\updateFindRight.exe (PUP.Optional.FindRight.A) -> 1900 -> Delete on reboot.
C:\Program Files (x86)\FindRight\bin\utilFindRight.exe (PUP.Optional.FindRight.A) -> 1068 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 17
HKLM\SYSTEM\CurrentControlSet\Services\Update FindRight (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Util FindRight (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{2c774641-5504-46a8-b63f-6715ae3fe376} (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{c638abe2-47da-4351-b170-e6a673d25ca3} (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
HKCR\Interface\{4CCADDA1-60AD-48AA-97C2-FA892D2499FB} (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C774641-5504-46A8-B63F-6715AE3FE376} (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{e1578e0c-7554-4980-a160-d0f4f7d8af47} (PUP.Optional.PursuePoint.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{8a849661-dfec-4c8f-acf6-5dea14abdab3} (PUP.Optional.PursuePoint.A) -> Quarantined and deleted successfully.
HKCR\Interface\{3C34D780-67A3-4E14-9001-5D9E4CE42F48} (PUP.Optional.PursuePoint.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1578E0C-7554-4980-A160-D0F4F7D8AF47} (PUP.Optional.PursuePoint.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E1578E0C-7554-4980-A160-D0F4F7D8AF47} (PUP.Optional.PursuePoint.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E1578E0C-7554-4980-A160-D0F4F7D8AF47} (PUP.Optional.PursuePoint.A) -> Quarantined and deleted successfully.
HKCU\Software\FindRight (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Highlightly (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\BROWSERSAFEGUARD (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\HLNFD (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKLM\Software\FindRight (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKLM\SOFTWARE\Browsersafeguard|sourceid (PUP.Optional.BrowserSafeGuard.A) -> Data: 1_di_sk_g_s_us_win8pt1_ff_0_0000-0000 -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\hlnfd|DisplayName (PUP.Optional.Highlightly) -> Data: hlnfd -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Program Files (x86)\FindRight (PUP.Optional.FindRight.A) -> Delete on reboot.
C:\Program Files (x86)\FindRight\bin (PUP.Optional.FindRight.A) -> Delete on reboot.
C:\Program Files (x86)\FindRight\bin\plugins (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Roaming\1H1Q\Aff Packages (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.

Files Detected: 56
C:\Program Files (x86)\FindRight\updateFindRight.exe (PUP.Optional.FindRight.A) -> Delete on reboot.
C:\Program Files (x86)\FindRight\bin\utilFindRight.exe (PUP.Optional.FindRight.A) -> Delete on reboot.
C:\Program Files (x86)\FindRight\FindRightBHO.dll (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-3680880587-3030169955-2048887066-1001\$RS1JBS4.exe (PUP.Optional.OptimumInstaller.A) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\nsaEDF9.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\nsb2243.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\nsd3595.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\nseEB0A.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\nsjBD52.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\nsk20B4.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\nsk528C.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\nsl54FE.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\nslE63.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\nsm10D5.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\nsn2542.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\nspC07F.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\nsu9D42.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\nsw23B3.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\nsxBAA1.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\nsy435E.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\nszB25.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\toolbar1554009437.exe (PUP.Optional.Kozaka.A) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\uninstall1554296359.exe (PUP.Optional.GoForFiles.A) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\is1242154493\60503784_stp\FindRightSetup.exe (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\nsb9D64\SpSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\nsnC30E\SpSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\User\Downloads\Happy_Birthday_Certificate.PDF_downloader(1).exe (PUP.Optional.GoForFiles.A) -> Quarantined and deleted successfully.
C:\Users\User\Downloads\Happy_Birthday_Certificate.PDF_downloader.exe (PUP.Optional.GoForFiles.A) -> Quarantined and deleted successfully.
C:\Users\User\Downloads\Skype_Setup.exe (PUP.Optional.OptimumInstaller.A) -> Quarantined and deleted successfully.
C:\Users\User\Downloads\TVSetup.exe (PUP.Optional.ToolBarInstaller.A) -> Quarantined and deleted successfully.
C:\Users\User\Downloads\Updater_Setup.exe (PUP.Optional.OptimumInstaller.A) -> Quarantined and deleted successfully.
C:\Users\User\Local Settings\Temporary Internet Files\IE\8FOJXW0N\Setup[1].exe (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Users\User\Local Settings\Temporary Internet Files\IE\GMOJ8250\sp-downloader[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\User\Local Settings\Temporary Internet Files\IE\GMOJ8250\spstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\User\Local Settings\Temporary Internet Files\IE\JMFTW4XG\Setup[1].exe (PUP.Optional.PursuePoint.A) -> Quarantined and deleted successfully.
C:\Users\User\Local Settings\Temporary Internet Files\IE\JMFTW4XG\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\User\Local Settings\Temporary Internet Files\IE\V9OS2Y3L\OptimizerPro[1].exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Users\User\Local Settings\Temporary Internet Files\IE\V9OS2Y3L\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\User\Local Settings\Temporary Internet Files\IE\VPF9CHVI\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\User\Local Settings\Temporary Internet Files\IE\VZ97GTJY\Setup[1].exe (PUP.Optional.Kozaka.A) -> Quarantined and deleted successfully.
C:\Users\User\Local Settings\Temporary Internet Files\IE\VZ97GTJY\SPIdentifierImpl[1].exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FindRight\FindRight.ico (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FindRight\0 (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FindRight\7za.exe (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FindRight\FindRightUninstall.exe (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FindRight\updateFindRight.InstallState (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FindRight\bin\FindRight.BrowserFilter.Helper.dll (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FindRight\bin\FindRight.BrowserFilter.Helper.dll.old.7aac9f59-1bb3-4977-93a2-5fd222bd9875 (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FindRight\bin\FindRightBrowserFilter.exe (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FindRight\bin\sqlite3.dll (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FindRight\bin\utilFindRight.InstallState (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FindRight\bin\plugins\FindRight.BrowserFilter.dll (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FindRight\bin\plugins\FindRight.BrowserFilterG.dll (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FindRight\bin\plugins\FindRight.FFUpdate.dll (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FindRight\bin\plugins\FindRight.IEUpdate.dll (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Roaming\1H1Q\Aff Packages\uninstaller.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.

(end)


Report •

#15
February 24, 2014 at 14:36:19
"Memory Processes Detected: 2
C:\Program Files (x86)\FindRight\updateFindRight.exe (PUP.Optional.FindRight.A) -> 1900 -> Delete on reboot.
C:\Program Files (x86)\FindRight\bin\utilFindRight.exe (PUP.Optional.FindRight.A) -> 1068 -> Delete on reboot"

Just to make sure, you have rebooted haven't you?


Report •

#16
February 24, 2014 at 14:38:38
Please download Rkill from any one of these links and save it to your Desktop. Copy & Paste the contents of the log in your reply.
http://www.technibble.com/rkill-rep...
Rkill.com
http://download.bleepingcomputer.co...
Rkill.scr
http://download.bleepingcomputer.co...
Rkill.pif
http://download.bleepingcomputer.co...
Now double click on Rkill to run it. If the first one doesn't work try the next one.
This will help remove certain processes and should restore any file associations and your desktop. Note: Your system is still infected as Rkill does not delete files - it merely helps to temporarily disable the infections, allowing us to start the cleansing process.
Do NOT reboot your machine. Each time you reboot, Rkill is disabled and you would have to run it again in order for it to be effective.

Run TDSSKiller. Copy & Paste the contents of the log in your next post please.
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://usa.kaspersky.com/downloads/...
http://support.kaspersky.com/faq/?q...
http://support.kaspersky.com/viruse...
Anti-rootkit utility TDSSKiller
http://support.kaspersky.com/faq/?q...
If TDSS doesn't run, use FixTDSS
http://www.symantec.com/content/en/...
Download FixTDSS and save it to your Desktop.
Double click on the FixTDSS.exe icon to run it.
Click the "I Accept" button, then the "Proceed" button to begin
The tool will restart your computer automatically - click OK to allow it to do so
The tool will begin it's scan on reboot > click "run" to begin
It will report if an infected MBR is found > click the "repair" button
If you do not specify a full pathname, TDSSKiller will save the log in the same folder that the executable resides in.


Report •

#17
February 24, 2014 at 14:52:55
John, I've rebooted several times, I re ran malware, and nothing found 2nd time..

Jonn, thanks so much for all your help. Wow I see you are one smart guy!!! :-)

message edited by diamondman


Report •

#18
February 24, 2014 at 15:05:39
Error 413, file too large, so now what?

Zip it?


Report •

#19
February 24, 2014 at 15:12:24
"John, I've rebooted several times, I re ran malware, and nothing found 2nd time.."
Nice work diamondman.

Report •

#20
February 24, 2014 at 15:14:16
"Error 413, file too large, so now what?"
Break it up into pieces & post 3 or 4 pieces, whatever it takes.

Report •

#21
February 24, 2014 at 15:22:05
how about image uploader???

and TDSS Fix Tool 2.13

MBR Check Failed. Error c0000bb
no inf found..


Report •

#22
February 24, 2014 at 15:24:05
rkill.txt sent via image uploader.. if that doesn't work, I can break it into parts.

Report •

#23
February 24, 2014 at 15:25:37
Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/for...

Program started at: 02/24/2014 05:54:04 PM in x64 mode.
Windows Version: Windows 8.1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Active Proxy Server Detected

* Proxy Disabled.
* ProxyOverride value deleted.
* ProxyServer value deleted.
* AutoConfigURL value deleted.
* Proxy settings were backed up to Registry file.

Checking Registry for malware related settings:

* No issues found in the Registry.

Backup Registry file created at:
C:\Users\User\Desktop\rkill\rkill-02-24-2014-05-54-11.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* Reparse Point/Junctions Found (These may be legitimate)!

* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\en-us\boxed-correct.avi => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\en-us\boxed-delete.avi => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\en-us\boxed-join.avi => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\en-us\boxed-split.avi => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\en-us\correct.avi => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\en-us\delete.avi => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\en-us\join.avi => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\en-us\split.avi => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\en-us\tabskb.dll.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\en-us\TabTip.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\en-us\TipBand.dll.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\en-us\TipRes.dll.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\en-us\tipresx.dll.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\en-us\TipTsf.dll.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\insert\insertbase.xml => <Unknown Target> [File]


Report •

#24
February 24, 2014 at 15:26:30
641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\insert.xml => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskclearui.xml => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknav\osknavbase.xml => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknav.xml => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files\desktop.ini => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Program Files (x86)\desktop.ini => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\ProgramData\Microsoft\Windows\Start Menu\desktop.ini => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\sources\recovery\en-US\RecEnv.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\sources\recovery\en-US\StartRep.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\sources\recovery\RecEnv.exe => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\sources\recovery\StartRep.exe => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk => <Unknown Target> [File]

Report •

#25
February 24, 2014 at 15:26:32
"how about image uploader???"
Yep, doesn't matter which way I get it.

Report •

#26
February 24, 2014 at 15:27:23
641\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Users\Default\NTUSER.DAT{42b82178-0b2e-11e3-93f4-90b11c2eb9f2}.TM.blf => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Users\Default\NTUSER.DAT{42b82178-0b2e-11e3-93f4-90b11c2eb9f2}.TMContainer00000000000000000001.regtrans-ms => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Users\Default\NTUSER.DAT{42b82178-0b2e-11e3-93f4-90b11c2eb9f2}.TMContainer00000000000000000002.regtrans-ms => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Users\desktop.ini => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Users\Public\Desktop\desktop.ini => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Users\Public\desktop.ini => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Users\Public\Documents\desktop.ini => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Users\Public\Downloads\desktop.ini => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Users\Public\Libraries\desktop.ini => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Users\Public\Libraries\RecordedTV.library-ms => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Users\Public\Music\desktop.ini => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Users\Public\Pictures\desktop.ini => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Users\Public\Videos\desktop.ini => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\apppatch\drvmain.sdb => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\bfsvc.exe => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\DVD\EFI\BCD => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\DVD\EFI\boot.sdi => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\DVD\EFI\en-US\efisys.bin => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\DVD\EFI\en-US\efisys_noprompt.bin => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\DVD\PCAT\BCD => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\DVD\PCAT\boot.sdi => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\DVD\PCAT\en-US\bootfix.bin => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\DVD\PCAT\etfsboot.com => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\bg-BG\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\bg-BG\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\boot.stl => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\bootmgfw.efi => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\bootmgr.efi => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\cs-CZ\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\cs-CZ\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\cs-CZ\memtest.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\da-DK\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\da-DK\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\da-DK\memtest.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\de-DE\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\de-DE\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\de-DE\memtest.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\el-GR\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\el-GR\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\el-GR\memtest.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\en-GB\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\en-GB\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\en-US\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\en-US\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\en-US\memtest.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\es-ES\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\es-ES\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\es-ES\memtest.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\et-EE\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\et-EE\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\fi-FI\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\fi-FI\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\fi-FI\memtest.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\fr-FR\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\fr-FR\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\fr-FR\memtest.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\hr-HR\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\hr-HR\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\hu-HU\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\hu-HU\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\hu-HU\memtest.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\it-IT\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\it-IT\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\it-IT\memtest.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\ja-JP\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\ja-JP\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\ja-JP\memtest.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\ko-KR\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\ko-KR\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\ko-KR\memtest.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\lt-LT\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\lt-LT\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\lv-LV\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\lv-LV\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\memtest.efi => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\nb-NO\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\nb-NO\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\nb-NO\memtest.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\nl-NL\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\nl-NL\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\nl-NL\memtest.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\pl-PL\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\pl-PL\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\pl-PL\memtest.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\pt-BR\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\pt-BR\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\pt-BR\memtest.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\pt-PT\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\pt-PT\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\pt-PT\memtest.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\qps-ploc\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\qps-ploc\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\qps-ploc\memtest.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\ro-RO\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\ro-RO\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\ru-RU\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\ru-RU\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\ru-RU\memtest.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\sk-SK\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\sk-SK\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\sl-SI\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\sl-SI\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\sr-Latn-CS\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\sr-Latn-CS\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\sr-Latn-RS\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\sr-Latn-RS\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\sv-SE\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\sv-SE\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\sv-SE\memtest.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\tr-TR\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\tr-TR\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\tr-TR\memtest.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\uk-UA\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\uk-UA\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\zh-CN\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\zh-CN\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\zh-CN\memtest.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\zh-HK\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\zh-HK\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\zh-HK\memtest.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\zh-TW\bootmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\zh-TW\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\EFI\zh-TW\memtest.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\Fonts\segmono_boot.ttf => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\Fonts\segoen_slboot.ttf => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\Fonts\segoe_slboot.ttf => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\Fonts\wgl4_boot.ttf => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PCAT\bootmgr => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PCAT\bootnxt => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PCAT\cs-CZ\memtest.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PCAT\da-DK\memtest.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PCAT\de-DE\memtest.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PCAT\el-GR\memtest.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PCAT\en-US\bootmgr.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PCAT\en-US\memtest.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PCAT\es-ES\memtest.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PCAT\fi-FI\memtest.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PCAT\fr-FR\memtest.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PCAT\hu-HU\memtest.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PCAT\it-IT\memtest.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PCAT\ja-JP\memtest.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PCAT\ko-KR\memtest.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PCAT\memtest.exe => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PCAT\nb-NO\memtest.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PCAT\nl-NL\memtest.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PCAT\pl-PL\memtest.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PCAT\pt-BR\memtest.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PCAT\pt-PT\memtest.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PCAT\qps-ploc\memtest.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PCAT\ru-RU\memtest.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PCAT\sv-SE\memtest.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PCAT\tr-TR\memtest.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PCAT\zh-CN\memtest.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PCAT\zh-HK\memtest.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PCAT\zh-TW\memtest.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PXE\abortpxe.com => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PXE\bg-BG\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PXE\bg-BG\bootmgr.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PXE\bootmgr.exe => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PXE\cs-CZ\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PXE\cs-CZ\bootmgr.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PXE\cs-CZ\wdsmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PXE\da-DK\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PXE\da-DK\bootmgr.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PXE\da-DK\wdsmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PXE\de-DE\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PXE\de-DE\bootmgr.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PXE\de-DE\wdsmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PXE\el-GR\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PXE\el-GR\bootmgr.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PXE\el-GR\wdsmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PXE\en-GB\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PXE\en-GB\bootmgr.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PXE\en-US\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PXE\en-US\bootmgr.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PXE\en-US\wdsmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PXE\es-ES\bootmgr.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PXE\es-ES\bootmgr.exe.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PXE\es-ES\wdsmgfw.efi.mui => <Unknown Target> [File]
* C:\WINDOWS\Temp\49eec914-4263-4c71-9a60-cd05f5dbb641\Windows\Boot\PXE\et-EE\bootmgr.efi.mui => <Unknown Target> [File]

Report •

#27
February 24, 2014 at 15:40:26
ok, sent via image uploader, hope you get it, was trying copy & paste, but too much.. sorry about all of that..

Report •

#28
February 24, 2014 at 15:49:54
"ok, sent via image uploader, hope you get it, was trying copy & paste, but too much.. sorry about all of that.."
Need the links.

Report •

#29
February 24, 2014 at 16:15:01
John,

Hopefully,

This will work:

http://depositfiles.com/files/9xn7k...


Report •

#30
February 24, 2014 at 16:35:44
"Hopefully,

This will work:"
Yep, got it, like everything with computers, care was needed, they wanted me to download stuff I did not want.

Now waiting on the TDSSKiller log.


Report •

#31
February 24, 2014 at 16:48:44
Tdds came back with error, as I mentioned..

TDSS Fix Tool 2.13

MBR Check Failed. Error c0000bb
no inf found..


Report •

#32
February 24, 2014 at 16:56:27
Ok, didn't understand that message. Name didn't tie in with the download name.

Try the download from here.

You did right click & Run as Administrator?

http://support.kaspersky.com/downlo...


Report •

#33
February 25, 2014 at 05:23:32

John.

Here's the link for tddskiller txt file

[url=http://www61.zippyshare.com/v/90993000/file.html]tdsskiller.txt[/url]


Report •

#34
February 25, 2014 at 05:56:28
"Here's the link for tddskiller txt file"
Got it, Zippy worked well this end.

Are you still online?

I was just about to go to bed, will stay up if you are available..


Report •

#35
February 25, 2014 at 06:26:29
Looks like you are not available, off to bed for me.

I'm now going to start a clean up process. Report on what happens for each step please.

Run Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/download...
http://i.imgur.com/Jecnfvb.gif
http://i.imgur.com/0xHwdom.gif
http://i.imgur.com/JZLYOLf.gif
http://i.imgur.com/4kfaeGW.gif


Report •

#36
February 25, 2014 at 07:00:58
yes I am only about 10 A.M. here on the East Coast of USA :-)

Report •

#37
February 25, 2014 at 07:22:31
rand the first 2 cleaned up a bunch of files, didn't run the 3rd as I didn't want to remove windows install files..

Report •

#38
February 25, 2014 at 13:46:42
I'm here.
http://www.timeanddate.com/worldclo...

Report •

#39
February 25, 2014 at 13:47:26
RunTFC
http://www.geekstogo.com/forum/file...
http://www.bleepingcomputer.com/dow...
http://oldtimer.geekstogo.com/TFC.exe
http://www.itxassociates.com/OT-Too...
Please double-click TFC.exe to run it. Note: If you are running on Vista/Windows 7/8, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Report •

#40
February 25, 2014 at 13:50:05
Thanks John,

I did find one thing, with Chrome, and IE, it has it default to a proxy, so I turned that off.. wonder if that is part of the problem..

Thanks for all your help!!!


Report •

#41
February 25, 2014 at 14:04:47
"default to a proxy"
Good find, the infection changed that.

Report •

#42
February 25, 2014 at 14:10:43
How to Check Hosts Files, DNS and Proxy Settings for Normal Internet Access after Malware Infection

http://www.dotfab.com/resources/how...


