Solved win32:evo-gen(susp) pop up on friends, pc

Lenovo G460 laptop computer - 06779xu...
March 8, 2014 at 13:29:48
Specs: Win 7 Home Premium SP1 64 bit, 2.16/3G
A friend has win32:evo-gen(susp) pop up on his pc. Avast is his antivirus. He has been unable to log in to some of his business account. So, I don't know if this is a false/positive or not. Suggestions appreciated. Thanks,

vandal67


See More: win32:evo-gen(susp) pop up on friends, pc

Report •


#1
March 8, 2014 at 13:51:09
✔ Best Answer

Report •

#2
March 10, 2014 at 19:20:27
Thanks for the hints Johnw. I went thru all of them. Got rid of a lot of garbage, but not the problem that I'm assuming the Evo-gen is causing. The affected pc won't let my friend log onto the bank account that he uses for his business. When he tries to logon, the website says that it does not recognize the computer that he is using. The bank gave him some suggestions, but to no avail. He can log onto the account using his old pc, so the problem seems to be with the newer pc. As far as we know the inability to log onto the bank account is the only problem that evo has caused.

Friend said Avast found and quarantined evo. If that is the case, will removing Avast remove evo? Thanks again,

vandal67


Report •

#3
March 10, 2014 at 19:39:20
"Friend said Avast found and quarantined evo. If that is the case, will removing Avast remove evo?"
Keep Avast, all you have to do is go into Quarantine & delete the files.

Lets have a deeper look into what is going on.

1. Download ZHPDiag from one of these links.
http://en.kioskea.net/download/diag...
http://en.kioskea.net/download/down...
http://telechargement.zebulon.fr/te...
Screenshots ( SS ) How to install.
http://i.imgur.com/bzQcspa.gif
http://i.imgur.com/Hs29C2s.gif
http://i.imgur.com/BTjebOK.gif
http://i.imgur.com/87sQnNO.gif
http://i.imgur.com/z0YGy5b.gif
http://i.imgur.com/lU7mHna.gif
http://i.imgur.com/o0dE8Lz.gif

(Don't be alarmed if the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message.)

2. Save the file on your Desktop.

3. Double click on ZHPDiag.exe and follow the installation instructions.

(For Vista and Win 7 users, click right to ensure you execute with admin right)

The tool creates two icons ZHPDiag and ZHPFix.

4. Double click on the short cut ZHPDiag on your Destktop.

5. If you need to change the language, click on the little house, (bottom right) and change to English.

6. Click on the "Configure" button.

7. Click on the Magnifying glass "Default diagnosis with legitimate".

8. Click on "Search" and answer yes if a message appears.

Wait for the tool to finished (maybe a long time) A ZHPDiag log will be on the Desktop.

9. Close ZHPDiag.

10. The log is large, upload it to a site of your choosing or use Image Uploader.
I upload to Imgur.com for images & load.to for files ( neither need an account ) Give us the link please.
Free file sharing sites come & go, if Imgur.com & load.to are too busy ( or not working ) here are others to try.
free file upload no account needed
http://is.gd/ije9W6
http://www.zippyshare.com/
http://www.filedropper.com/index.php
http://www.wikisend.com/
https://www.sendspace.com/
http://www.megafileupload.com/

Image Uploader
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://zenden.ws/imageuploader_ru

How to use for files.
http://i.imgur.com/FhtnM6c.gif
http://i.imgur.com/yBtjlpb.gif
http://i.imgur.com/txFkgpT.gif

message edited by Johnw


Report •

Related Solutions

#4
March 12, 2014 at 13:00:52
Will do, and get back to you.

vandal67


Report •

#5
March 15, 2014 at 14:02:10
Sorry, I couldn't get it uploaded, so I copied and pasted the results below. Hope u can read it or upload it to a site yourself. Thanks,

Report of ZHPDiag v2014.3.12.13 - Nicolas Coolman (3/12/2014)
~ Launched by Frank (3/15/2014 3:55:54 PM)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps...
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by program


---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.16521 (Defaut)
MFIE: Mozilla Firefox 27.0.1

---\\ Windows product information
~ Langage: Anglais
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
avast! Free Antivirus v9.0.2013
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7

---\\ System optimization software

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 12 ActiveX
Adobe Reader X

---\\ Information on the system
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4060.8 MB (61% free)
System Restore: Activé (Enable)
System drive C: has 368 GB (81%) free of 452 GB

