Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 23

Thread: Can't fix the Somoto.BetterInstaller with Spybot!

  1. #11
    Junior Member
    Join Date
    Feb 2015
    Posts
    15

    Default

    Okay so I tried to do the tfc and that happened (picture) something about a problem with windows!!! I don't know if it's because my cat was lying almost on my laptop or if it's something else but I feel like I should tell you :Simage.jpg amd now the same "pale files" are back on my desktop... :(

  2. #12
    Junior Member
    Join Date
    Feb 2015
    Posts
    15

    Default

    Quote Originally Posted by Jess37 View Post
    Okay so I tried to do the tfc and that happened (picture) something about a problem with windows!!! I don't know if it's because my cat was lying almost on my laptop or if it's something else but I feel like I should tell you :Simage.jpg amd now the same "pale files" are back on my desktop... :(
    And I did the FRST thing before, here's the log :

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
    Ran by Jessica at 2015-02-10 12:59:18 Run:4
    Running from C:\Users\Jessica\Desktop
    Loaded Profiles: Jessica (Available profiles: Jessica)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic
    HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\WhiteSmoke_New
    C:\Users\Jessica\Downloads\PDFCreatorInstaller (1)
    C:\Users\Jessica\Downloads\PDFCreatorInstaller.exe
    C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_New
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\WhiteSmoke_New
    C:\Users\Jessica\Downloads\iMeshSetup-r1157-n-bc.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
    C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
    C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
    C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
    C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
    C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
    C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
    C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
    C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
    C:\Users\Jessica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
    C:\Users\Jessica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
    C:\Users\Jessica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
    C:\Users\Jessica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
    C:\Users\Jessica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
    C:\Users\Jessica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
    End
    *****************

    HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic => Error: No automatic fix found for this entry.
    HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\WhiteSmoke_New => Error: No automatic fix found for this entry.
    "C:\Users\Jessica\Downloads\PDFCreatorInstaller (1)" => File/Directory not found.
    "C:\Users\Jessica\Downloads\PDFCreatorInstaller.exe" => File/Directory not found.
    C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_New => Moved successfully.
    "C:\Windows\System32\config\systemprofile\AppData\LocalLow\WhiteSmoke_New" => File/Directory not found.
    C:\Users\Jessica\Downloads\iMeshSetup-r1157-n-bc.exe => Moved successfully.
    C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim => Moved successfully.
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi => Moved successfully.
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim => Moved successfully.
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc => Moved successfully.
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi => Moved successfully.
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim => Moved successfully.
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc => Moved successfully.
    C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim => Moved successfully.
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi => Moved successfully.
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim => Moved successfully.
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc => Moved successfully.
    C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi => Moved successfully.
    C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim => Moved successfully.
    C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc => Moved successfully.
    C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim => Moved successfully.
    C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi => Moved successfully.
    C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim => Moved successfully.
    C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc => Moved successfully.
    C:\Users\Jessica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi => Moved successfully.
    C:\Users\Jessica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim => Moved successfully.
    C:\Users\Jessica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc => Moved successfully.
    C:\Users\Jessica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi => Moved successfully.
    C:\Users\Jessica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim => Moved successfully.
    C:\Users\Jessica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc => Moved successfully.

    ==== End of Fixlog 12:59:31 ====

  3. #13
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi Jess37,

    Do you continue to receive the Stop Error message?
    Have you installed any new hardware or did you have a usb flash drive plugged in at the time?

    As for the "pale images", go back to the previous step and re-hide the files and folders.

    Other than these issues, how is the computer running?
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  4. #14
    Junior Member
    Join Date
    Feb 2015
    Posts
    15

    Default

    I didn't install hardware, just the things you asked me. There's only my cordless Logitech mouse plugged in and I freaked out so I didn't try again... Now I did it again and it's working! Fiouuuuuuu!!!