Report •

#43
February 25, 2014 at 14:25:05
After doing the above ( TFC & post #42 )

Download the new version of Junkware Removal Tool, run again & post the log.


Report •

#44
February 25, 2014 at 15:20:18
Emptying Temp folders.


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default.migrated

User: Public

User: User
->Temp folder emptied: 7265456 bytes
->Temporary Internet Files folder emptied: 27471292 bytes
->Java cache emptied: 293000 bytes
->FireFox cache emptied: 112277090 bytes
->Google Chrome cache emptied: 24847307 bytes
->Flash cache emptied: 2657 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes

Report •

#45
February 25, 2014 at 15:39:39
John,

A few hrs ago, I did see that IE & Chrome had been set for a proxy, I turned them off, so now I wonder if all is okay.

Thanks for everything!!!

Jim


Report •

#46
February 25, 2014 at 15:46:45
" I turned them off"
Refer my post #42

"I wonder if all is okay"
Waiting for the new scan log, refer my post #43

message edited by Johnw


Report •

#47
February 25, 2014 at 16:03:41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8.1 x64
Ran by User on Tue 02/25/2014 at 19:05:32.52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/25/2014 at 19:12:57.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8.1 x64
Ran by User on Tue 02/25/2014 at 19:05:32.52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/25/2014 at 19:12:57.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

message edited by diamondman


Report •

#48
February 25, 2014 at 16:14:43
"and junk tool is where???"
Refer post #7

Report •

#49
February 25, 2014 at 16:21:34
did it, log above

Report •

#50
February 25, 2014 at 16:23:56
Jim, I'm pretty sure something is still lurking.

Run ESET Online Scanner, Copy and Paste the contents of the log please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
You may have to download ESET from a good computer, put it on a flash/thumb/pen drive & run it from there, if your comp is unbootable, or won't let you download.
Create a ESET SysRescue CD or USB drive
http://kb.eset.com/esetkb/index?pag...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://kb.eset.com/esetkb/index?pag...
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Which web browsers are compatible with ESET Online Scanner?
http://www.nod32.fi/eset-online-sca...
http://kb.eset.com/esetkb/index?pag...
Online Scanner not working
http://kb.eset.com/esetkb/index?pag...
Why Would I Ever Need an Online Virus Scanner? I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
http://www.eset.com/home/products/o...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the Desktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...


Report •

#51
February 25, 2014 at 17:53:53
thanks John, will do..

Will let you know.. probably be tomorrow sometime..


Report •

#52
February 26, 2014 at 09:42:41
F:\fullbu82713\system backup 82713\1_C.zip a variant of Win32/HiddenStart.A potentially unsafe application
F:\JIM-HP\Backup Set 2013-03-02 102257\Backup Files 2013-03-02 102257\Backup files 142.zip a variant of Win32/PriceGong.A potentially unwanted application
F:\JIM-HP\Backup Set 2013-03-02 102257\Backup Files 2013-03-02 102257\Backup files 20.zip a variant of Win32/Toolbar.Conduit.P potentially unwanted application
F:\JIM-HP\Backup Set 2013-03-02 102257\Backup Files 2013-03-02 102257\Backup files 25.zip Win32/bProtector.E potentially unwanted application
F:\JIM-HP\Backup Set 2013-03-02 102257\Backup Files 2013-03-02 102257\Backup files 31.zip Win32/Adware.Yontoo application
F:\JIM-HP\Backup Set 2013-03-02 102257\Backup Files 2013-03-02 102257\Backup files 39.zip a variant of Win32/Toolbar.Babylon.C potentially unwanted application
F:\JIM-HP\Backup Set 2013-03-02 102257\Backup Files 2013-03-02 102257\Backup files 40.zip a variant of Win32/InstallCore.W potentially unwanted application
F:\JIM-HP\Backup Set 2013-03-02 102257\Backup Files 2013-03-02 102257\Backup files 41.zip a variant of Win32/InstallIQ.A potentially unwanted application
F:\JIM-HP\Backup Set 2013-03-02 102257\Backup Files 2013-03-02 102257\Backup files 42.zip a variant of Win32/Toolbar.Zugo potentially unwanted application
F:\JIM-HP\Backup Set 2013-03-02 102257\Backup Files 2013-03-02 102257\Backup files 43.zip Win32/CasOnline potentially unwanted application
F:\JIM-HP\Backup Set 2013-03-02 102257\Backup Files 2013-03-02 102257\Backup files 44.zip Win32/Toolbar.Conduit.Q potentially unwanted application
F:\JIM-HP\Backup Set 2013-03-02 102257\Backup Files 2013-03-02 102257\Backup files 51.zip a variant of Win32/Toolbar.Conduit.P potentially unwanted application
F:\JIM-HP\Backup Set 2013-03-02 102257\Backup Files 2013-03-02 102257\Backup files 54.zip Win32/Adware.Yontoo application
F:\JIM-HP\Backup Set 2013-03-02 102257\Backup Files 2013-03-02 102257\Backup files 57.zip Win32/Toolbar.Zugo potentially unwanted application
F:\JIM-HP\Backup Set 2013-03-02 102257\Backup Files 2013-03-02 102257\Backup files 58.zip a variant of Win32/CasOnline.F potentially unwanted application
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe a variant of Win32/AdWare.Adpeak.D application cleaned by deleting - quarantined
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe a variant of Win64/Adware.Adpeak.C application cleaned by deleting (after the next restart) - quarantined
C:\Program Files (x86)\SavingsBull\bootstrap.js.old Win32/AdWare.Adpeak.B application cleaned by deleting - quarantined
C:\temp\t.msi Win32/AdWare.Adpeak.B application deleted - quarantined
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0\bootstrap.js Win32/AdWare.Adpeak.B application cleaned by deleting - quarantined
C:\Users\User\Downloads\12-30-13-files.zip Win32/Toolbar.Zugo potentially unwanted application deleted - quarantined
C:\Users\User\Downloads\7zip-setup.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
C:\Users\User\Downloads\AcrobatReaderSetup.exe a variant of Win32/InstallCore.JO potentially unwanted application deleted - quarantined
C:\Users\User\Downloads\cbsidlm-cbsi183-Wise_Disk_Cleaner-BP-10613345.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
C:\Users\User\Downloads\fyzip-setup(1).exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
C:\Users\User\Downloads\fyzip-setup.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
C:\Users\User\Downloads\googlechrome-setup.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
C:\Users\User\Downloads\WinZip180.exe a variant of Win32/OpenInstall potentially unwanted application deleted - quarantined
C:\Users\User\SkyDrive\Documents\12-30-13-files\Desktop\yu2011setupcnet7.3.2011.2.exe Win32/Toolbar.Zugo potentially unwanted application deleted - quarantined
C:\Windows\Installer\31221f5.msi Win32/AdWare.Adpeak.B application deleted - quarantined

Report •

#53
February 26, 2014 at 12:07:49
Download ComboFix to your Desktop & then run. Copy & Paste the contents of the log in your next post please. ComboFix's log should be located at C:\COMBOFIX.TXT.
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"

If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
NOTE: Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE: ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your Desktop.
Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.

Report •

#54
February 26, 2014 at 13:16:22
none of those work with window 8, last one, in spanish, I downloaded, and got this!!

from this website.

Artemis!B8439C47B5C8

message edited by diamondman


Report •

#55
February 26, 2014 at 13:20:13
ComboFix 14.2.24.2

from http://www.bleepingcomputer.com/dow... does not work on windows 8...


Report •

#56
February 26, 2014 at 13:28:01
"none of those work with window 8"
Correct.

Gets hard to stay focused over a long period of time, did remember ( once you jogged my memory ) that your logs contradicted your specs.
"diamondman February 22, 2014 at 09:59:13
Specs: Windows 7"

Run RogueKiller
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
User Guide
http://www.adlice.com/softwares/rog...
Official tutorial
http://www.adlice.com/softwares/rog...
If RogueKiller won't run, open IE & turn off SmartScreen Filter.
http://windows.microsoft.com/en-AU/...
Download & SAVE to your Desktop.
Quit all programs that you may have started.
Shutdown your antivirus to avoid any conflicts.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop.
Exit/Close RogueKiller.
When completed make sure to re-enable your antivirus.



Report •

#57
February 26, 2014 at 15:35:59
RogueKiller V8.8.9 _x64_ [Feb 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/rog...
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Remove -- Date : 02/26/2014 18:34:16
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : PCShowServer (C:\Users\User\AppData\Local\NDS\PCShow\PCShowServerPMWrapper.exe [7]) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : MaxDownloadMgr ("C:\Users\User\AppData\Local\Temp\Stp9938_TMP.EXE" [x]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-3680880587-3030169955-2048887066-1001\[...]\Run : PCShowServer (C:\Users\User\AppData\Local\NDS\PCShow\PCShowServerPMWrapper.exe [7]) -> [0x2] The system cannot find the file specified.
[RUN][SUSP PATH] HKUS\S-1-5-21-3680880587-3030169955-2048887066-1001\[...]\Run : MaxDownloadMgr ("C:\Users\User\AppData\Local\Temp\Stp9938_TMP.EXE" [x]) -> [0x2] The system cannot find the file specified.
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> [0x2] The system cannot find the file specified.
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 9a754a71e6e065a285499164323282f2
[BSP] 8f6ba83e3a4397953ace84dcba87b5ef : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_02262014_183416.txt >>
RKreport[0]_S_02262014_183231.txt


Report •

#58
February 26, 2014 at 15:57:56
Run Junkware Removal Tool again please.

Report •

#59
February 27, 2014 at 05:33:16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8.1 x64
Ran by User on Thu 02/27/2014 at 8:25:05.86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\getrighttogo"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/27/2014 at 8:32:11.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

#60
February 27, 2014 at 13:38:10
Run OTL again please Jim.

Report •

#61
February 27, 2014 at 18:09:28
ok will do John..

Report •

#62
February 27, 2014 at 18:13:43
a bit worried though John, Mcaffe blocked it.. why is that???

http://oldtimer.geekstogo.com/OTL.exe


Report •

#63
February 27, 2014 at 18:36:25
"a bit worried though John, Mcaffe blocked it.. why is that???"
It's an exe Jim, a very big source of nasties, your settings on Mcaffe are reporting a false positive.
Normally you get a small window to allow or give permission, if not you have to go into your settings.