---\\ Connection to the system mode
~ Computer Name: MININT-4IV7NF0
~ User Name: Frank
~ All Users Names: HomeGroupUser$, Guest, Frank, Eric, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Frank\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Frank\AppData\Roaming\
~ %Desktop% : C:\Users\Frank\Desktop\
~ %Favorites% : C:\Users\Frank\Favorites\
~ %LocalAppData% : C:\Users\Frank\AppData\Local\
~ %StartMenu% : C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 368 Go of 452 Go)
D: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)

---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn AMs

---\\ Search Generic System Files
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.2/25/2011 - 12:19:30 AM.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.7/13/2009 - 7:39:52 PM.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.DF79CE9B950C62677D232154E93A81C7] - (.Microsoft Corporation - Internet Extensions for Win32.) (.2/28/2014 - 9:10:28 PM.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Windows Logon Application.) (.11/20/2010 - 9:24:29 PM.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.11/20/2010 - 9:24:16 PM.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.9/27/2013 - 7:09:10 PM.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.7/13/2009 - 7:52:21 PM.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.7/13/2009 - 5:19:47 PM.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/20/2010 - 9:23:47 PM.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.11/20/2010 - 9:24:32 PM.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/20/2010 - 9:23:47 PM.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.7/13/2009 - 5:19:57 PM.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.7/13/2009 - 6:10:03 PM.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.4/26/2011 - 8:40:40 PM.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.11/20/2010 - 9:23:51 PM.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - NT File System Driver.) (.4/12/2013 - 8:45:08 AM.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.7/13/2009 - 6:00:41 PM.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.11/20/2010 - 9:24:33 PM.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.7/13/2009 - 6:09:09 PM.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.11/20/2010 - 9:24:32 PM.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.11/20/2010 - 9:23:47 PM.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn AMs

---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/33
~ Mes musiques (My Musics) : 1/107
~ Mes Favoris (My Favorites) : 1/49
~ Mes Documents (My Documents) : 1/261
~ Mon Bureau (My Desktop) : 1/26
~ Menu demarrer (Programs) : 1/22
~ Hidden Files: Scanned in 00mn AMs

---\\ Process running
[MD5.254E0CCB24D8E48479A8A387C77CA356] - (.Garmin Ltd or its subsidiaries - Express Tray.) -- C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1098072] [PID.3964]
[MD5.BA90DF05FA2E9A2C15F3A74825315BD0] - (.SoftThinks - Dell - Dell DataSafe Local Backup.) -- C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.exe [4293952] [PID.4012]
[MD5.80B62FF105908EC9E4B072AFB1CFC824] - (.Creative Technology Ltd - WebcamDell2.exe.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744] [PID.4048]
[MD5.8872B78D80682F2BE0A04EB0B3EAF554] - (.SoftThinks - Dell - DataSafe Update Launcher.) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe [465216] [PID.4060]
[MD5.5F30686DC1E9950F0C62AD7BAB4A2F3C] - (.No owner - Netgear.) -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe [8364288] [PID.3076]
[MD5.A78AAB0D2D70EF7DD56B7328AC502059] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096] [PID.3360]
[MD5.F205CD085B25CFC491908EFE4E8AB8F5] - (.No owner - ST Service Scheduling.) -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.exe [2751808] [PID.3148]
[MD5.3A3BEA53F039CE2E997A918E26E30B1D] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [808152] [PID.4248]
[MD5.64A2A75D8F4BD07BD0A0029AA8825BBF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8353792] [PID.2128]
[MD5.CC42F104172B4A62793083D380867317] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1204]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1536]
[MD5.2973B4EB7BE10A0D491B2037DCAAE88F] - (.Garmin Ltd or its subsidiaries - Garmin Core Update Service.) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688] [PID.1716]
[MD5.4215C271D6E6898C3F4DABAB4F387DC9] - (.SoftThinks SAS - SoftThinks Agent Service.) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe [1695040] [PID.1168]
[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.1572]
[MD5.E7C84A8A763C460FE182F4DCBC17B9DC] - (.No owner - Wifi Service.) -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [303360] [PID.2268]
[MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.2360]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.3008]
~ Processes Running: Scanned in 01mn AMs

---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com
R3 - URLSearchHook: FLV Runner Toolbar [64Bits] - {3bbd3c14-4c16-4989-8366-95bc9179779d} . (.Conduit Ltd. - Conduit Toolbar.) (6.4.0.0) -- C:\Program Files (x86)\FLV_Runner\prxtbFLV_.dll =>Toolbar.Conduit
~ IE Browser: 21 Legitimates Filtered in 00mn AMs

---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn AMs

---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn AMs

---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn AMs
~ Nombre de lignes (Lines number): 21

