System Check removal

Solved
By Andrew1234
Jan 27, 2012
  1. Broni

    Broni Malware Annihilator Posts: 46,141   +251

    Post new OTL 'Quick scan" log.
  2. Andrew1234

    Andrew1234 TechSpot Enthusiast Topic Starter Posts: 113

    OTL.txt

    OTL logfile created on: 2/3/2012 10:53:50 PM - Run 4
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mary\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.97 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 67.66% Memory free
    8.10 Gb Paging File | 6.76 Gb Available in Paging File | 83.38% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 583.17 Gb Total Space | 407.24 Gb Free Space | 69.83% Space Free | Partition Type: NTFS
    Drive D: | 2.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: MARY-PC | User Name: Mary | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/01/28 16:18:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe
    PRC - [2011/12/23 05:57:30 | 003,334,432 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Mary\AppData\Local\Akamai\netsession_win.exe
    PRC - [2010/12/15 12:31:20 | 000,460,144 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
    PRC - [2010/12/15 12:22:42 | 001,085,440 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
    PRC - [2009/02/26 15:11:34 | 000,045,056 | ---- | M] (IOI) -- C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
    PRC - [2008/09/12 16:01:28 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/09/12 16:01:24 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2008/07/18 21:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
    PRC - [2008/05/30 12:50:28 | 000,581,120 | ---- | M] () -- C:\Windows\mHotkey.exe
    PRC - [2008/04/23 19:05:16 | 000,339,968 | ---- | M] (Creative) -- C:\Windows\CNYHKey.exe
    PRC - [2008/02/01 13:04:50 | 000,057,344 | ---- | M] (Chicony) -- C:\Windows\ChiFuncExt.exe
    PRC - [2007/01/08 16:51:56 | 000,053,248 | ---- | M] (Chicony) -- C:\Windows\ModLEDKey.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/10/12 05:42:50 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
    MOD - [2011/10/12 05:36:51 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
    MOD - [2011/10/12 05:36:39 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
    MOD - [2011/10/12 05:36:32 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
    MOD - [2011/10/12 05:35:46 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
    MOD - [2011/10/12 05:35:37 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
    MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2009/02/26 15:11:32 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Gateway Photo Frame\IOIUSBLib.dll
    MOD - [2009/02/26 15:11:32 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Gateway Photo Frame\IOIHIDLib.dll
    MOD - [2008/08/27 18:32:36 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMediaLibrary.dll
    MOD - [2008/06/09 11:55:08 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvcPS.dll
    MOD - [2008/05/30 12:50:28 | 000,581,120 | ---- | M] () -- C:\Windows\mHotkey.exe


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2008/08/26 01:02:20 | 000,016,896 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
    SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2010/12/15 12:31:20 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
    SRV - [2010/12/15 12:22:42 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/09/12 16:01:28 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2008/05/05 17:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/02/18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008/11/20 20:53:32 | 000,306,304 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress) Intel(R)
    DRV:64bit: - [2008/10/29 02:55:52 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2008/09/21 16:49:58 | 000,126,464 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
    DRV:64bit: - [2008/09/12 15:48:26 | 000,406,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1006&m=sx2800
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1006&m=sx2800
    IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ????????;127.0.0.1:9421;

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
    FF - prefs.js..browser.search.defaultthis.engineName: " "
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
    FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2786678&SearchSource=13"
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1416
    FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems:
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
    FF - prefs.js..extensions.enabledItems:


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/27 20:00:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/27 20:00:47 | 000,000,000 | ---D | M]