You have used OTL previously.


Report •

#64
February 28, 2014 at 04:56:42
here's the link to the log:

[url=http://depositfiles.com/files/mrg3a6yr9]OTL.Txt[/url]


Report •

#65
February 28, 2014 at 11:21:28
"here's the link to the log"
Thanks Jim.

We are now very, very close to the finish line.

1. Download ZHPDiag from one of these links.
http://en.kioskea.net/download/diag...
http://en.kioskea.net/download/down...
http://telechargement.zebulon.fr/te...
Screenshots ( SS ) How to install.
http://i.imgur.com/bzQcspa.gif
http://i.imgur.com/Hs29C2s.gif
http://i.imgur.com/BTjebOK.gif
http://i.imgur.com/87sQnNO.gif
http://i.imgur.com/z0YGy5b.gif
http://i.imgur.com/lU7mHna.gif
http://i.imgur.com/o0dE8Lz.gif

(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message.)

2. Save the file on your Desktop.

3. Double click on ZHPDiag.exe and follow the installation instructions.

(For Vista and Win 7 users, click right to ensure you execute with admin right)

The tool creates two icons ZHPDiag and ZHPFix.

4. Double click on the short cut ZHPDiag on your Destktop.

5. If you need to change the language, click on the little house, (bottom right) and change to English.

6. Click on the "Configure" button.

7. Click on the Magnifying glass "Default diagnosis with legitimate".

8. Click on "Search" and answer yes if a message appears.

Wait for the tool to finished (maybe a long time) A ZHPDiag log will be on the Desktop.


Report •

#66
February 28, 2014 at 12:40:38
ok, got it to run, here's the log on it:

[url=http://depositfiles.com/files/kmgrgynvz]ZHPDiag.txt[/url]

message edited by diamondman


Report •

#67
February 28, 2014 at 12:52:45
Thanks again John, you've been a GREAT help!!!

I appreciate all your hard work!!!

Wow, never knew I could have such a problem.. I thought I was computer savvy, see I'm not..


Report •

#68
February 28, 2014 at 15:06:49
Jim, we still have proxy being hijacked, I wasn't going to post this until the finish, but best you read it now, so you understand how you got all this stuff.

As you can see from your logs, you had a lot of stuff installed, that you did not know had been installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.
I use Softpedia, down the bottom of the page, they make you aware what Ad-supported programs the author of the program has included.
Sample pages
http://www.softpedia.com/get/CD-DVD...
http://www.softpedia.com/get/Multim...
Users are advised to pay attention while installing this ad-supported application:
· Offers to change the homepage for web browsers installed in the system
· Offers to change the default search engine for web browsers installed in the system
· Offers to install StartNow Toolbar that the program does not require to fully function
SS ( screenshots ) of above
http://i.imgur.com/CSBplyA.gif
http://i.imgur.com/3eWWoXm.gif

WARNING: CNET Download.com downloads now come bundled with opt-out crapware and toolbars ( Same applies to Softonic )
http://dottech.org/23420/cnet-crapw...

Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies.
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://unchecky.com/
How to download from Softpedia
http://i.imgur.com/iZ3Fzmc.gif
http://i.imgur.com/NNgm1rF.gif
A reliable application that aims to protect your computer against third-party components often offered during software installations.


Report •

#69
February 28, 2014 at 15:22:09
After reading my post #68 & installing Unchecky, I want you to run these in the order 1 - 5.

Jim, I use this every day, multi times on every comp I work on.

1: Run Wise Registry Cleaner ( Only use Registry Cleaner & with default settings. Don't use System Tuneup, that is for Experts, you really have to know what you are doing ) Reboot when finished.
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/wiseregi...
http://i.imgur.com/Qy7HWcA.gif

2: Run AdwCleaner again.

3: Run Junkware Removal Tool again.

4: Run Malwarebytes' Anti-Malware ( MBAM ) again.

5: Run ZHPDiag again.

message edited by Johnw


Report •

#70
February 28, 2014 at 15:24:55
Will do John,

And I always use custom, as I don't like the junk being added on me


Report •

#71
February 28, 2014 at 15:49:32
Forgot to remind you.

2: Run AdwCleaner again. ( Make sure it is the latest version.)

3: Run Junkware Removal Tool again. ( Make sure it is the latest version.)

4: Run Malwarebytes' Anti-Malware ( MBAM ) again. ( Update before running )


Report •

#72
March 1, 2014 at 06:03:29
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.24.04

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16518
User :: HP [administrator]

3/1/2014 8:55:52 AM
mbam-log-2014-03-01 (08-55-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217454
Time elapsed: 4 minute(s), 17 second(s)

Memory Processes Detected: 1
C:\Program Files\SavingsbullFilter\SavingsbullFilterService64.exe (PUP.Optional.SavingsBull.A) -> 4872 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKLM\SYSTEM\CurrentControlSet\Services\SavingsbullFilterService64 (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
HKCU\Software\SavingsBull (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\Savings Bull (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\SavingsBull (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SavingsbullFilter (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Program Files\SavingsbullFilter (PUP.Optional.SavingsBull.A) -> Delete on reboot.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0 (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SavingsBull (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.

Files Detected: 27
C:\Users\User\AppData\Local\Temp\NODBD6E.tmp (PUP.Optional.Savingsbull) -> Quarantined and deleted successfully.
C:\Program Files\SavingsbullFilter\sample.dll (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsbullFilter\Installbat64.dll (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsbullFilter\Microsoft.Deployment.WindowsInstaller.dll (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsbullFilter\Microsoft.Deployment.WindowsInstaller.xml (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsbullFilter\nfapi.dll (PUP.Optional.SavingsBull.A) -> Delete on reboot.
C:\Program Files\SavingsbullFilter\nfregdrv.exe (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsbullFilter\ProtocolFilters.dll (PUP.Optional.SavingsBull.A) -> Delete on reboot.
C:\Program Files\SavingsbullFilter\SavingsbullFilterService64.exe (PUP.Optional.SavingsBull.A) -> Delete on reboot.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0\background.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0\icon128.png (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0\icon16.png (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0\icon32.png (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0\icon48.png (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0\icon64.png (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0\icon8.png (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0\manifest.json (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0\marcopolo.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SavingsBull\CustomActionInstall (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SavingsBull\CustomActionUninstall (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SavingsBull\ff_main.js.old (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SavingsBull\IEOptimizer.dll (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SavingsBull\IEOptimizer64.dll (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SavingsBull\Microsoft.Deployment.WindowsInstaller.dll (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SavingsBull\Microsoft.Deployment.WindowsInstaller.xml (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SavingsBull\SendJson.dll (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SavingsBull\uninstaller.exe (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.

(end)


Report •

#73
March 1, 2014 at 06:11:26
I was just about to go to bed Jim, shall stay up now to see the rest of the logs.

Report •

#74
March 1, 2014 at 06:13:38
# AdwCleaner v3.020 - Report created 01/03/2014 at 09:09:58
# Updated 27/02/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : User - HP
# Running from : C:\Users\User\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8i7kc2ot.default-1391621471204\prefs.js ]


-\\ Google Chrome v33.0.1750.117

[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6035 octets] - [23/02/2014 19:49:05]
AdwCleaner[R1].txt - [1696 octets] - [28/02/2014 18:31:12]
AdwCleaner[R2].txt - [1120 octets] - [01/03/2014 09:08:58]
AdwCleaner[S0].txt - [5635 octets] - [23/02/2014 19:50:06]
AdwCleaner[S1].txt - [1783 octets] - [28/02/2014 18:32:07]
AdwCleaner[S2].txt - [1042 octets] - [01/03/2014 09:09:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1102 octets] ##########


Report •

#75
March 1, 2014 at 06:19:20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8.1 x64
Ran by User on Sat 03/01/2014 at 9:14:43.88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{04FB5291-C3D2-401A-B5AC-174930AFACD7}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{0D906A79-BC2F-4BBE-8323-DDA4857982F9}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{2DDBAA68-9DA9-49C9-8B17-D68B08E374F2}

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/01/2014 at 9:18:07.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

#76
March 1, 2014 at 06:24:37
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.24.04

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16518
User :: HP [administrator]

3/1/2014 9:20:09 AM
mbam-log-2014-03-01 (09-20-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217125
Time elapsed: 3 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Report •

#77
March 1, 2014 at 06:30:06
hopefully all is fine now John

Report •

#78
March 1, 2014 at 06:32:42
Looking good Jim, refer my post #69

5: Run ZHPDiag again.


Report •

#79
March 1, 2014 at 06:41:50
ok, will do John

Report •

#80
March 1, 2014 at 06:46:40
~ Report of ZHPDiag v2014.2.23.20 - Nicolas Coolman (2/23/2014)
~ Launched by User (3/1/2014 9:42:06 AM)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps...
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Activate by user


---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.16518
MFIE: Mozilla Firefox 27.0.1 (Defaut)
GCIE: Google Chrome v33.0.1750.117

---\\ Windows product information
~ Langage: Anglais
Windows 8.1, 64-bit (Build 9600)
Windows Server License Manager Script : OK
~ ion: Windows(R) Operating System, OEM_DM channel
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
Malwarebytes Anti-Malware version 1.75.0.1300
ESET Online Scanner v3
McAfee Security Scan Plus v3.8.141.11
Windows Defender W8

---\\ System optimization software

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 51

---\\ Information on the system
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6036.3 MB (64% free)
System Restore: Activé (Enable)
System drive C: has 628 GB (93%) free of 672 GB

---\\ Connection to the system mode
~ Computer Name: HP
~ User Name: User
~ All Users Names: User, Guest, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\User\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\User\AppData\Roaming\
~ %Desktop% : C:\Users\User\Desktop\
~ %Favorites% : C:\Users\User\Favorites\
~ %LocalAppData% : C:\Users\User\AppData\Local\
~ %StartMenu% : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 628 Go of 672 Go)
D: Hard drive, Flash drive, Thumb drive (Free 3 Go of 25 Go)
E: CD-ROM drive (Not Inserted)
F: Hard drive, Flash drive, Thumb drive (Free 894 Go of 1397 Go)