---\\ Browser Helper Objects (O2)
O2 - BHO: FLV Runner [64Bits] - {3bbd3c14-4c16-4989-8366-95bc9179779d} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files (x86)\FLV_Runner\prxtbFLV_.dll =>Toolbar.Conduit
~ BHO: 12 Legitimates Filtered in 00mn AMs

---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{3BBD3C14-4C16-4989-8366-95BC9179779D} Orphan key
~ Toolbar: Scanned in 00mn AMs

---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: Axcess.lnk . (.Smith Micro Software, Inc. - QuickLink Mobile.) -- C:\Program Files (x86)\Alltel\QuickLink Mobile\QuickLink Mobile.exe
O4 - GS\Desktop [Public]: Garmin Express.lnk . (.Garmin - Express.) -- C:\Program Files (x86)\Garmin\Express\Express.exe =>.Garmin Corporation
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: NETGEAR WNA3100 Genie.lnk . (...) -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
O4 - GS\Program [Public]: Axcess.lnk . (.Smith Micro Software, Inc. - QuickLink Mobile.) -- C:\Program Files (x86)\Alltel\QuickLink Mobile\QuickLink Mobile.exe
O4 - GS\Program [Public]: I.R.I.S. OCR Registration.lnk . (.I.R.I.S. Image Recognition Integarted Syste - Registration Wizard.) -- C:\Program Files (x86)\HP\Digital Imaging\DocProc\regipe.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [Frank]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Frank]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Frank]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Frank]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Frank]: Acct income.xlr - Shortcut.lnk . (...) -- C:\Users\Frank\Documents\Acct income.xlr
O4 - GS\Desktop [Frank]: Documents - Shortcut.lnk . (...) -- C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
O4 - GS\Desktop [Frank]: Emsisoft Emergency Kit.lnk . (.Emsisoft GmbH - USB Stick Starter.) -- C:\EEK\start.exe
O4 - GS\Desktop [Frank]: FreeCell - Shortcut.lnk - Orphan key
O4 - GS\Desktop [Frank]: Hearts - Shortcut.lnk - Orphan key
O4 - GS\Desktop [Frank]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Frank]: internet nos 1.xlr - Shortcut.lnk . (...) -- C:\Users\Frank\Documents\internet nos 1.xlr
O4 - GS\Desktop [Frank]: Kylan beach sit smile - Shortcut.lnk . (...) -- C:\Users\Frank\Documents\Kylan beach sit smile.pdf
O4 - GS\Desktop [Frank]: Monthly paymts - Shortcut.lnk . (...) -- C:\Users\Frank\Documents\Monthly paymts.xlr
O4 - GS\Desktop [Frank]: Office Expenses 14 - Shortcut.lnk . (...) -- C:\Users\Frank\Documents\Office Expenses 14.xlr
O4 - GS\Desktop [Frank]: Right your congressman - Shortcut.lnk . (...) -- C:\Users\Frank\Documents\My Scans\Right your congressman.pdf
O4 - GS\Desktop [Frank]: Solitaire - Shortcut.lnk - Orphan key
O4 - GS\Desktop [Frank]: Spider Solitaire - Shortcut.lnk - Orphan key
O4 - GS\QuickLaunch [Eric]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Eric]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Eric]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Eric]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Global Startup: 86 Legitimates Filtered in 01mn AMs

---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Startup [Public]: NETGEAR WNA3100 Genie.lnk . (...) -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [GarminExpressTrayApp] . (.Garmin Ltd or its subsidiaries - Express Tray.) -- C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
O4 - HKLM\..\Wow6432Node\Run: [Dell Webcam Central] . (.Creative Technology Ltd - WebcamDell2.exe.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
O4 - HKLM\..\Wow6432Node\Run: [RoxWatchTray] . (.Sonic Solutions - RoxMMTrayApp Module.) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe =>.Sonic Solutions
O4 - HKLM\..\Wow6432Node\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (.not file.) =>PUP.Mobogenie
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1622512647-1510218573-1771622225-1003\..\Run: [GarminExpressTrayApp] . (.Garmin Ltd or its subsidiaries - Express Tray.) -- C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
~ Application: Scanned in 00mn AMs

---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{279B3C87-EF53-4777-924C-9151BBEEA304}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{279B3C87-EF53-4777-924C-9151BBEEA304}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{279B3C87-EF53-4777-924C-9151BBEEA304}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn AMs

---\\ Extra protocols (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn AMs