  5. #15
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Great, do you have any outstanding issues?
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  6. #16
    Junior Member
    Join Date
    Feb 2015
    Posts
    15

    Default

    Quote Originally Posted by OCD View Post
    Great, do you have any outstanding issues?
    Don't think so

    Here's the FRST log :

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
    Ran by Jessica (administrator) on JESSICA-HP on 10-02-2015 14:04:16
    Running from C:\Users\Jessica\Desktop
    Loaded Profiles: Jessica (Available profiles: Jessica)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (HP) C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
    (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (HP) C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
    (SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (HP) C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    ( ) C:\Windows\System32\lxducoms.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
    (Druide informatique inc.) C:\Program Files (x86)\Druide\Antidote 8\Programmes32\AgentAntidote.exe
    (Druide informatique inc.) C:\Program Files (x86)\Druide\Antidote 8\Programmes64\AgentAntidote.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
    (Microsoft Corporation) C:\Windows\System32\StikyNot.exe
    (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
    HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [AgentAntidote32] => C:\Program Files (x86)\Druide\Antidote 8\Programmes32\AgentAntidote.exe [1214496 2014-04-17] (Druide informatique inc.)
    HKLM\...\Run: [AgentAntidote64] => C:\Program Files (x86)\Druide\Antidote 8\Programmes64\AgentAntidote.exe [1371680 2014-04-17] (Druide informatique inc.)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1702912 1999-12-31] (IDT, Inc.)
    HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [7032320 2014-09-02] (Broadcom Corporation)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-09-27] (Intel Corporation)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-07] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-04] (AVAST Software)
    HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
    HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2015-02-03] (Hewlett-Packard)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\Run: [Google Update] => C:\Users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-31] (Google Inc.)
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\RunOnce: [Uninstall C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64"
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\RunOnce: [Uninstall C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\RunOnce: [Uninstall C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\RunOnce: [Uninstall C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"
    Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-2557544163-3699447316-167012314-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Hosts: Hosts file not detected in the default directory
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\jgrffq6f.default
    FF DefaultSearchEngine: Yahoo! (Avast)
    FF DefaultSearchUrl: https://ca.search.yahoo.com/yhs/search
    FF SearchEngineOrder.1: Yahoo! (Avast)
    FF SelectedSearchEngine: Yahoo! (Avast)
    FF Homepage: https://www.google.ca/
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2557544163-3699447316-167012314-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Jessica\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
    FF Plugin HKU\S-1-5-21-2557544163-3699447316-167012314-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Jessica\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-2557544163-3699447316-167012314-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Jessica\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-2557544163-3699447316-167012314-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jessica\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF SearchPlugin: C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\jgrffq6f.default\searchplugins\yahoo-avast.xml
    FF Extension: Module d'Antidote - C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\jgrffq6f.default\Extensions\antidote7_win_firefox_103@druide.com [2014-06-13]
    FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2015-01-05]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-29]

    Chrome:
    =======
    CHR HomePage: Default -> https://www.google.ca/
    CHR StartupUrls: Default -> "https://www.google.ca/"
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Plugin: (Shockwave Flash) - C:\Users\Jessica\AppData\Local\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Shockwave Flash) - C:\Users\Jessica\AppData\Local\Google\Chrome\Application\40.0.2214.111\gcswf32.dll No File
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Users\Jessica\AppData\Local\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Users\Jessica\AppData\Local\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
    CHR Plugin: (Simple Pass 2012) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa\1.0_0\npwebsitelogon.dll No File
    CHR Plugin: (Norton Confidential) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\npcoplgn.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Windows Live\™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Google Update) - C:\Users\Jessica\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
    CHR Profile: C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (HP Product Detection Plugin) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp [2015-02-06]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-06]
    CHR Extension: (Adblock Plus) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-20]
    CHR Extension: (Grass) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiboiefncpfjihjdedpaoammipkilla [2015-02-06]
    CHR Extension: (Google Wallet) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
    CHR HKLM-x32\...\Chrome\Extension: [debkinhcgejcbfgjiaalomcmkedjmiaa] - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx [2011-08-25]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-04]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
    StartMenuInternet: Google Chrome.S637RQSX4AEF2GNVA2WS2VIQTE - C:\Users\Jessica\AppData\Local\Google\Chrome\Application\chrome.exe