---\\ State of the Windows Security Center
~ Security Center: 49 Legitimates Filtered in 00mn AMs

---\\ Search Generic System Files
[MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Windows Explorer.) (.11/18/2013 - 8:14:17 PM.) -- C:\Windows\Explorer.exe [2328872]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Windows Start-Up Application.) (.8/22/2013 - 4:58:29 AM.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.263B6E451526A90FF8B1CEC759F22956] - (.Microsoft Corporation - Internet Extensions for Win32.) (.2/6/2014 - 4:24:52 AM.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Windows Logon Application.) (.8/22/2013 - 4:55:08 AM.) -- C:\Windows\System32\Winlogon.exe [564736]
[MD5.2F18065618E39AA2E656EE737B71E791] - (.Microsoft Corporation - Software Licensing Library.) (.8/22/2013 - 5:39:40 AM.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.8/22/2013 - 8:25:35 AM.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.8/22/2013 - 7:43:41 AM.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.8/22/2013 - 6:40:15 AM.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.8/22/2013 - 3:46:35 AM.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.8/22/2013 - 6:38:00 AM.) -- C:\Windows\system32\Drivers\DfsC.sys [134656]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.8/22/2013 - 6:38:38 AM.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - i8042 Port Driver.) (.8/22/2013 - 6:39:15 AM.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.11/27/2013 - 7:02:29 AM.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.79B6F3DF7CDFD12159871FF71464F0CE] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.11/23/2013 - 2:08:19 AM.) -- C:\Windows\system32\Drivers\MRxSmb.sys [403456]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.8/22/2013 - 6:37:02 AM.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.4412D565C0278C401575E11072C7DCE3] - (.Microsoft Corporation - NT File System Driver.) (.8/22/2013 - 8:25:41 AM.) -- C:\Windows\system32\Drivers\ntfs.sys [2011488]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Parallel Port Driver.) (.8/22/2013 - 6:40:02 AM.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.8/22/2013 - 6:35:51 AM.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.9/29/2013 - 10:51:06 PM.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.8/22/2013 - 8:25:35 AM.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.9F9CE33B50611A1C61A46B8911E0B30B] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.8/22/2013 - 7:39:15 AM.) -- C:\Windows\system32\Drivers\volsnap.sys [312160]
~ Generic Processes: Scanned in 00mn AMs

---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/14454
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/14
~ Mes Documents (My Documents) : 2/2251
~ Mon Bureau (My Desktop) : 1/252
~ Menu demarrer (Programs) : 1/22
~ Hidden Files: Scanned in 07mn AMs

---\\ Process running
[MD5.7E4AD8220AF0B281274F9785DD53E25C] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [18642024] [PID.4156]
[MD5.43FCAD8DC068E94B170353DAD02A0053] - (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [363520] [PID.4324]
[MD5.B7995C675014EEBE77A0BEB7AFCCFC08] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432] [PID.4356]
[MD5.EBAE9EE13F51F38B57D616CF4A420682] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512] [PID.4380]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.4420]
[MD5.D1C8B0DC04347B6B9B5B3B9204DF6756] - (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904] [PID.4712]
[MD5.B7F55E2AE978D3D34F7876EE5D689AAE] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.4720]
[MD5.724CB7A116F7E1A67009D751BCF86586] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120] [PID.4728]
[MD5.794088182E03569E9D827936EFDC4EBE] - (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe [805280] [PID.1868]
[MD5.D9184C5FF3FD526761D518A95ABA74A3] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.3416]
[MD5.FF409C974A9AD58B82374DEEF6B44CBB] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.3368]
[MD5.0642800E69522E29B93EF4C6BE00D13E] - (.Adobe Systems, Inc. - Adobe Flash Player 12.0 r0.) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe [1863560] [PID.4044]
[MD5.42FEDBCB3ED926F6F529E0FDDF750BE0] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.3588]
~ Processes Running: Scanned in 00mn AMs

---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [bopakagnckmlgajfccecajhnimjiiedh] McAfee Security Scan+ v.3.8.141.12 (Désactivé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [ngaeinfoeljecnggcbonnohnjpepenmb] SavingsBull v.5.0, (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 18 Legitimates Filtered in 01mn AMs

---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8i7kc2ot.default-1391621471204\prefs.js
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\mkdganzr.default-1393085853367\prefs.js (.not file.)
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll
P2 - FPN: [HKCU] [@nds.com/PlayerPlugin] - (.COX - COX Player Plugin.) -- C:\Users\User\AppData\Local\NDS\PCShow\npPlayerPlugin.dll
P2 - FPN: [HKCU] [NDS.com/PlayerPlugin] - (.COX - COX Player Plugin.) -- C:\Users\User\AppData\Local\NDS\PCShow\npPlayerPlugin.dll
~ Firefox Browser: 8 Legitimates Filtered in 00mn AMs

---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn AMs

---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn AMs

---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn AMs
~ Nombre de lignes (Lines number): 19

---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} Orphan key
~ Toolbar: Scanned in 00mn AMs

---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: McAfee AntiVirus Plus.lnk . (.McAfee, Inc. - McAfee.) -- C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
O4 - GS\Desktop [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee.) -- C:\Program Files\McAfee Security Scan\3.8.141\McUICnt.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: TV Connect.lnk . (...) -- C:\Program Files (x86)\Cox Communications\TV Connect\TV Connect.exe
O4 - GS\Desktop [Public]: Unity.lnk . (.Unity Technologies ApS - Unity Editor.) -- C:\Program Files (x86)\Unity\Editor\Unity.exe
O4 - GS\Desktop [Public]: Wise Disk Cleaner.lnk . (.WiseCleaner.com - Wise Disk Cleaner.) -- C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe
O4 - GS\Desktop [Public]: Wise Registry Cleaner.lnk . (.WiseCleaner.com - Wise Registry Cleaner.) -- C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe
O4 - GS\Program [Public]: Desktop.lnk - Orphan key
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [User]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [User]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [User]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [User]: HP Utility Center.lnk . (.Hewlett-Packard Development Company, L.P. - HP Premium Utilities.) -- C:\Program Files (x86)\Hewlett-Packard\HP Utility Center\HPPU.exe
O4 - GS\TaskBar [User]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [User]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [User]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [User]: magicJack.lnk . (.magicJack L.P. - magicJack Loader Component.) -- C:\Users\User\AppData\Roaming\mjusbsp\magicJackLoader.exe
O4 - GS\SendTo [User]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - No Comment.) -- C:\Windows\System32\fsquirt.exe
O4 - GS\Desktop [User]: HP Support Assistant.lnk . (.Hewlett-Packard Company - HP Support Assistant.) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe =>.Hewlett-Packard Co
O4 - GS\Desktop [User]: magicJack.lnk . (.magicJack L.P. - magicJack Loader Component.) -- C:\Users\User\AppData\Roaming\mjusbsp\magicJackLoader.exe
~ Global Startup: 56 Legitimates Filtered in 00mn AMs

---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Startup [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
O4 - HKCU\..\Run: [cdloader] . (.magicJack L.P. - magicJack (cdloader2).) -- C:\Users\User\AppData\Roaming\mjusbsp\cdloader2.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - HKLM\..\Wow6432Node\Run: [BtTray] . (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
O4 - HKLM\..\Wow6432Node\Run: [CLVirtualDrive] . (.CyberLink Corp. - CyberLink Virtual Drive.) -- C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Quick Launch] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKUS\S-1-5-21-3680880587-3030169955-2048887066-1001\..\Run: [cdloader] . (.magicJack L.P. - magicJack (cdloader2).) -- C:\Users\User\AppData\Roaming\mjusbsp\cdloader2.exe
O4 - HKUS\S-1-5-21-3680880587-3030169955-2048887066-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-3680880587-3030169955-2048887066-1001\..\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
~ Application: Scanned in 00mn AMs

---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
~ IE Extra Buttons: Scanned in 00mn AMs

---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{18B1B8E9-B7A8-4EFD-8D59-E4C31B406F4D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{ECB39BBD-C8A2-4E35-8A97-81B87F7D11C7}: DhcpNameServer = 10.40.5.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{18B1B8E9-B7A8-4EFD-8D59-E4C31B406F4D}: DhcpDomain = ri.cox.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{ECB39BBD-C8A2-4E35-8A97-81B87F7D11C7}: DhcpDomain = server.kaplan
O17 - HKLM\System\CS1\Services\Tcpip\..\{18B1B8E9-B7A8-4EFD-8D59-E4C31B406F4D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{ECB39BBD-C8A2-4E35-8A97-81B87F7D11C7}: DhcpNameServer = 10.40.5.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{18B1B8E9-B7A8-4EFD-8D59-E4C31B406F4D}: DhcpDomain = ri.cox.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{ECB39BBD-C8A2-4E35-8A97-81B87F7D11C7}: DhcpDomain = server.kaplan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn AMs

---\\ Extra protocols (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn AMs

---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn AMs

---\\ Task Planned Automatically (039)
[MD5.00000000000000000000000000000000] [APT] [BrowserSafeguard Update Task] (...) -- C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe (.not file.) [0] =>PUP.BrowserSafeguard
[MD5.00000000000000000000000000000000] [APT] [{BE8CD973-B4B3-447C-8799-E9F4C1F0CE34}] (...) -- C:\Program Files (x86)\Inbox Toolbar\unins000.exe (.not file.) [0]
~ Scheduled Task: 19 Legitimates Filtered in 04mn AMs

---\\ Software installed (O42)
O42 - Logiciel: Image Uploader version 1.2.9 - (.ZendeN.) [HKLM][64Bits] -- {24F211C6-2732-4564-B602-CDA2DE2A13FC}_is1
O42 - Logiciel: SavingsBull - (.SavingsBull.) [HKLM][64Bits] -- {6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
O42 - Logiciel: SavingsbullFilter - (.SavingsBull Filter.) [HKLM][64Bits] -- {813BA625-B0FA-48D8-9B75-59759C88C219}
~ Logic: 6 Legitimates Filtered in 00mn AMs