    [2009/11/27 00:38:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary\AppData\Roaming\Mozilla\Extensions
    [2012/02/01 19:59:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\extensions
    [2009/11/27 00:41:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/12/19 09:10:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2011/03/30 06:11:46 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    [2011/03/30 06:11:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\extensions\engine@conduit.com
    [2011/03/30 06:11:46 | 000,000,863 | ---- | M] () -- C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\searchplugins\conduit.xml
    [2012/01/31 00:02:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/12/19 09:07:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/07/03 19:18:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2012/01/31 00:02:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
    File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
    File not found (No name found) -- C:\PROGRAMDATA\AVG SECURE SEARCH\10.0.0.7
    [2010/05/30 14:20:11 | 000,442,368 | ---- | M] (Invenda Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol308.dll
    [2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2012/01/27 22:40:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (IOI)
    O4 - HKLM..\Run: [LchDrvKey] C:\Windows\LchDrvKey.exe ()
    O4 - HKLM..\Run: [LedKey] C:\Windows\CNYHKey.exe (Creative)
    O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Mary\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
    O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69C8657C-8380-49AC-9968-AEACC2850F5D}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\cdo - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/09/22 08:35:35 | 000,091,464 | R--- | M] () - D:\autorun.exe -- [ CDFS ]
    O32 - AutoRun File - [2010/08/25 01:14:07 | 000,000,051 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/03 00:38:08 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/02/03 00:37:51 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
    [2012/02/03 00:32:26 | 004,395,020 | R--- | C] (Swearware) -- C:\Users\Mary\Desktop\ComboFix.exe
    [2012/02/03 00:20:12 | 002,059,312 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mary\Desktop\tdsskiller.exe
    [2012/02/02 00:07:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2012/02/01 22:20:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
    [2012/01/31 23:36:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2012/01/31 00:23:00 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Mary\Desktop\TFC.exe
    [2012/01/31 00:05:34 | 000,000,000 | ---D | C] -- C:\Users\Mary\Desktop\JavaRa
    [2012/01/29 16:13:56 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/01/28 16:18:07 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe
    [2012/01/28 16:17:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe.lr6tyx5.partial
    [2012/01/28 15:31:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/01/27 22:46:30 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/01/27 19:07:37 | 009,200,064 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Mary\Desktop\AppRemover.exe
    [2012/01/27 17:06:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/01/27 17:06:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/01/27 17:06:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/01/27 17:06:15 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/01/27 17:03:39 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/01/27 15:45:12 | 000,000,000 | ---D | C] -- C:\Users\Mary\Desktop\bootkit_remover
    [2012/01/27 15:11:28 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Mary\Desktop\aswMBR.exe
    [2012/01/26 15:57:56 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Mary\Desktop\dds.scr
    [2012/01/25 20:07:14 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Malwarebytes
    [2012/01/25 20:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/01/25 20:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/01/25 20:06:50 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/01/25 20:06:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/01/25 19:39:54 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [1 C:\Users\Mary\AppData\Local\*.tmp files -> C:\Users\Mary\AppData\Local\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/02/03 22:55:00 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/02/03 22:55:00 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/02/03 22:55:00 | 000,104,202 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/02/03 22:47:50 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/02/03 22:47:43 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/02/03 22:47:43 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/02/03 22:47:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/02/03 22:44:07 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/02/03 00:32:26 | 004,395,020 | R--- | M] (Swearware) -- C:\Users\Mary\Desktop\ComboFix.exe
    [2012/02/03 00:20:12 | 002,059,312 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mary\Desktop\tdsskiller.exe
    [2012/02/02 00:23:53 | 000,800,211 | ---- | M] () -- C:\Users\Mary\Desktop\ListParts64.exe
    [2012/02/02 00:23:27 | 000,303,059 | ---- | M] () -- C:\Users\Mary\Desktop\ListParts.exe