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-04] (AVAST Software)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
    R2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)
    R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-02-10] (SurfRight B.V.)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-09-27] (Intel Corporation)
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
    R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2009-10-16] ( ) [File not signed]
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-08] (Electronic Arts)
    R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 1999-12-31] (IDT, Inc.) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5878272 2014-09-02] (Broadcom Corporation) [File not signed]
    S2 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-04] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-04] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-04] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-04] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-23] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-04] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-04] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-04] ()
    R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133672 2011-09-20] (Broadcom Corporation.)
    R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-09-20] (Broadcom Corporation.)
    R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-02-10] ()
    R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-09-27] (Intel Corporation)
    R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
    S1 aswKbd; \??\C:\Windows\system32\drivers\aswKbd.sys [X]
    S1 aswTdi; \??\C:\Windows\system32\drivers\aswTdi.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-10 14:01 - 2015-02-10 14:01 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
    2015-02-10 13:05 - 2015-02-10 13:05 - 00262144 _____ () C:\Windows\Minidump\021015-20732-01.dmp
    2015-02-10 13:00 - 2015-02-10 13:00 - 00448512 _____ (OldTimer Tools) C:\Users\Jessica\Desktop\TFC.exe
    2015-02-09 22:12 - 2015-02-09 22:12 - 00022379 _____ () C:\Users\Jessica\Desktop\ESET.txt
    2015-02-09 09:44 - 2015-02-09 09:44 - 00000000 ____D () C:\Program Files (x86)\ESET
    2015-02-09 08:52 - 2015-02-09 08:52 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-02-09 08:50 - 2015-02-09 08:51 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jessica\Desktop\mbam-setup-2.0.4.1028.exe
    2015-02-08 22:21 - 2015-02-08 22:21 - 00001010 _____ () C:\Users\Jessica\Desktop\JRT.txt
    2015-02-08 22:11 - 2015-02-08 22:12 - 01388274 _____ (Thisisu) C:\Users\Jessica\Desktop\JRT.exe
    2015-02-08 21:49 - 2015-02-08 21:54 - 00005960 _____ () C:\Users\Jessica\Desktop\SystemLook.txt
    2015-02-08 21:47 - 2015-02-08 21:47 - 00165376 _____ () C:\Users\Jessica\Desktop\SystemLook_x64.exe
    2015-02-08 21:34 - 2015-02-08 21:34 - 00000000 __SHD () C:\Users\Jessica\AppData\Local\EmieBrowserModeList
    2015-02-08 19:38 - 2015-02-08 19:38 - 02112512 _____ () C:\Users\Jessica\Desktop\AdwCleaner.exe
    2015-02-08 19:16 - 2015-02-08 19:16 - 00852594 _____ () C:\Users\Jessica\Desktop\SecurityCheck.exe
    2015-02-08 19:02 - 2015-02-08 19:02 - 00000000 ____D () C:\Users\Jessica\Desktop\CPAC2