---\\ HKCU & HKLM Software Keys
[HKCU\Software\NDS]
[HKCU\Software\SP]
[HKLM\Software\Savings Bull]
[HKLM\Software\Wow6432Node\Zenden.ws]
~ Key Software: 214 Legitimates Filtered in 00mn AMs

---\\ Contents of the Common Files folders (O43)
O43 - CFD: 2/22/2014 - 7:23:30 PM - [6.754] ----D C:\Program Files (x86)\Image Uploader
O43 - CFD: 1/21/2014 - 12:53:15 PM - [0.669] ----D C:\Program Files (x86)\sp
O43 - CFD: 12/6/2013 - 9:59:45 PM - [0.001] ----D C:\ProgramData\ClassicShell
O43 - CFD: 2/22/2014 - 7:23:30 PM - [0.186] ----D C:\ProgramData\Image Uploader
O43 - CFD: 2/11/2014 - 11:39:28 AM - [43.420] ----D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
O43 - CFD: 2/24/2014 - 9:32:04 AM - [0] ----D C:\Users\User\AppData\Roaming\1H1Q
O43 - CFD: 3/1/2014 - 9:41:56 AM - [1.368] ----D C:\Users\User\AppData\Roaming\ClassicShell
O43 - CFD: 2/22/2014 - 7:23:36 PM - [0.008] ----D C:\Users\User\AppData\Roaming\Image Uploader
O43 - CFD: 2/25/2014 - 1:04:27 PM - [0] ----D C:\Users\User\AppData\Local\cef_data
O43 - CFD: 2/25/2014 - 1:04:27 PM - [32.954] ----D C:\Users\User\AppData\Local\NDS
O43 - CFD: 2/27/2014 - 5:07:44 PM - [9.319] ----D C:\Users\User\AppData\Local\TVConnect
~ Program Folder: 161 Legitimates Filtered in 17mn AMs

---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.4B916278E1487A5CD5F8F9A521980026] - 2/14/2014 - 10:33:05 AM ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [385614]
O44 - LFC:[MD5.33948FF6D642994C5831809F3234F30A] - 2/25/2014 - 10:09:44 AM ---A- . (.Sendori - No Comment.) -- C:\Windows\System32\plsapp64.dll [439296]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 2/25/2014 - 10:09:55 AM ---A- . (...) -- C:\Windows\System32\Service.log [0]
O44 - LFC:[MD5.62E39449970D26C8DE657F4F5795AA70] - 3/1/2014 - 9:03:44 AM ---A- . (...) -- C:\Windows\System32\SavingsBullFilterService.log [19819266]
~ Files: 50 Legitimates Filtered in 09mn AMs

---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn AMs

---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 8/12/2013 - 6:25:46 PM ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:[MD5.5FBDC88F22270FE741152A2FBD39B160] - 12/17/2013 - 4:04:08 PM ---A- . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\netfilter64.sys [46232]
O58 - SDL:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 8/22/2013 - 7:43:32 AM ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:[MD5.32BE0B7CCA47A5BE30E7E43DC54B54F3] - 11/29/2013 - 8:51:04 AM ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [542208]
~ Drivers: 17 Legitimates Filtered in 05mn AMs

---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn AMs

---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn AMs

---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - http://rover.ebay.com =>Toolbar.eBay
~ Keys: Scanned in 00mn AMs

---\\ Product Upgrade Codes (PUC) (O90)
O90 - PUC: "1708EDD6AB4EB164A86999D0AF0ABE1D" . (.SavingsBull.) -- c:\WINDOWS\Installer\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}\icon64.ico
O90 - PUC: "4EAF68AEEF521B84986E425DB1742C1B" . (.Cox TV Connect.) -- C:\WINDOWS\Installer\{EA86FAE4-25FE-48B1-89E6-24D51B47C2B1}\ARPPRODUCTICON.exe
O90 - PUC: "526AB318AF0B8D84B9579557C9882C91" . (.SavingsbullFilter.) -- c:\WINDOWS\Installer\{813BA625-B0FA-48D8-9B75-59759C88C219}\icon64.ico
~ Update Products: 75 Legitimates Filtered in 00mn AMs

---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.3AF7B8083FDD852A6DDA4FFE10FC6044] [WIS][2/27/2014] (.SavingsBull Filter - SavingsbullFilter.) -- C:\Windows\Installer\98349fa.msi [1380352]
~ WIS: 74 Legitimates Filtered in 02mn AMs

---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 2/20/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 1/29/2014 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 2/22/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 2/22/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 1/15/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
SS - | Demand 8/2/2013 602944 | (McODS) . (.McAfee, Inc..) - C:\Program Files\McAfee\VirusScan\mcods.exe
SS - | Demand 2/15/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 2/28/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 7/10/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Demand 8/22/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 12/21/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 8/2/2012 1544192 | (BlueSoleilCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
SR - | Demand 7/10/2012 138752 | (BsHelpCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
SR - | Auto 7/30/2013 328928 | (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 11/4/2013 92160 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Demand 6/7/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 8/10/2012 29600 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
SR - | Auto 7/9/2012 35232 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
SR - | Auto 7/14/2012 2451456 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Auto 4/20/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 7/17/2012 128896 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 7/17/2012 165760 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 7/17/2012 276864 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 7/30/2013 328928 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 1/28/2014 178528 | (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe
SR - | Auto 7/30/2013 328928 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 7/30/2013 328928 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 7/30/2013 328928 | (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 7/30/2013 328928 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 12/11/2013 1025232 | (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 1/27/2014 219752 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 1/27/2014 185792 | (mfevtp) . (.McAfee, Inc..) - C:\WINDOWS\system32\mfevtps.exe
SR - | Auto 11/29/2013 323072 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SR - | Auto 7/17/2012 364416 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 7/10/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 7/10/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe

~ Services: Scanned in 04mn AMs

---\\ Scan Additionnel (O88)
Database Version : 13031 - (2/23/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}] =>Toolbar.InBox
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] =>Toolbar.InBox
~ Additionnel Scan: 272237 Items scanned in 29mn AMs

---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps... =>Hijacker.Proxy
~ http://nicolascoolman.webs.com/apps... =>PUP.BrowserSafeguard
~ MSI: 2 link(s) detected in 29mn AMs

~ 932 Legitimates filtered by white list
End of the scan (435 lines in 37mn AMs)(0)


Report •

#81
March 1, 2014 at 06:47:31
Download Security Check by screen317 from one of the following links and save it to your Desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
Please restart the computer before running this security check..
* Double click SecurityCheck.exe. If you run Windows Vista or 7/8, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Report •

#82
March 1, 2014 at 07:15:17
Results of screen317's Security Check version 0.99.79
x64 (UAC is enabled)
Internet Explorer 11
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
Windows Defender
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
Malwarebytes Anti-Malware version 1.75.0.1300
Wise Disk Cleaner 8.04
Wise Registry Cleaner 7.94
Java 7 Update 51
Adobe Flash Player 12.0.0.70
Adobe Reader XI
Mozilla Firefox (27.0.1)
Google Chrome 33.0.1750.117
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C: %
[b][u]````````````````````End of Log``````````````````````[/b][/u]

Report •

#83
March 1, 2014 at 07:15:50
✔ Best Answer
Just 2 issues left Jim. We got rid of 8 others that ZHPDiag identified.

1. Close all applications

2. Select and copy all of the text below.

Script ZHPFix
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\mkdganzr.default-1393085853367\prefs.js (.not file.)

3. ZHPDiag created a short cut on your desktop called ZHPFix, launch ZHPFix (For Windows 7 click right to run as admin. Answer yes if you get an enquiry as to whether you want to run it or not.

4. Click on the the Import button and the lines will automatically paste themselves.

5. Click on the Go button to clean.

6. Confirm by clicking OK.

7. ZHPFix will ask if you wish to empty the bin, click on your choice...it may take time.

8. A report will appear on your desktop and on C:\ZHP\ZHPFix[R1].txt which you can copy and paste into your reply.

message edited by Johnw


Report •

#84
March 1, 2014 at 07:28:55
Rapport de ZHPFix 2014.2.16.5 par Nicolas Coolman, Update du 16/02/2014
Fichier d'export Registre :
Run by User at 3/1/2014 10:27:27 AM
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)

Recycle Bin emptied (08mn AMs)

========== Elements of the registry data ==========
REMOVES: R1 Search Page =


========== Summary ==========
1 : Elements of the registry data


End of clean in 09mn AMs

========== Path to file report ==========
C:\Users\User\AppData\Roaming\ZHP\ZHPFix[R1].txt - 3/1/2014 10:27:36 AM [495]


Report •

#85
March 1, 2014 at 07:29:52
Rapport de ZHPFix 2014.2.16.5 par Nicolas Coolman, Update du 16/02/2014
Fichier d'export Registre : C:\Users\User\AppData\Roaming\ZHP\ZHPExportRegistry-3-1-2014-10-27-36 AM.txt
Run by User at 3/1/2014 10:27:27 AM
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)

Recycle Bin emptied (08mn AMs)

========== Elements of the registry data ==========
REMOVES: R1 Search Page =


========== Summary ==========
1 : Elements of the registry data


End of clean in 09mn AMs

========== Path to file report ==========
C:\Users\User\AppData\Roaming\ZHP\ZHPFix[R1].txt - 3/1/2014 10:27:36 AM [495]


Report •

#86
March 1, 2014 at 07:32:54
Going to bed Jim, falling asleep behind the mouse.

"Results of screen317's Security Check"
All good.

""another question, if I may ask, I'm running a wired/wireless, my laptop is wireless, but when I do a restart, network doesn't connect, but if I shut down and restart, then it connects, any ideas as to the problem??""
Do you still have this issue?

"Rapport de ZHPFix"
Perfect.

Catch you when I wake up.


Report •

#87
March 1, 2014 at 07:46:18
yes John, still have it. if I restart, network never connects, so I have to shutdown, then it works..

Report •

#88
March 1, 2014 at 14:08:51
Lets make sure the basics are right Jim & see if you still have the problem.