    [2012/02/02 00:07:36 | 431,684,341 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/02/01 23:12:07 | 000,000,680 | ---- | M] () -- C:\Users\Mary\AppData\Local\d3d9caps.dat
    [2012/01/31 00:23:00 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Desktop\TFC.exe
    [2012/01/31 00:18:15 | 000,334,429 | ---- | M] () -- C:\Users\Mary\Desktop\FSS.exe
    [2012/01/31 00:12:51 | 000,869,194 | ---- | M] () -- C:\Users\Mary\Desktop\SecurityCheck.exe
    [2012/01/31 00:04:50 | 000,160,350 | ---- | M] () -- C:\Users\Mary\Desktop\JavaRa.zip
    [2012/01/29 21:21:15 | 000,000,000 | ---- | M] () -- C:\Users\Mary\AppData\Local\prvlcl.dat
    [2012/01/28 19:33:05 | 000,684,297 | ---- | M] () -- C:\Users\Mary\Desktop\unhide.exe
    [2012/01/28 19:32:51 | 000,684,297 | ---- | M] () -- C:\Users\Mary\Desktop\unhide.exe.eaajcmq.partial
    [2012/01/28 16:18:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe
    [2012/01/28 16:17:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe.lr6tyx5.partial
    [2012/01/27 22:40:52 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/01/27 19:07:37 | 009,200,064 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Mary\Desktop\AppRemover.exe
    [2012/01/27 15:44:06 | 000,044,607 | ---- | M] () -- C:\Users\Mary\Desktop\bootkit_remover.zip
    [2012/01/27 15:41:46 | 000,000,512 | ---- | M] () -- C:\Users\Mary\Desktop\MBR.dat
    [2012/01/27 15:11:34 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Mary\Desktop\aswMBR.exe
    [2012/01/26 15:57:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Mary\Desktop\dds.scr
    [2012/01/25 20:09:01 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/22 20:44:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    [2012/01/18 13:00:18 | 000,024,064 | ---- | M] () -- C:\Users\Mary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/01/17 16:53:22 | 000,000,104 | ---- | M] () -- C:\Users\Mary\Desktop\Internet - Shortcut.lnk
    [1 C:\Users\Mary\AppData\Local\*.tmp files -> C:\Users\Mary\AppData\Local\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/02/03 19:15:01 | 000,001,908 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
    [2012/02/02 00:23:53 | 000,800,211 | ---- | C] () -- C:\Users\Mary\Desktop\ListParts64.exe
    [2012/02/02 00:23:27 | 000,303,059 | ---- | C] () -- C:\Users\Mary\Desktop\ListParts.exe
    [2012/02/02 00:07:36 | 431,684,341 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/02/01 23:11:49 | 000,000,680 | ---- | C] () -- C:\Users\Mary\AppData\Local\d3d9caps.dat
    [2012/01/31 00:18:15 | 000,334,429 | ---- | C] () -- C:\Users\Mary\Desktop\FSS.exe
    [2012/01/31 00:12:51 | 000,869,194 | ---- | C] () -- C:\Users\Mary\Desktop\SecurityCheck.exe
    [2012/01/31 00:04:49 | 000,160,350 | ---- | C] () -- C:\Users\Mary\Desktop\JavaRa.zip
    [2012/01/28 19:33:05 | 000,684,297 | ---- | C] () -- C:\Users\Mary\Desktop\unhide.exe
    [2012/01/28 19:32:51 | 000,684,297 | ---- | C] () -- C:\Users\Mary\Desktop\unhide.exe.eaajcmq.partial
    [2012/01/27 17:06:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/01/27 17:06:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/01/27 17:06:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/01/27 17:06:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/01/27 17:06:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/01/27 15:44:06 | 000,044,607 | ---- | C] () -- C:\Users\Mary\Desktop\bootkit_remover.zip
    [2012/01/27 15:41:46 | 000,000,512 | ---- | C] () -- C:\Users\Mary\Desktop\MBR.dat
    [2012/01/25 20:09:01 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/22 20:44:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    [2012/01/17 16:53:22 | 000,000,104 | ---- | C] () -- C:\Users\Mary\Desktop\Internet - Shortcut.lnk
    [2011/05/07 09:17:44 | 000,000,000 | ---- | C] () -- C:\Users\Mary\AppData\Local\prvlcl.dat
    [2011/03/27 20:22:25 | 000,000,556 | ---- | C] () -- C:\Users\Mary\AppData\Roaming\wklnhst.dat
    [2010/12/26 14:21:30 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2010/12/26 14:21:30 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
    [2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
    [2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
    [2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
    [2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
    [2010/03/06 10:09:46 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2009/12/03 10:33:16 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2009/12/03 10:32:57 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
    [2009/12/03 10:32:39 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/11/27 00:38:17 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2009/10/05 08:01:35 | 000,024,064 | ---- | C] () -- C:\Users\Mary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/09/05 22:16:08 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
    [2009/04/02 03:22:25 | 000,581,120 | ---- | C] () -- C:\Windows\mHotkey.exe
    [2009/04/02 03:22:25 | 000,294,912 | ---- | C] () -- C:\Windows\PIC.dll
    [2009/04/02 03:22:25 | 000,036,864 | ---- | C] () -- C:\Windows\LchDrvKey.exe
    [2009/04/02 03:22:25 | 000,000,870 | ---- | C] () -- C:\Windows\mhotkey_reg.ini
    [2009/04/02 02:26:19 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
    [2009/04/02 02:02:11 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
    [2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
    [2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