    2015-02-08 14:15 - 2015-02-08 14:15 - 00002357 _____ () C:\Users\Jessica\Desktop\aswMBR.txt
    2015-02-08 14:15 - 2015-02-08 14:15 - 00000512 _____ () C:\Users\Jessica\Desktop\MBR.dat
    2015-02-08 13:34 - 2015-02-08 13:34 - 05198336 _____ (AVAST Software) C:\Users\Jessica\Desktop\aswMBR.exe
    2015-02-08 13:33 - 2015-02-08 13:33 - 00048611 _____ () C:\Users\Jessica\Desktop\Addition.txt
    2015-02-08 13:31 - 2015-02-10 14:04 - 00030059 _____ () C:\Users\Jessica\Desktop\FRST.txt
    2015-02-08 13:29 - 2015-02-10 14:04 - 00000000 ____D () C:\FRST
    2015-02-08 13:29 - 2015-02-08 13:29 - 02132992 _____ (Farbar) C:\Users\Jessica\Desktop\FRST64.exe
    2015-02-08 13:26 - 2015-02-08 13:26 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-JESSICA-HP-Windows-7-Home-Premium-(64-bit).dat
    2015-02-08 13:24 - 2015-02-08 13:24 - 00002235 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2015-02-08 13:24 - 2015-02-08 13:24 - 00000000 ____D () C:\RegBackup
    2015-02-08 13:24 - 2015-02-08 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2015-02-08 13:24 - 2015-02-08 13:24 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2015-02-08 13:23 - 2015-02-08 13:23 - 04803888 _____ () C:\Users\Jessica\Desktop\tweaking.com_registry_backup_setup.exe
    2015-02-02 16:57 - 2015-02-02 16:57 - 00001258 _____ () C:\Users\Jessica\Desktop\Spybot - Search & Destroy.lnk
    2015-02-02 16:57 - 2015-02-02 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    2015-02-02 16:56 - 2015-02-02 17:52 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2015-02-02 16:56 - 2015-02-02 16:57 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
    2015-01-21 15:20 - 2015-02-06 08:53 - 00000000 ____D () C:\Users\Jessica\Desktop\INFO1003
    2015-01-18 10:47 - 2015-02-08 13:21 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForJessica.job
    2015-01-18 10:47 - 2015-02-08 13:20 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJessica
    2015-01-15 21:09 - 2014-12-18 23:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-14 12:42 - 2014-12-18 21:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-14 12:42 - 2014-12-12 01:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-14 12:42 - 2014-12-12 01:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-01-14 12:42 - 2014-12-12 01:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-01-14 12:42 - 2014-12-12 01:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-01-14 12:42 - 2014-12-12 01:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-01-14 12:42 - 2014-12-12 01:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-01-14 12:42 - 2014-12-12 01:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-01-14 12:42 - 2014-12-11 13:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-14 12:42 - 2014-12-06 00:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-14 12:42 - 2014-12-05 23:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-01-14 12:42 - 2014-12-05 23:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-01-11 21:31 - 2015-01-11 22:02 - 00000000 ____D () C:\Foldit
    2015-01-11 21:31 - 2015-01-11 21:31 - 00001408 _____ () C:\Users\Public\Desktop\Foldit.lnk
    2015-01-11 21:31 - 2015-01-11 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foldit