1: Reset your router & set a strong password.
“Infected” routers threaten death by DNS
http://triplescomputers.com/blog/ca...
How to Reset Your Wireless Router
http://www.online-tech-tips.com/com...
Change your router password if it is not strong or still uses the default one.
Hack lets intruders sneak into home routers
http://tinyurl.com/4pz64fc
Change the Default Password on a Network Router
http://compnetworking.about.com/od/...

2: How to flush DNS Cache for Windows
http://help.ea.com/en/article/how-t...
http://docs.cpanel.net/twiki/bin/vi...


Report •

#89
March 1, 2014 at 14:58:09
problems somewhere john. I should be set as admin, yet some operations won't let me run them.. I had thought I was set as admin in this computer

Report •

#90
March 1, 2014 at 15:11:43
Few more to remove Jim & then we shall address the Admin issue.

Script ZHPFix
G2 - GCE: Preference [User Data\Default] [ngaeinfoeljecnggcbonnohnjpepenmb] SavingsBull v.5.0, (Activé)
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\mkdganzr.default-1393085853367\prefs.js (.not file.)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} Orphan key
O4 - GS\Program [Public]: Desktop.lnk - Orphan key
[MD5.00000000000000000000000000000000] [APT] [BrowserSafeguard Update Task] (...) -- C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe (.not file.) [0] =>PUP.BrowserSafeguard
[MD5.00000000000000000000000000000000] [APT] [{BE8CD973-B4B3-447C-8799-E9F4C1F0CE34}] (...) -- C:\Program Files (x86)\Inbox Toolbar\unins000.exe (.not file.) [0]
O42 - Logiciel: SavingsBull - (.SavingsBull.) [HKLM][64Bits] -- {6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
O42 - Logiciel: SavingsbullFilter - (.SavingsBull Filter.) [HKLM][64Bits] -- {813BA625-B0FA-48D8-9B75-59759C88C219}
[HKLM\Software\Savings Bull]

message edited by Johnw


Report •

#91
March 1, 2014 at 15:18:01
tried to run that with copy & paste, no go

Report •

#92
March 1, 2014 at 15:20:35
Run Tweaking.com - Windows Repair Start at Step 2 & when you get to the final step, check/tick all the boxes.
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.tweaking.com/
http://www.tweaking.com/content/pag...
Copy and Paste the contents of the following log in your reply:
C:\Program Files\Tweaking.com\Windows Repair (All in One)\Tweaking.com_Windows_Repair_Logs\_Windows_Repair_Log.txt

message edited by Johnw


Report •

#93
March 1, 2014 at 15:36:22
I take it, this will take a while. I see 33 steps...

Report •

#94
March 1, 2014 at 15:49:25
" I take it, this will take a while. I see 33 steps..."
You now have a pretty clean comp, probably only 1/2 an hour.
This is the tool to run after removing infections & there are problems ( which is very often )

Did you have a password on Admin?


Report •

#95
March 1, 2014 at 17:06:28
haven't had to use any password, normally everything runs as admin.

I see tweaking creates a bunch of logs..


Report •

#96
March 3, 2014 at 15:58:18
Seems all is good John, anything else I should do??

ANd regarding internet connection, been like this since I got this new laptop a few months ago. As I said, on a restart, no connection, but if I shut down then start, I am connected, so no idea what, or where the problem is, I'd imagine something simple, but then again, with computers, what is easy. I have full admin rights on the computer..


Report •

#97
March 3, 2014 at 16:08:58
Computers are not very friendly Jim. I agree.

Re my post #92, did you run it as per that info?

If so, post the log as per that info.


Report •

#98
March 3, 2014 at 17:50:46
not sure John, but doing it in case I didn't..

Thanks so much for all you've done!!


Report •

#99
March 3, 2014 at 17:53:00
[3/3/2014 - 8:51:30 PM] System Variables
[3/3/2014 - 8:51:30 PM] --------------------------------------------------------------------------------
[3/3/2014 - 8:51:30 PM] Use Fallback Backup Method: 1 (0 = No, 1 = Yes)
[3/3/2014 - 8:51:30 PM] VSS exe To Use: vss_7_8_2008_2012_64.exe
[3/3/2014 - 8:51:30 PM] Windows Drive: C:
[3/3/2014 - 8:51:30 PM] Windows Folder: Windows
[3/3/2014 - 8:51:30 PM] Windows Path: C:\Windows
[3/3/2014 - 8:51:30 PM] Registry File Location: C:\Windows\System32\Config
[3/3/2014 - 8:51:30 PM] Current Profile: C:\Users\User
[3/3/2014 - 8:51:30 PM] Current Profile SID: S-1-5-21-3680880587-3030169955-2048887066-1001
[3/3/2014 - 8:51:30 PM] Current Profile Classes: S-1-5-21-3680880587-3030169955-2048887066-1001_Classes
[3/3/2014 - 8:51:30 PM] Profiles Location: C:\Users
[3/3/2014 - 8:51:30 PM] Profiles Location 2: C:\Windows\ServiceProfiles
[3/3/2014 - 8:51:30 PM] Local Settings AppData: AppData\Local
[3/3/2014 - 8:51:30 PM] Computer Name: HP
[3/3/2014 - 8:51:30 PM] OS: Microsoft Windows 8.1 (64-bit)
[3/3/2014 - 8:51:30 PM] OS Architecture: 64-bit
[3/3/2014 - 8:51:30 PM] OS Version: 6.3.9600
[3/3/2014 - 8:51:30 PM] OS Service Pack:
[3/3/2014 - 8:51:30 PM] --------------------------------------------------------------------------------

[3/3/2014 - 8:51:30 PM] Backup Location: C:\RegBackup\

[3/3/2014 - 8:51:30 PM] Auto Delete Old Backups Enabled, Working...
[3/3/2014 - 8:51:30 PM] --------------------------------------------------------------------------------
[3/3/2014 - 8:51:30 PM] --------------------------------------------------------------------------------

[3/3/2014 - 8:51:30 PM] Starting Backup...

[3/3/2014 - 8:51:30 PM] Files To Backup:
[3/3/2014 - 8:51:30 PM] --------------------------------------------------------------------------------
[3/3/2014 - 8:51:30 PM] C:\Windows\System32\Config\components
[3/3/2014 - 8:51:30 PM] C:\Windows\System32\Config\default
[3/3/2014 - 8:51:30 PM] C:\Windows\System32\Config\sam
[3/3/2014 - 8:51:30 PM] C:\Windows\System32\Config\security
[3/3/2014 - 8:51:30 PM] C:\Windows\System32\Config\software
[3/3/2014 - 8:51:30 PM] C:\Windows\System32\Config\system
[3/3/2014 - 8:51:30 PM] C:\Users\User\AppData\Local\Microsoft\Windows\UsrClass.dat
[3/3/2014 - 8:51:30 PM] C:\Users\User\ntuser.dat
[3/3/2014 - 8:51:30 PM] C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
[3/3/2014 - 8:51:30 PM] C:\Windows\ServiceProfiles\LocalService\ntuser.dat
[3/3/2014 - 8:51:30 PM] C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
[3/3/2014 - 8:51:30 PM] C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
[3/3/2014 - 8:51:30 PM] --------------------------------------------------------------------------------

[3/3/2014 - 8:51:30 PM] Backing Up Files...:
[3/3/2014 - 8:51:30 PM] --------------------------------------------------------------------------------
[3/3/2014 - 8:51:30 PM] Using Fallback Backup Method.

[3/3/2014 - 8:51:30 PM] Backing Up File: C:\Windows\System32\Config\components
[3/3/2014 - 8:51:31 PM] Result: Successful - C:\RegBackup\HP\3.3.2014_8.51.30-PM\C\Windows\System32\Config\components

[3/3/2014 - 8:51:31 PM] Backing Up File: C:\Windows\System32\Config\default
[3/3/2014 - 8:51:31 PM] Result: Successful - C:\RegBackup\HP\3.3.2014_8.51.30-PM\C\Windows\System32\Config\default

[3/3/2014 - 8:51:31 PM] Backing Up File: C:\Windows\System32\Config\sam
[3/3/2014 - 8:51:31 PM] Result: Successful - C:\RegBackup\HP\3.3.2014_8.51.30-PM\C\Windows\System32\Config\sam

[3/3/2014 - 8:51:31 PM] Backing Up File: C:\Windows\System32\Config\security
[3/3/2014 - 8:51:31 PM] Result: Successful - C:\RegBackup\HP\3.3.2014_8.51.30-PM\C\Windows\System32\Config\security

[3/3/2014 - 8:51:31 PM] Backing Up File: C:\Windows\System32\Config\software
[3/3/2014 - 8:51:32 PM] Result: Successful - C:\RegBackup\HP\3.3.2014_8.51.30-PM\C\Windows\System32\Config\software

[3/3/2014 - 8:51:32 PM] Backing Up File: C:\Windows\System32\Config\system
[3/3/2014 - 8:51:34 PM] Result: Successful - C:\RegBackup\HP\3.3.2014_8.51.30-PM\C\Windows\System32\Config\system

[3/3/2014 - 8:51:34 PM] Backing Up File: C:\Users\User\AppData\Local\Microsoft\Windows\UsrClass.dat
[3/3/2014 - 8:51:34 PM] Result: Successful - C:\RegBackup\HP\3.3.2014_8.51.30-PM\C\Users\User\AppData\Local\Microsoft\Windows\UsrClass.dat

[3/3/2014 - 8:51:34 PM] Backing Up File: C:\Users\User\ntuser.dat
[3/3/2014 - 8:51:34 PM] Result: Successful - C:\RegBackup\HP\3.3.2014_8.51.30-PM\C\Users\User\ntuser.dat

[3/3/2014 - 8:51:34 PM] Backing Up File: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
[3/3/2014 - 8:51:34 PM] Result: Failed - Error: 6: The handle is invalid.

[3/3/2014 - 8:51:34 PM] Backing Up File: C:\Windows\ServiceProfiles\LocalService\ntuser.dat
[3/3/2014 - 8:51:34 PM] Result: Successful - C:\RegBackup\HP\3.3.2014_8.51.30-PM\C\Windows\ServiceProfiles\LocalService\ntuser.dat

[3/3/2014 - 8:51:34 PM] Backing Up File: C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
[3/3/2014 - 8:51:35 PM] Result: Failed - Error: 6: The handle is invalid.