---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn AMs

---\\ Task Planned Automatically (039)
[MD5.00000000000000000000000000000000] [APT] [{7669A1BA-DE72-4D59-BED4-D3649FFDD9EA}] (...) -- C:\Users\Frank\AppData\Local\Temp\Temp2_7659.zip\setup.exe (.not file.) [0]
[MD5.973567B98CDFC147DF4E60471D9DF072] [APT] [{CAD5B040-CC5C-470E-8C57-9899BA46695F}] (...) -- C:\Program Files (x86)\Alltel\QUICKL~1\UNWISE.exe [153088]
~ Scheduled Task: 17 Legitimates Filtered in 01mn AMs

---\\ Software installed (O42)
O42 - Logiciel: FLV Runner Toolbar - (.FLV Runner.) [HKLM][64Bits] -- FLV_Runner Toolbar
O42 - Logiciel: Yahoo! Toolbar - (...) [HKLM][64Bits] -- Yahoo! Companion
~ Logic: 30 Legitimates Filtered in 00mn AMs

---\\ HKCU & HKLM Software Keys
[HKCU\Software\31255InstEnd]
[HKCU\Software\NoAdware] =>Rogue.NoAdware
[HKLM\Software\DomaIQ] =>Adware.DomaIQ
[HKLM\Software\Wow6432Node\FLV_Runner]
~ Key Software: 225 Legitimates Filtered in 00mn AMs

---\\ Contents of the Common Files folders (O43)
O43 - CFD: 9/19/2012 - 3:47:28 PM - [8.632] ----D C:\Program Files (x86)\Alltel
O43 - CFD: 6/27/2012 - 12:49:20 PM - [4.795] ----D C:\Program Files (x86)\FLV_Runner
O43 - CFD: 3/9/2014 - 5:17:06 PM - [0] ----D C:\Users\Frank\AppData\Roaming\ShopAtHome =>Adware.SAHAgent
~ 7 Dossier CLSID vide (CLSID Empty Folder)
~ Program Folder: 140 Legitimates Filtered in 07mn AMs

---\\ Safe Boot Control (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)
~ CSB: 15 Legitimates Filtered in 00mn AMs

---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{321382ab-6a53-11e3-be14-00262d19b746}\AutoRun\command. (...) -- E:\VZW_Software_upgrade_assistant.exe (.not file.)
~ Keys: Scanned in 00mn AMs

---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn AMs

---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn AMs

---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 1/13/2014 - 12:50:22 PM ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 1/13/2014 - 12:50:22 PM ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 7/13/2009 - 7:47:48 PM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.84D3088475BD9BC56ED76D6E0F740A63] - 8/9/2007 - 3:10:54 AM ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [29696]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 6/10/2009 - 2:31:59 PM ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.2A50BE713FAF033420466C25979C028E] - 7/22/2011 - 10:33:48 AM ---A- . (.Windows (R) Win 7 DDK provider - SerComm NDIS User mode I/O Driver.) -- C:\Windows\System32\Drivers\SCMNdisP.sys [25056]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 7/13/2009 - 7:45:55 PM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 16 Legitimates Filtered in 04mn AMs

---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn AMs

---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn AMs

---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {00F1C180-1144-4DFA-BACE-7926F90F40B1} [DefaultScope] - ((www.google.com) Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {3865FF89-977B-4AB9-A9AD-4C18D4AD773F} - (FLV Runner Customized Web Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {9B5B0B04-E919-4D11-83D9-F8D37606F56A} - (Google) - http://www.google.com
~ Keys: Scanned in 00mn AMs

---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.07E5B5EEECCF0A1EDACDC2B0A08F8FFB] [SPRF][3/15/2014] (...) -- C:\Users\Frank\AppData\Roaming\wklnhst.dat [15902]
~ Files: 1 Legitimates Filtered in 00mn AMs

---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{4381C437-6375-497D-A0B3-773A6B07860E}C:\program files (x86)\huawei technologies\huawei umts data card\huawei 3g data card.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\huawei technologies\huawei umts data card\huawei 3g data card.exe (.not file.)
O87 - FAEL: "UDP Query User{36D82601-752B-46F5-A097-E67CA7695E32}C:\program files (x86)\huawei technologies\huawei umts data card\huawei 3g data card.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\huawei technologies\huawei umts data card\huawei 3g data card.exe (.not file.)
~ Firewall: 201 Legitimates Filtered in 00mn AMs

---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.7FBAF2951C467C5D31FA5DE671ABC7A4] [WIS][11/29/2010] (.¹«Ë¾Ãû³Æ - Roxio Easy Media Creator 8.) -- C:\Windows\Installer\7bb0.msi [22935552]
[MD5.7AE5FF598B22E4F65558BAF73107FA7E] [WIS][5/22/2009] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\813bdc.msi [459264]
~ WIS: 114 Legitimates Filtered in 11mn AMs