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-10 14:02 - 2014-09-02 15:15 - 00006458 _____ () C:\Windows\SysWOW64\Gms.log
    2015-02-10 14:02 - 2012-10-03 15:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-02-10 14:02 - 2012-08-31 18:21 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000UA.job
    2015-02-10 13:59 - 2012-09-17 15:17 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-10 13:59 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-10 13:59 - 2009-07-14 00:51 - 00101641 _____ () C:\Windows\setupact.log
    2015-02-10 13:58 - 2012-01-14 11:31 - 01260562 _____ () C:\Windows\WindowsUpdate.log
    2015-02-10 13:52 - 2012-09-17 15:18 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-10 13:15 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-10 13:15 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-10 13:05 - 2014-12-08 19:59 - 708021736 _____ () C:\Windows\MEMORY.DMP
    2015-02-10 13:05 - 2014-12-08 19:59 - 00000000 ____D () C:\Windows\Minidump
    2015-02-10 12:51 - 2013-09-29 16:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2015-02-10 12:48 - 2010-11-20 23:47 - 00873936 _____ () C:\Windows\PFRO.log
    2015-02-09 21:44 - 2012-09-30 20:39 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000UA.job
    2015-02-09 21:44 - 2012-09-30 20:39 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000Core.job
    2015-02-09 17:43 - 2012-08-31 18:21 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000Core.job
    2015-02-09 17:30 - 2012-08-31 21:07 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F39F52ED-33BB-48EE-8D13-48634EE5AB17}
    2015-02-09 09:37 - 2014-10-02 20:33 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-02-09 09:33 - 2014-01-29 21:02 - 00000000 __SHD () C:\Windows\ftpcache
    2015-02-09 08:52 - 2014-10-02 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-02-09 08:52 - 2014-10-02 20:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-02-08 22:06 - 2013-11-29 11:04 - 00000000 ____D () C:\AdwCleaner
    2015-02-08 19:56 - 2013-09-29 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2015-02-08 19:47 - 2012-09-17 15:18 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-02-08 19:47 - 2012-09-17 15:17 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-02-08 19:31 - 2012-08-31 21:02 - 00000000 ____D () C:\Users\Jessica
    2015-02-08 19:05 - 2012-11-27 22:31 - 00000000 ___RD () C:\Users\Jessica\Desktop\autres docs
    2015-02-08 19:03 - 2012-09-09 09:55 - 00000000 ____D () C:\Users\Jessica\Desktop\UdeM
    2015-02-08 16:26 - 2014-06-03 20:05 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\uTorrent
    2015-02-08 14:38 - 2012-09-01 18:02 - 00000000 ____D () C:\Program Files (x86)\Origin
    2015-02-08 13:53 - 2013-01-21 12:49 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2015-02-08 13:53 - 2012-09-01 18:55 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2015-02-06 20:52 - 2012-08-31 18:47 - 00000000 ____D () C:\Windows\Corel
    2015-02-06 19:02 - 2012-10-03 15:09 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-02-06 19:02 - 2012-10-03 15:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-02-06 19:02 - 2011-10-31 19:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-02-06 18:01 - 2015-01-05 21:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-02-06 18:01 - 2014-05-20 18:47 - 00000000 ____D () C:\Program Files (x86)\Citrix
    2015-02-06 08:53 - 2009-07-14 01:13 - 00784366 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-06 08:49 - 2012-08-31 18:22 - 00002376 _____ () C:\Users\Jessica\Desktop\Google Chrome.lnk
    2015-02-06 08:45 - 2012-08-31 10:28 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\Skype
    2015-02-05 10:57 - 2012-08-31 18:21 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000UA
    2015-02-05 10:57 - 2012-08-31 18:21 - 00003494 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000Core
    2015-02-05 10:34 - 2011-10-31 20:12 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2015-02-05 10:34 - 2011-10-31 20:12 - 00000000 ____D () C:\ProgramData\Skype
    2015-01-28 16:03 - 2012-08-31 18:20 - 00000000 ____D () C:\Users\Jessica\AppData\Local\Deployment
    2015-01-28 15:53 - 2012-09-03 10:02 - 00075264 ___SH () C:\Users\Jessica\Documents\Thumbs.db
    2015-01-28 09:05 - 2012-09-02 19:04 - 00000000 ____D () C:\Users\Jessica\AppData\Local\CrashDumps
    2015-01-21 16:33 - 2012-09-01 18:07 - 00000000 ____D () C:\ProgramData\Origin
    2015-01-19 09:59 - 2015-01-04 11:10 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\HpUpdate
    2015-01-17 12:55 - 2013-09-18 07:25 - 00000000 ____D () C:\Users\Jessica\Downloads\Druide_Téléchargement
    2015-01-15 21:15 - 2013-08-15 01:01 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-15 20:56 - 2012-09-01 09:52 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-12 10:40 - 2009-07-14 00:45 - 00497848 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-01-11 21:27 - 2014-02-09 21:21 - 00000000 ____D () C:\Users\Jessica\AppData\Local\Origin
    2015-01-11 21:25 - 2012-08-31 21:32 - 00136880 _____ () C:\Users\Jessica\AppData\Local\GDIPFONTCACHEV1.DAT