    ========== LOP Check ==========

    [2010/04/27 22:03:38 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Amazon
    [2010/03/06 10:18:39 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Canon
    [2010/03/12 17:43:05 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/10/23 13:44:39 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Flip Video
    [2011/03/27 20:22:26 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Template
    [2012/01/07 16:54:23 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\uTorrent
    [2009/09/05 21:48:36 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\WildTangent
    [2012/02/03 22:45:57 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >
  3. Broni

    Broni Malware Annihilator Posts: 46,141   +251

    Please click HERE to download Kaspersky Virus Removal Tool.

    • Double click on the file you just downloaded and let it install.
    • It will install to your desktop (be patient; it may take a while).
    • Accept license agreement and click "Start" button.
    • Click on Settings button [​IMG]
      • In Scan scope leave pre-checked items as they're and also checkmark My Computer
      • In Actions checkmark Select action: (disinfect; delete if disinfection fails) instead of preselected Prompt on detection
    • Click on Automatic Scan tab and then click on Start scanning button.
    • Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
    • When the scan is done NO log will be produced.
    • Click on Report button [​IMG] then on Automatic Scan report tab.
    • Right click anywhere within right pane, click Select All then right click again and click Copy.
    • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
    • You can save this on the desktop.
    • Post the contents of the document in your next reply.
  4. Andrew1234

    Andrew1234 TechSpot Enthusiast Topic Starter Posts: 113

    Kaspersky as running for 19 hours and says it has 1 day left. I don't have a problem with waiting that long but I was wondering if this is normal and ok for it to run this long?
  5. Broni

    Broni Malware Annihilator Posts: 46,141   +251

    Kaspersky takes time.
    Keep it going.
  6. Andrew1234

    Andrew1234 TechSpot Enthusiast Topic Starter Posts: 113

    Has about three hours left
  7. Broni

    Broni Malware Annihilator Posts: 46,141   +251

    OK...........
  8. Andrew1234

    Andrew1234 TechSpot Enthusiast Topic Starter Posts: 113

    Kaspersky momentarily froze once I attempted to copy the automatic scan report and then closed out. I reopened the program and it no longer had any record of the detected threats or the scan, and closed out again.
  9. Broni

    Broni Malware Annihilator Posts: 46,141   +251

    What are the current issues?
  10. Andrew1234

    Andrew1234 TechSpot Enthusiast Topic Starter Posts: 113

    Other then windows icons on the desktop items nothing much. Although Kaspersky said there was nine infections and malicious files but didn't get to see what they were. Only other thing I can think of is when the computer is starting up, it makes a little noise repeatedly until it reaches the log in screen which started a day or two before I started the kaspersky scan.
  11. Broni

    Broni Malware Annihilator Posts: 46,141   +251

    At this point I'm totally out of ideas why those icons happen.
    I don't see anything malicious there.
     
  12. Andrew1234

    Andrew1234 TechSpot Enthusiast Topic Starter Posts: 113

    Ok. What should I think about the infections kaspersky found?
  13. Broni

    Broni Malware Annihilator Posts: 46,141   +251

    I don't know what it was but whatever it was Kaspersky should have cured it.
  14. Andrew1234

    Andrew1234 TechSpot Enthusiast Topic Starter Posts: 113

    As I was trying to copy the report it said that I should neutralize all threats but obviously never got past copying the report so I never was able to click "neutralize".
  15. Broni

    Broni Malware Annihilator Posts: 46,141   +251

    I'm not sure what to tell you...
  16. Andrew1234

    Andrew1234 TechSpot Enthusiast Topic Starter Posts: 113

    Ok. I very much appreciate your help. Thank you, Broni
  17. Broni

    Broni Malware Annihilator Posts: 46,141   +251

    You're welcome....
  18. Andrew1234

    Andrew1234 TechSpot Enthusiast Topic Starter Posts: 113

    Forgot about this post. I only did step 1 should I complete the list?
     
  19. Broni

    Broni Malware Annihilator Posts: 46,141   +251

    Yes, go ahead....
  20. Andrew1234

    Andrew1234 TechSpot Enthusiast Topic Starter Posts: 113

    Broni, I went on to the Kaspersky forums and found out that you have to manually neutralize the detections. So I'm running it again using the instructions you gave me for the first one. Just to be sure, I'm suppose to do this with AVG uninstalled correct? This is actually my second attempt at re-scanning, my computer froze in sleep mode which is something it does very seldom. The first caught a Trojan so I neutralized it.
  21. Broni

    Broni Malware Annihilator Posts: 46,141   +251

    That will speed up the scan.
  22. Andrew1234

    Andrew1234 TechSpot Enthusiast Topic Starter Posts: 113

    It found HEUR:Trojan.Script.Generic
  23. Broni

    Broni Malware Annihilator Posts: 46,141   +251

    I can only comment when I see the log.
  24. Andrew1234

    Andrew1234 TechSpot Enthusiast Topic Starter Posts: 113

    Kaspersky is running extremely slow compared to the other scans. Estimated finish is in 21 days. Any suggestions?
  25. Broni

    Broni Malware Annihilator Posts: 46,141   +251

    Download Dr.Web CureIt to the desktop:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
    • Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
    • This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
    • Once the short scan has finished, select Complete scan.
    • Click the green arrow [​IMG] at the right, and the scan will start.
    • Click Yes to all if it asks if you want to cure/move the file.
    • When the scan has finished, in the menu, click File and choose Save report list
    • Save the report to your desktop. The report will be called DrWeb.csv
    • Close Dr.Web Cureit.
    • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
    • Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

    NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.