---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 3/14/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 6/26/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 6/26/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 1/13/2014 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 2/12/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 11/25/2010 1116656 | (RoxMediaDB12OEM) . (.Sonic Solutions.) - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
SS - | Auto 11/25/2010 219632 | (RoxWatch12) . (.Sonic Solutions.) - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
SS - | Demand 11/8/2010 74392 | (stllssvr) . (.MicroVision Development, Inc..) - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

SR - | Auto 12/18/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 3/9/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 3/27/2013 185688 | (Garmin Core Update Service) . (.Garmin Ltd or its subsidiaries.) - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
SR - | Demand 7/13/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 7/13/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 7/13/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 7/13/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 7/13/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 2/16/2012 1695040 | (SftService) . (.SoftThinks SAS.) - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe
SR - | Auto 7/13/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 7/10/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 12/7/2011 303360 | (WSWNA3100) . (...) - C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
SR - | Auto 7/13/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 12mn AMs

---\\ Scan Additionnel (O88)
Database Version : 13031 - (3/12/2014)
Clés trouvées (Keys found) : 14
Valeurs trouvées (Values found) : 5
Dossiers trouvés (Folders found) : 5
Fichiers trouvés (Files found) : 4

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3BBD3C14-4C16-4989-8366-95BC9179779D}] =>Toolbar.Conduit^
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Toolbar] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion] =>Toolbar.Yahoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07CEA379-7178-4758-9C80-969876E32395}] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07CEA379-7178-4758-9C80-969876E32395}] =>Toolbar.Ask
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3BBD3C14-4C16-4989-8366-95BC9179779D}] =>Toolbar.FLVRunner
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3BBD3C14-4C16-4989-8366-95BC9179779D}] =>Toolbar.FLVRunner
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3BBD3C14-4C16-4989-8366-95BC9179779D}] =>Toolbar.FLVRunner
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FLV_Runner Toolbar] =>Toolbar.FLVRunner
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
[HKLM\Software\Classes\Toolbar.CT3201318] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Toolbar.CT3201318] =>Toolbar.Conduit
[HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]:{3bbd3c14-4c16-4989-8366-95bc9179779d} =>Toolbar.Conduit^
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:mobilegeni daemon =>PUP.Mobogenie^
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{EF99BD32-C1FB-11D2-892F-0090271D4F88} =>Toolbar.Yahoo
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar]:{EF99BD32-C1FB-11D2-892F-0090271D4F88} =>Toolbar.Yahoo
C:\Users\Frank\AppData\Roaming\ShopAtHome =>Adware.SAHAgent^
C:\Program Files (x86)\FLV_Runner =>Toolbar.FLVRunner
C:\Users\Frank\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\Frank\AppData\LocalLow\PriceGong =>Adware.PriceGong
C:\Users\Frank\AppData\LocalLow\FLV_Runner =>Toolbar.FLVRunner
[HKCU\Software\NoAdware] =>Rogue.NoAdware^
[HKLM\Software\DomaIQ] =>Adware.DomaIQ^
C:\Users\Frank\AppData\Local\Temp\GoogleToolbarInstaller1.log =>PUP.Babylon
C:\Users\Frank\AppData\Local\Temp\GoogleToolbarInstaller2.log =>PUP.Babylon
~ Additionnel Scan: 391200 Items scanned in 50mn AMs

---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps... =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps... =>PUP.Mobogenie
~ http://nicolascoolman.webs.com/apps... =>Rogue.NoAdware
~ http://nicolascoolman.webs.com/apps... =>Adware.DomaIQ
~ http://nicolascoolman.webs.com/apps... =>Adware.SAHAgent
~ http://nicolascoolman.webs.com/apps... =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps... =>Adware.PriceGong
~ http://nicolascoolman.webs.com/apps... =>PUP.Babylon
~ MSI: 8 link(s) detected in 50mn AMs

~ 1054 Legitimates filtered by white list
End of the scan (450 lines in 57mn AMs)(0)

vandal67


Report •

#6
March 15, 2014 at 17:01:39
Ok, that shows me where to start.

Here are the first 2 steps, will take about 5 steps to get the comp clean.

Run in this order, even if you have run them before.

1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
How to download from Softpedia
http://i.imgur.com/BWELEfV.gif
http://i.imgur.com/4luY3rU.gif
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Please download AdwCleaner by Xplode onto your Desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
How to download from Softpedia
http://i.imgur.com/qO92huz.gif
http://i.imgur.com/qzTUYkX.gif
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool to your Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#7
March 16, 2014 at 16:58:17
Ok thanks,. I will be back at my friend's place in a few days.

vandal67


Report •


Ask Question