[3/3/2014 - 8:51:35 PM] Backing Up File: C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
[3/3/2014 - 8:51:35 PM] Result: Successful - C:\RegBackup\HP\3.3.2014_8.51.30-PM\C\Windows\ServiceProfiles\NetworkService\ntuser.dat

[3/3/2014 - 8:51:35 PM] --------------------------------------------------------------------------------

[3/3/2014 - 8:51:35 PM] Creating DOS restore bat file for use in the Windows Recovery Console:
[3/3/2014 - 8:51:35 PM] --------------------------------------------------------------------------------
[3/3/2014 - 8:51:35 PM] Already Exists: C:\Windows\tweaking.com-regbackup-HP-Microsoft-Windows-8.1-(64-bit).dat for use in the dos_restore.cmd file
[3/3/2014 - 8:51:35 PM] Done: C:\RegBackup\HP\3.3.2014_8.51.30-PM\dos_restore.cmd
[3/3/2014 - 8:51:35 PM] --------------------------------------------------------------------------------


Report •

#100
March 4, 2014 at 09:59:07

System Variables
--------------------------------------------------------------------------------
OS: Windows 8.1
OS Architecture: 64-bit
OS Version: 6.3.9600
OS Service Pack:
Computer Name: HP
Windows Drive: C:\
Windows Path: C:\Windows
Current Profile: C:\Users\User
Current Profile SID: S-1-5-21-3680880587-3030169955-2048887066-1001
Current Profile Classes: S-1-5-21-3680880587-3030169955-2048887066-1001_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\User\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 02 Days 12:54:47

Process Count: 84
Commit Total: 2.64 GB
Commit Limit: 6.83 GB
Commit Peak: 4.12 GB
Handle Count: 29297
Kernel Total: 432.07 MB
Kernel Paged: 264.69 MB
Kernel Non Paged: 167.38 MB
System Cache: 1.87 GB
Thread Count: 987
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 5.89 GB
Memory Used: 2.45 GB(41.4824%)
Memory Avail.: 3.45 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 5.89 GB
Memory Used: 2.03 GB(34.38%)
Memory Avail.: 3.87 GB
--------------------------------------------------------------------------------

Starting Repairs...
Start (3/4/2014 8:45:52 AM)

01 - Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (3/4/2014 8:45:52 AM)
Running Repair Under Current User Account
Done (3/4/2014 8:45:58 AM)

01 - Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (3/4/2014 8:45:59 AM)
Running Repair Under System Account
Done (3/4/2014 8:47:11 AM)

01 - Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (3/4/2014 8:47:11 AM)
Running Repair Under System Account
Done (3/4/2014 8:47:49 AM)

03 - Register System Files
Start (3/4/2014 8:47:50 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/4/2014 8:48:20 AM)

04 - Repair WMI
Start (3/4/2014 8:48:20 AM)
Running Repair Under Current User Account
Done (3/4/2014 8:57:44 AM)

05 - Repair Windows Firewall
Start (3/4/2014 8:57:44 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/4/2014 8:58:07 AM)

06 - Repair Internet Explorer
Start (3/4/2014 8:58:07 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/4/2014 8:58:31 AM)

07 - Repair MDAC/MS Jet
Start (3/4/2014 8:58:31 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/4/2014 8:58:42 AM)

08 - Repair Hosts File
Start (3/4/2014 8:58:42 AM)
Running Repair Under System Account
Done (3/4/2014 8:58:44 AM)

09 - Remove Policies Set By Infections
Start (3/4/2014 8:58:44 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/4/2014 8:58:49 AM)

11 - Repair Icons
Start (3/4/2014 8:58:49 AM)
Running Repair Under Current User Account
Done (3/4/2014 8:58:51 AM)

12 - Repair Winsock & DNS Cache
Start (3/4/2014 8:58:51 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/4/2014 8:59:04 AM)

14 - Repair Proxy Settings
Start (3/4/2014 8:59:04 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/4/2014 8:59:09 AM)

16 - Repair Windows Updates
Start (3/4/2014 8:59:09 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/4/2014 8:59:27 AM)

17 - Repair CD/DVD Missing/Not Working
Start (3/4/2014 8:59:27 AM)
iTunes not found, not applying UpperFilters iTunes Reg Key
Done (3/4/2014 8:59:27 AM)

18 - Repair Volume Shadow Copy Service
Start (3/4/2014 8:59:27 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/4/2014 8:59:34 AM)

20 - Repair MSI (Windows Installer)
Start (3/4/2014 8:59:34 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/4/2014 8:59:42 AM)

22.01 - Repair bat Association
Start (3/4/2014 8:59:42 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/4/2014 8:59:47 AM)

22.02 - Repair cmd Association
Start (3/4/2014 8:59:47 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/4/2014 8:59:52 AM)

22.03 - Repair com Association
Start (3/4/2014 8:59:52 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/4/2014 8:59:56 AM)

22.04 - Repair Directory Association
Start (3/4/2014 8:59:56 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/4/2014 9:00:01 AM)

22.05 - Repair Drive Association
Start (3/4/2014 9:00:01 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/4/2014 9:00:06 AM)

22.06 - Repair exe Association
Start (3/4/2014 9:00:06 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/4/2014 9:00:10 AM)

22.07 - Repair Folder Association
Start (3/4/2014 9:00:10 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/4/2014 9:00:15 AM)

22.08 - Repair inf Association
Start (3/4/2014 9:00:15 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/4/2014 9:00:20 AM)

22.09 - Repair lnk (Shortcuts) Association
Start (3/4/2014 9:00:20 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/4/2014 9:00:24 AM)

22.10 - Repair msc Association
Start (3/4/2014 9:00:24 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/4/2014 9:00:29 AM)

22.11 - Repair reg Association
Start (3/4/2014 9:00:29 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/4/2014 9:00:34 AM)

22.12 - Repair scr Association
Start (3/4/2014 9:00:34 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/4/2014 9:00:38 AM)

23 - Repair Windows Safe Mode
Start (3/4/2014 9:00:38 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/4/2014 9:00:43 AM)

24 - Repair Print Spooler
Start (3/4/2014 9:00:43 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/4/2014 9:00:56 AM)

25 - Restore Important Windows Services
Start (3/4/2014 9:00:56 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/4/2014 9:01:16 AM)

26 - Set Windows Services To Default Startup
Start (3/4/2014 9:01:16 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/4/2014 9:01:22 AM)

27 - Repair Windows 8 App Store
Start (3/4/2014 9:01:22 AM)
Running Repair Under System Account
Running Repair Under Current User Account
Done (3/4/2014 9:01:51 AM)

28 - Repair Windows 8 Component Store
Start (3/4/2014 9:01:51 AM)
Running Repair Under Current User Account
Done (3/4/2014 9:12:09 AM)

Cleaning up empty logs...

All Selected Repairs Done.
Done (3/4/2014 9:12:09 AM)
Total Repair Time: 00:26:18


...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under Current User Account


Report •

#101
March 4, 2014 at 10:00:20
John,

Wireless still doesn't connect on a restart, but does on shutdown..

Has me going buggy.. Tried all I can think of, but have no clue.. not a real big deal, but would like to figure out the problem.

Thanks!!

Jim


Report •

#102
March 4, 2014 at 12:17:57
"but would like to figure out the problem"
Lets find out if it is Software or Hardware Jim.

Try/borrow/use someone's router & see if it is the same.


Report •

#103
March 4, 2014 at 12:22:08
It's not the router, as it worked before I got a new laptop, so I'd say it's software..

Report •

#104
March 4, 2014 at 12:33:04
Open command prompt as administrator, Copy & Paste > ipconfig /flushdns then hit > Enter.

Report •

#105
March 4, 2014 at 14:19:58
done that a few times, and did renew, and all other Ipconfig things..

Report •

#106
March 4, 2014 at 15:05:54
Have you done a compete reset in the router?

Malware Silently Alters Wireless Router Settings
http://voices.washingtonpost.com/se...

Change your router password if it is not strong or still uses the default one.
Hack lets intruders sneak into home routers
http://tinyurl.com/4pz64fc
Change the Default Password on a Network Router
http://compnetworking.about.com/od/...

message edited by Johnw


Report •

#107
March 5, 2014 at 04:51:12
I haven't, but I will.

Report •

#108
March 6, 2014 at 07:53:36
reset the router, but now when I try to go to linksys website, bad gateway error 502, so don't know what's wrong now. had to download the software to reinstall the router, all is ok except trying to get in their site, so now I have no idea...

Report •

#109
March 6, 2014 at 13:26:33
bad gateway error 502
http://is.gd/5BNGuz

Report •

#110
March 6, 2014 at 13:46:27
Have tried that John, didn't help at all..

Report •

#111
March 6, 2014 at 13:49:45
yeah!! at least sears.com is no longer blocked.

Wonder if I need to reboot Modem & router..


Report •

#112
March 6, 2014 at 14:01:19
"Wonder if I need to reboot Modem & router.."
Ball is now in your court Jim, you need to google everything.

Put the EXACT error message into it, just a matter of getting your fine tuning sorted out by the sounds.


Report •

#113
March 6, 2014 at 15:47:52
"EXACT MESSAGE" into it??

Don't follow John. the address, default doesn't work, bad gateway.. 502 error.


Report •

#114
March 6, 2014 at 15:53:02
""EXACT MESSAGE" into it??"
"Don't follow John"
Google.

There will be an answer that sorts it out in there somewhere.


Report •

#115
March 6, 2014 at 16:00:28
Here are 2 sites that explain some of the possibles.

http://wiki-errors.com/502-bad-gate...
http://www.getnetgoing.com/HTTP-502...


Report •

#116
March 6, 2014 at 16:57:28
I've looked at those John, and no clear answer. maybe just reset modem & router and then see..

Thanks!!


Report •

#117
March 7, 2014 at 05:08:37
either it was the reset, or a problem with linksys, but all is well now YEAH!!!

Report •

#118
March 7, 2014 at 05:43:35
"either it was the reset, or a problem with linksys, but all is well now YEAH!!!"

YEAH!!! YEAH!!! YEAH!!!


Report •

Ask Question