    ==================== Files in the root of some directories =======

    2012-08-31 19:00 - 2012-08-31 19:00 - 0012358 _____ () C:\Users\Jessica\AppData\Roaming\PFP100JCM.{PB
    2012-08-31 19:00 - 2012-08-31 19:00 - 0061678 _____ () C:\Users\Jessica\AppData\Roaming\PFP100JPR.{PB
    2014-01-28 15:38 - 2014-01-28 15:38 - 0018408 _____ () C:\Users\Jessica\AppData\Roaming\UserTile.png
    2014-08-30 09:59 - 2014-10-02 04:11 - 0000069 _____ () C:\Users\Jessica\AppData\Roaming\WB.CFG
    2014-03-02 18:34 - 2014-03-02 18:34 - 0000218 _____ () C:\Users\Jessica\AppData\Local\recently-used.xbel
    2015-01-04 11:09 - 2015-01-04 11:09 - 0000057 _____ () C:\ProgramData\Ament.ini

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-02-04 00:21

    ==================== End Of Log ============================

  7. #17
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi Jess37,

    Your log appears to be clean.
    We have a few items to take care of before we get to the All Clean Speech.

    = = = = = = = = = = = = = = = = = = = =

    Uninstall via Programs and Features

    Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
    • Adobe Reader 10.1.8

    =========================

    Adobe Flash Player:

    Go to http://get.adobe.com/flashplayer/?no_ab=1
    • Remove the check mark from the box "Install Google Drive"
    • Click the Download button, and follow the onscreen directions to complete the installation.
    Please note, depending on your settings, you may have to temporarily disable your antivirus software for the Adobe Reader update.

    =========================

    Update Firefox

    • In the upper left corner of your browser window click the Help menu.
    • Wait for the Help menu to expand, then click on About Firefox
    • A small window will open similar to the one below.


    • Click on the Update button as shown in the image above.
    • Allow Mozilla Firefox to update, reboot if instructed to do so.

    =========================

    Update Chrome

    https://support.google.com/chrome/answer/95414?hl=en

    =========================

    Remove Disinfection Tools

    • Download Delfix
    • Tick the following boxes:
      • Remove disinfection tools
      • Create registry backup
      • Purge system restore




    • Click Run
    • Any other tools and files found can simply be deleted or uninstall via the Control Panel.

    = = = = = = = = = = = = = = = = = = = =


    With the above items taken care of let's move on to the All Clean part of the process.

    The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Implement what you need.

    This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.

    Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

    Here are some tips to reduce the potential for spyware infection in the future:

    Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate windows and frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.

    Make your Mozilla Firefox more secure - This can be done by adding these add-ons:

    Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

    Free Anti-Virus

    Free Firewall
    Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here.

    = = = = = = = = = = = = = = = = = = = =

    Be prepared for CryptoLocker:

    Cryptolocker Ransomware: What You Need To Know
    CryptoLocker Ransomware Information Guide and FAQ

    to help protect your computer in the future I recommend that you get the following free program:

    CryptoPrevent install this program to lock down and prevent crypto-ransomeware



    = = = = = = = = = = = = = = = = = = = =

    COMPUTER SECURITY - a short guide to staying safer online

    = = = = = = = = = = = = = = = = = = = =

    WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.
    • Green should be good to go
    • Yellow for caution
    • Red to stop

    = = = = = = = = = = = = = = = = = = = =

    P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

    Please read these short reports on the dangers of peer-2-peer programs and file sharing.


    = = = = = = = = = = = = = = = = = = = =

    Make sure you keep your Windows OS current.
    • Windows XP:
      Microsoft will no longer offer support for Windows XP beginning on April 8, 2014
      If you are running Windows XP, please take the time to read the information provided at these links.
    • Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.
    • Window 8 Open Windows Update by swiping in from the right edge of the screen (or, if you're using a mouse, pointing to the lower-right corner of the screen and moving the mouse pointer up), tapping or clicking Settings, tapping or clicking Change PC settings, and then tapping or clicking Update and recovery.

    Without these you are leaving the back door open.

    = = = = = = = = = = = = = = = = = = = =

    Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
    Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

    = = = = = = = = = = = = = = = = = = = =

    Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

    Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  8. #18
    Junior Member
    Join Date
    Feb 2015
    Posts
    15

    Default

    I didn't see an option for the Google drive dowload, but one for mcaffee or something like that... I unchecked the box

    After delfix, there was tweaking and malware bytes left, I uninstalled them from the control panel as it was said.

    then Google said it was already up to date, Firefox it needed an update and Explorer too

    I love Adblock, I have it in Google Chrome already.

    Should I download all 4 of the free antivirus ??????? Avira says Spybot is incompatible so I'm gonna stay with Avast.... And what should I do with HitmanPro?uninstall it? (honestly, I have no clue why it's on my laptop, probably my dad...)

    I chose Online Armor Free for the firewall, but same question as antivirus, should i get 1 or the 3??? I chose the freeware option intead of the 30 days trial. And the tutorial is really nice thanks

    I installed CryptoPrevent and WOT (only in chrome and explorer because it didn't want to install in firefox, connection problem it says)

    What is the use of MVPS HOSTS? I have adblock plus that blocks these things, right?

    thank you

  9. #19
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi Jess37,

    I didn't see an option for the Google drive dowload, but one for mcaffee or something like that... I unchecked the box
    When installing software you always want to be on the look-out for 3rd party add-ons. If the option is available during an install to choose "custom install", choose that option. This way if there is 3rd party "stuff" included you should be able to opt-out of having that installed alongside the program you intended to install.


    After delfix, there was tweaking and malware bytes left, I uninstalled them from the control panel as it was said.
    That is fine. But just for general knowledge Malwarebytes' is a good program to have on your computer and run periodic scans to stay clean. I would re-install it.

    then Google said it was already up to date, Firefox it needed an update and Explorer too


    I love Adblock, I have it in Google Chrome already.


    Should I download all 4 of the free antivirus ??????? Avira says Spybot is incompatible so I'm gonna stay with Avast.... And what should I do with HitmanPro?uninstall it? (honestly, I have no clue why it's on my laptop, probably my dad...)
    You should only have one (1) Anti-Virus and one (1) Firewall installed and running at any one time. Having multiples of these type of programs will actually make you system more vulnerable to infection because they work against each other.

    As for HitmanPro, unless it's a paid version I would uninstall it.

    I chose Online Armor Free for the firewall, but same question as antivirus, should i get 1 or the 3??? I chose the freeware option intead of the 30 days trial. And the tutorial is really nice thanks
    See my answer above. One (1) AV and one (1) Firewall. It's your choice which ones you select.

    I installed CryptoPrevent and WOT (only in chrome and explorer because it didn't want to install in firefox, connection problem it says)
    I would retry Firefox, it should install I have it on my machine using FF.

    What is the use of MVPS HOSTS? I have adblock plus that blocks these things, right?
    No it does not. Here is a brief explanation as to what a Hosts file is and how it works.

    Visit this link to see what a Hosts file looks like: http://www.bleepingcomputer.com/misc/hosts
    (an actual Hosts file is much larger, this is just a sample)

    Take this Hosts file entry:

    O1 - Hosts: 127.0.0.1 100sexlinks.com

    The loop-back address to your computer is 127.0.0.1, if you tried to visit the 100sexlinks.com website your Hosts file would loop the search back to your own machine to try and resolve the search.

    But if the IP was for the real 100sexlinks.com website, and I don't know what that is but let's just say 66.102.0.0 (not real, but Google's IP) then your computer would resolve the search and direct you to that website.

    01 - Hosts: 66.102.0.0 100sexlinks.com - this entry would direct you to the sexlinks website if the IP was legitimate (really Google)

    01 - Hosts: 127.0.0.1 google.com - this entry would block Google

    I hope that explains it a little better.
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  10. #20
    Junior Member
    Join Date
    Feb 2015
    Posts
    15

    Default

    Okay that's good to know! Gonna check that

    I installed Malwarebytes again And uninstalled hitmanpro which is a free software

    Firefox still doesn't want to install it...Untitled.jpg and do you know how to hide that bar at the bottom??? It's kinda going on my nerves (but anyway I don't use firefox that much)

    I don't really understand what it does but I understand that it protects my computer against bad websites. But I don't find where to download it (I clicked on the name and it sent me to a non friendly user interface XD too much text, can't find anything... can you help me for that? I'm not that good haha!)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •