Quantcast
Channel: Tech Support Guy - Virus & Other Malware Removal
Viewing all 4746 articles
Browse latest View live

loading pages problem

October 27, 2014, 1:34 pm
$
0
0
Hi

Looks like your thread was overlooked, as these forums can be very busy :(

Are you still having this problem? If so, can you run the following for me, and we'll go from there :)

---------

Download Security Check from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------

Download OTL to your Desktop


(Vista or Win 7 => right click and Run As Administrator)
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Standard Output.
  • At the top, check the box entitled Scan All Users
  • Toward the bottom, check:
    All Users
    LOP Check
    Purity Check
  • Under the Standard Registry box change it to All
    Do not change any settings unless otherwise told to do so.
  • Please copy the text in the code box below and paste it in the Custom Scans/Fixes box in OTL:

    Code:
    DRIVES
    netsvcs
    activex
    msconfig
    drivers32
    %systemroot%\assembly\GAC_32\*.ini
    %systemroot%\assembly\GAC_64\*.ini
    %ALLUSERSPROFILE%\Application Data\*.exe
    %APPDATA%\*.
    safebootminimal
    safebootnetwork
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.exe
    %LOCALAPPDATA%\*.exe
    %windir%\Installer\*.*
    %windir%\system32\tasks\*.*
    %windir%\system32\tasks\*.* /64
    %systemroot%\Fonts\*.exe
    %systemroot%\*. /mp /s
    /md5start
    pnrpnsp.dll
    nwprovau.dll
    nlaapi.dll
    napinsp.dll
    mswsock.dll
    winrnr.dll
    wshelper.dll
    consrv.dll
    explorer.exe
    winlogon.exe
    regedit.exe
    Userinit.exe
    svchost.exe
    services.exe
    user32.dll
    atapi.sys
    csrss.exe
    PRINTISOLATIONHOST.EXE
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    %systemroot%\system32\drivers\*.sys /lockedfiles
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\* \s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT
  • Click the Run Scan button. The scan wont take long.
    A black box will appear, this is part of the custom scan, so don't be alarmed ;)
    IF OTL SAYS 'NOT RESPONDING' DON'T USE THE MOUSE. IT WILL CARRY ON SCANNING AFTER A FEW MINUTES

  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic


Thanks

eddie
Search

Hijacked IE11 / system crashes

October 27, 2014, 3:14 pm
$
0
0
Hello anduin,

Please download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

Very Sluggish Computer - Possible Virus? Or need to upgrade parts? [hijackthis log]

October 27, 2014, 4:35 pm
$
0
0
Hi,
Last time I posted it was due to some BSODs - The hard drive in my 6mo laptop was failing, and thanks to you lot I got it diagnosed and sent off to Asus for repair. I've had the repaired laptop around 6 months and it was a fresh install - but it's recently been somewhat sluggish. I'd like to think I'm reasonably savvy but everything just seems to take a little too long than what I'd expect for a reasonably fresh laptop. AVAST has always been running and up to date and hasn't reported anything.

Can any of you take a quick look over this HJT log and let me know if there's something wrong, or whether i'm simply expecting too much of the laptop and need to invest in some more ram. It seems to always be running at ~80% ram and opening apps can take really quite a long time sometimes. I thought 4gb of ram was quite good!

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 4
RAM: 3981 Mb
Graphics Card: Intel(R) HD Graphics 4000, -2041 Mb
Hard Drives: C: Total - 454969 MB, Free - 94827 MB; D: Total - 953634 MB, Free - 372234 MB;
Motherboard: ASUSTeK COMPUTER INC., S400CA
Antivirus: avast! Antivirus, Updated and Enabled



HJT Log


Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 23:25:06, on 27/10/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Asus\AppData\Roaming\Dashlane\Dashlane.exe
C:\Users\Asus\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Users\Asus\AppData\Roaming\Dashlane\DashlanePlugin.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Asus\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Dashlane BHO - {42D79B50-CC4A-4A8E-860F-BE674AF053A2} - C:\Users\Asus\AppData\Roaming\Dashlane\ie\Dashlanei.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Asus\AppData\Roaming\Dashlane\ie\KWIEBar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe" /platui
O4 - HKLM\..\Run: [ATLauncher] "C:\Program Files\McAfee\MSC\OOBE\ATLauncher.exe" /createshortcuts:1
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Dashlane] "C:\Users\Asus\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
O4 - HKCU\..\Run: [f.lux] "C:\Users\Asus\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_FCA810C0E252261B949A7B9F364CE16A] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIYE.EXE /EPT "EPLTarget\P0000000000000001" /M "WF-2010 Series"
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
O4 - Startup: Dropbox.lnk = C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: EmEditor.lnk = C:\Program Files\EmEditor\emedtray.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBD19AE9-B428-432D-96E1-9B779C763669}: NameServer = 8.8.8.8
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files\ASUS\P4G\InsOnSrv.exe
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @oem2.inf,%WIN32_DPTF_PARTICIPANT_PROC_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Processor Participant Service Application (DptfParticipantProcessorService) - Unknown owner - C:\WINDOWS\system32\DptfParticipantProcessorService.exe (file missing)
O23 - Service: @oem2.inf,%WIN32_DPTF_POLICY_CONFIGTDP_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Config TDP Service Application (DptfPolicyConfigTDPService) - Unknown owner - C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe (file missing)
O23 - Service: @oem2.inf,%WIN32_DPTF_POLICY_LPM_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Low Power Mode Service Application (DptfPolicyLpmService) - Unknown owner - C:\WINDOWS\system32\DptfPolicyLpmService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee OOBE Service2 (McOobeSv2) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: OpenVPN Service (OpenVPNService) - The OpenVPN Project - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: postgresql-8.4 - PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - c:\postgreSQL\bin\pg_ctl.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @oem3.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\WINDOWS\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 15132 bytes









Thanks a lot!

Malwarebytes?

October 27, 2014, 5:05 pm
$
0
0
I just installed and ran this free anti malware program. It detected 90 problems that Adwcleaner didn't see.

Why did I run this program? I was tricked into letting "clickforsupport" remotely scan my computer to locate my forgotten wifi password. Clickforsupport is a scam, and wanted to charge me for locating my wifi password when in reality, the password was located on a label on the bottom of my modem.

Any opinions on this anti malware program?

viRUS AND MALWARE REMOVAL

October 27, 2014, 10:14 pm
$
0
0
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Starter, Service Pack 1, 32 bit
Processor: Intel(R) Atom(TM) CPU N455 @ 1.66GHz, x64 Family 6 Model 28 Stepping 10
Processor Count: 2
RAM: 1013 Mb
Graphics Card: Intel(R) Graphics Media Accelerator 3150, 3 Mb
Hard Drives: C: Total - 229003 MB, Free - 194868 MB;
Motherboard: TOSHIBA, PAV10 DDR2
Antivirus: AVG AntiVirus Free Edition 2015, Updated and Enabled

I WAS ON FB and had a post shared by a friend ..it was from horrificvideo.com/byby..tried to view it and it said i needed to logon to fb from their link..red flag..but i am not computer savvy..i didi that ..but before video started i saw that it was child sexual content and immediately tried to delete it..the little arrow for deletion would not even give me the option to delete..it came up save this video..so i went to help(i was on my android phone( and help said to log on from a computer to delete it..which i did. uh oh..still would not delete..page stopped responding..faded..came back..i did a force stop because i could not close the window..took several tries to get it deleted..BUT too late i realized that my free AVG had not even run the scan, which i always wait for....now computer is just not acting right..very slow to respond to commands, but i have been having trouble for a few weeks on this anyway..i had installed antimalwarebyte free version not sure that is the right name..but it seemed to give me trouble too so I had uninstalled it and tried to uninstall microsoft office student 2007 because I don't use it..I have open office..I just have a big mess and no money and need help..I am trying to put in job applications online and cannot afford for my computer to go down..please help..i did a restore and it seemed to work great for a few days..honestly I think it was the antimalware that screwed it up even more..oh wait..I also installed 10bituninstaller because i had accidentally installed the dreaded ask toolbar..I think THAT is what gave me the worst problem because it was not completely uninstalling..and when I tried to uninstall THAT..oh lord...please help..computer is slow to start..slow to shut down..pages stop responding..slow to act on a command..freezes..etc

dllhost.exe 32~~~~10 running?

October 28, 2014, 5:38 am
$
0
0
Computer seems slow...I ran task manager and find 10 instances of dllhost.exe 32 runing at the same time? Some of these are showing 562,000 memory use and others 707,190 use...lots of hard drive spin. I scanned with MalwareBytes, Norton, and Microsofts Malacious Software tool....all show nothing?

Browser Hijacked

October 28, 2014, 7:29 am
$
0
0
Unfortunatly I can not run and download anything as my browser (on my laptop) has been hijacked. I believe it came in on an very real looking AVG update. Once the update was completed the next site I went to, the browser was hijacked by a page demanding money be paid to it. I am sending this from my main computer. Is there a program to put on a USB stick that I can run on my laptop to clean this up?

Music playing in background!

October 28, 2014, 12:23 pm
Search

Win 7 Conflict- blue screen crashes-Win Defender vs avast

October 28, 2014, 1:00 pm
$
0
0
Please visit Combofix Guide & Instructions for instructions for installing the Recovery Console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

You will also need to disable all of your security programs so they don't interfere with ComboFix. Please visit the following link for more information on how to disable them:

http://www.bleepingcomputer.com/forums/topic114351.html

Be sure to remember to re-enable them right after the scan.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.

Problems with all Internet Browsers

October 28, 2014, 4:09 pm
$
0
0
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel Quad Core i7-960, 3.2 GHz, x86 Family 6 Model 26 Stepping 5
Processor Count: 1
RAM: 4096 MB
Graphics Card: Gigabyte AMD Radeon HD 6850, 1.0 GB
Hard Drives: C: Size-150GB/68.4 Free; D: Size-150GB/36.5 Free; F: Size-200GB/90Free; G: Size 400GB/145.6 Free
Motherboard: Gigabyte G1 Guerrilla
Antivirus: AVG Anti-Virus Free Edition 2012, Updated: Yes, On-Demand Scanner: Enabled

Hello, a few months ago I started having a problem with Internet Explorer continuiing to run in the background and freezing and being extremely slow. This seemed to coincide with when Microsoft stopped supporting Windows XP, i.e. no more security updates. Anyway, I figured it was just a Microsoft thing, so I started using Chrome and the same thing happened with it, and so I started using Mozilla Firefox and it does the same thing. Sometimes I will have all three of them running and task manager will not be able to shut them down, and there will be several instances of both Chrome and Internet Explorer running and usually one big one memory usage for Firefox. Anyway, I will have to restart my computer to clear them out because it slows my computer to a crawl. I tried running each of them with out any plugins but they still act up, and I have not found any malware or viruses on my computer. (Other than the usual cookie crap, that is) I am thinking about wiping everything and buying Windows 7 hoping that will solve this problem. But until I can afford to buy Windows 7, I would be very appreciative if you could offer some advice as to what the problem might be and how to fix it.

Thank you so much for your time,
Linda

winlogon.exe - bad image - sysapcrt.dll. After dvdvideosoft installation

October 28, 2014, 4:44 pm
$
0
0
askey127,

Many thanks for your advice.

Google Chrome file kxjjjdgf

October 28, 2014, 5:01 pm
$
0
0
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt and Shortcut.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another two logs (Addition.txt and Shortcut.txt). Please attach these to your reply.

Not sure if I have Malware, Virus, or similar

October 28, 2014, 6:41 pm
$
0
0
I finished building a new PC a month or so ago, and recently, I've had problems connecting to the internet. All of my other PC and devices connect fine. I have a gigabit wired connection and a 1.3GB wireless AC connection. Sometimes I can access the internet, with either network adapter, but after a short period of time, I lose my connection. This happens simultaneously with both adapters. When I right click on my connection in the bottom corner (I'm running Windows 7 Ultimate x64) and select troubleshoot connection, it comes back with the following error, "Windows could not automatically detect his network's proxy settings." In the Network and Connection window, usually there would be an X between my PC and my router or between my router and the globe (WAN), but it shows that I have a connection.

I was also just installing the driver/software for my Lamptron CM615 watercooling/fan controller, which I'm supposed to be able to monitor remotely, and during the installation, I got an error saying "The InstsllShield Engine (iKernel.exe) could not be installed. IKernel.exe could not be copied to C:\Program Files (x86)\Common Files\InstsllShield\Engine\6\Intel 32. Make sure that you have the appropriate privileges to copy files to this folder. (0x20)"

So apparently, I've lost some of my privileges as Admin too. I've deleted my partition, reinstalled the OS on my C drive, which is a pair of Samsung 840 Pros 256GB setup in RAID0, but this continues to happen. I'm guessing that maybe some of the drivers/software for my PC could be infected, and this is why it keeps coming back. I've never been infected with Malware before, but after reading up on some of the articles, this is the only thing I can think of as the problem. Please give me some advice on if it is or not. I work from home and this is my work PC, so I haven't been able to get any work done. I'm running McAfee Internet Security, but I guess it's possible for some things to get past. Please advise. I don't know where to go from here. Thanks.

Sent from my SAMSUNG-SM-G900A using Tapatalk

running slow mySearchDial and more

October 29, 2014, 6:42 am
$
0
0
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Pentium(R) Dual-Core CPU E6600 @ 3.06GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 4061 Mb
Graphics Card: Intel(R) G45/G43 Express Chipset, 1806 Mb
Hard Drives: C: Total - 596378 MB, Free - 40577 MB;
Motherboard: Acer, WG43M
Antivirus: AVG AntiVirus 2015, Updated and Enabled


The computer is running very slow, i believe its been infected or hijacked by spyware and malware.
at this time i have run avg 2015 and removed all found infections, i also ran malwarebytes and removed all infections, i ran superantispyware and also removed all threats. i ran ccleaner and removed all old registry entries temp files etci just ran i in the standard default configurtration. this morning i woke up and found that malwarebytes found some of the same infections it found yesterday again, prob still runing in memory and not able to be removed with the current list of programs i have used.

below i attached the log from malwarebytes that it produced this morning.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/29/2014
Scan Time: 2:55:07 AM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.28.06
Rootkit Database: v2014.10.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: CommanderKaiser

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 474781
Time Elapsed: 57 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 28
PUP.Optional.MySearch.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (user_pref("extensions.irmysearch.instlRef", "140305_b");), ,[49cdb763413b2f07693d3a2cab5a718f]
PUP.Optional.MySearch.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (wordURLPromptDeclined", 1);
user_pref("browser.sta), ,[8a8c8793403c95a15c4a69fd07fe827e]
PUP.Optional.MySearch.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (archywordURLPromptDeclined", 1);
user_pref("browser.startup.page", 1);
user_pref("extensions.shownSelectionUI", true);
user_pref("browser.searchywordURLPromptDeclined", 1);
user_prelugin.state.npconduitfirefoxplugin", 0);
user_pref("browser.searchywordURLPromptDeclined", 1);
user_pref("browser.startup.page", 1);
user_pref("network.protocol), ,[62b43ddd047854e2cdd9372fc73ea25e]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dfltSrch", true);), ,[45d1c555f48866d01d9293d3a65f50b0]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (earchywordURLPromptDeclined", 1);
user_pref("browser.startup.p), ,[e82e59c181fbd95dded1d690d92c3fc1]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (RLPromptDeclined", 1);
user_pref("browser.startup), ,[1ff7bb5fc0bcf93d5d52cd99a0656d93]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (.searchywordURLPromptDeclined", 1);
user_pref("brows), ,[8a8c44d617656ec87f3070f647be0bf5]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (archywordURLPromptDeclined", 1);
user_pref("browser.startup.page", 1);
user_pref("extensions.shownSelectionUI", true);
user_pref("browser.searchywordURLPromptDeclined", 1);
user_prelugin.state.npconduitfirefoxplugin", 0);
user_pref("browser.searchywordURLPromptDeclined", 1);
user_pref("browser.startup.page", 1);
user_pref("network.protocol-handler.warn-external.dnupdate", false);user_pref("browser.newtab.url", "");
), ,[d44268b27606b680337c590dec19bf41]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (update", false);user_pref("browser.newtab.url", "");

user_pref("extensions.irmysearch.instlRef", "140305_b");
user_pref("extensions.irmysearch.cr", "367344870");
user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0E0CtC0AyDzyyD0EtCtC0C0E0Bzy0A0EtN0D0Tzu0SzzyEyBtN1L2XzutB tFtBtDtFyDtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StD0CtC0DyDzyyB0 BtGtCyDtB0DtGzz0DzytBtGyE0F0EyDtGtCyB0CyCyCyEtDzyyCyDzzzy2QtN1M1F1B2Z1V1N2Y 1), ,[878f5dbd1765ff378e215a0c44c1659b]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (e", false);user_pref("browser.newtab.url", "");

user_pref), ,[14020317fc8082b47d32283e41c41be5]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (rdURLPromptDeclined", 1);
user_pref("browser.startup.p), ,[50c6dc3e7606999d743b9acc52b3d52b]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (chywordURLPromptDeclined", 1);
user_pref("browser.sta), ,[1df925f5e6961d1997184b1b8f7641bf]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (rchywordURLPromptDeclined", 1);
user_pref("browser.sta), ,[ea2c9c7e4339af877b34273fe223e41c]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (chywordURLPromptDeclined", 1);
user_pref("browser.startup.page",), ,[4dc951c944384ee8238c2541867fbf41]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (PromptDeclined", 1);
user_pref("browser.startup.page", 1);
), ,[23f3f228b3c92a0ce2cde97d0104c937]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (dURLPromptDeclined", 1);
user_pref("browser.startup.page",), ,[81958694daa2b0869718f670ec19b947]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (ordURLPromptDeclined", 1);
user_pref("browser.startup.pa), ,[0610051523594aecded13a2c65a00ef2]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (ywordURLPromptDeclined", 1);
user_pref("browser.startu), ,[70a6f6244b31dd5904ab76f01de851af]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (chywordURLPromptDeclined", 1);
user_pref("browser.s), ,[14022ceee4981224c7e8f86eb94c857b]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (earchywordURLPromptDeclined", 1);
user_pref("browser.star), ,[a373f4265e1e69cd1e91ee7832d3d42c]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (wordURLPromptDeclined", 1);
user_pref("browser.s), ,[6da9c3572f4d3ff75f50273f9372c43c]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (r.searchywordURLPromptDeclined", 1);
user_pref("browser.startup.page", 1);
user_pre), ,[0f079c7e413b5dd9d9d66bfb28ddf20e]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (
user_pref("browser.startup.page", 1);
user_pref("), ,[86904bcfa1dbde58ab0476f0867f6d93]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (earchywordURLPromptDeclined", 1);
user_pref("browser), ,[37df57c3502c83b3bef15b0bfc097987]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (archywordURLPromptDeclined", 1);
user_pref("browser.startup.page", 1);
user_pref("extensions.shownSelectionUI", true);
user_pref("browser.searchywordURLPromptDeclined", 1);
user_prelugin.state.npconduitfirefoxplugin", 0);
user_pref("browser.searchywordURLPromptDeclined", 1);
user_pref("browser.startup.page", 1);
user_pref("network.protocol-h), ,[25f147d3dca0ae885d527de9c04509f7]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (ser.startup.page", 1);
user_pref("network.), ,[d83ebe5cafcd79bdbff03c2a778e8977]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&a=ir_14_17_ch&cd=2XzuyEtN2Y1L1Qzu0E0CtC0AyDzyyD0EtCtC0C0E0Bzy0A0EtN0D0 Tzu0SzzyEyDtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1PtN1L1G1B1V1N2Y1L 1Qzu2StDzyzy0D0ByByDtCtGzy0AyDyDtG0Azz0DtAtGyByDyEtDtGtAyEtA0FyD0ByB0FtCzz0 DyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtDtDtB0EzytBzztG0B0BtCyCtGtC0FyC0BtGyE0EyCtC tGyDtD0AtB0DtDtB0D0FyB0FtA2Q&cr=798050985&ir=");), ,[3dd9e634a2da7eb84f613a2c986d4eb2]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (("network.protocol-handler.warn-external.dnupdate", false);user_pref("browser.newtab.url", "");

user_pref("extensions.irmysearch.instlRef", "140305_b");
user_pref("extensions.irmysearch.cr", "367344870");
user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0E0CtC0AyDzyyD0EtCtC0C0E0Bzy0A0EtN0D0Tzu0SzzyEyBtN1L2XzutB tFtBtDtFyDtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StD0CtC0DyDzyyB0 BtGtCyDtB0DtGzz0DzytBtGyE0F0EyDtG), ,[33e31604f785171ffab60f57e520d52b]

Physical Sectors: 0
(No malicious items detected)


(end)

I thank you in advance for your assistance.

Help

October 29, 2014, 12:29 pm
$
0
0
Hello Meloluv,

Run the following and post the two produced logs...

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Thanks,

Kevin...
Search

Trojan Horse Crypt3.BAVF removal

October 29, 2014, 2:36 pm
$
0
0
Hi all, have had great advice here in the past and am hoping for some more today.

I have a Trojan horse which is spotted by AVG but when it is healed and rebooted it returns.

Trojan Horse Crypt3.BAVF

C:\ProgramData7692d14f.dot

Any help with its removal greatly appreciated.

Kind regards,

Dan

Removal of Advance Elite?

October 29, 2014, 4:16 pm
$
0
0
Managed to find an answer as to how this unwanted item can be deleted, so will be marking this thread as solved.

laptop with administrator section completly ruined

October 29, 2014, 4:28 pm
$
0
0
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014
Ran by ebahl_000 (ATTENTION: The logged in user is not administrator) on ZONPATHFINDER on 29-10-2014 18:20:10
Running from C:\Users\ebahl_000\Downloads
Loaded Profile: ebahl_000 (Available profiles: zon & ebahl_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
( ) C:\Program Files (x86)\Retrogamer_4w\bar\1.bin\AppIntegrator64.exe
( ) C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\AppIntegrator64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
() C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\Retrogamer_4w\bar\1.bin\4wbrmon.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\Retrogamer_4w\bar\1.bin\4wbrmon64.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Retrogamer Home Page Guard 64 bit] => C:\Program Files (x86)\Retrogamer_4w\bar\1.bin\AppIntegrator64.exe [485960 2014-06-10] ( )
HKLM\...\Run: [TelevisionFanatic Home Page Guard 64 bit] => C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\AppIntegrator64.exe [485960 2014-07-05] ( )
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [767600 2014-09-28] (Webroot)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB Optical Mouse] => C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe [245248 2010-03-30] ()
HKLM-x32\...\Run: [Retrogamer EPM Support] => C:\Program Files (x86)\Retrogamer_4w\bar\1.bin\4wmedint.exe [12872 2014-06-10] (Mindspark Interactive Network, Inc.)
HKLM-x32\...\Run: [Retrogamer Search Scope Monitor] => C:\Program Files (x86)\Retrogamer_4w\bar\1.bin\4wSrchMn.exe [55368 2014-06-10] (Mindspark)
HKLM-x32\...\Run: [Retrogamer_4w Browser Plugin Loader] => C:\Program Files (x86)\Retrogamer_4w\bar\1.bin\4wbrmon.exe [61512 2014-06-10] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [Retrogamer_4w Browser Plugin Loader 64] => C:\Program Files (x86)\Retrogamer_4w\bar\1.bin\4wbrmon64.exe [71752 2014-06-10] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [TelevisionFanatic EPM Support] => C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64medint.exe [12872 2014-07-05] (Mindspark Interactive Network, Inc.)
HKLM-x32\...\Run: [TelevisionFanatic Search Scope Monitor] => C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrchMn.exe [55368 2014-07-05] (Mindspark)
HKLM-x32\...\Run: [TelevisionFanatic Browser Plugin Loader] => C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe [61512 2014-07-05] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [TelevisionFanatic Browser Plugin Loader 64] => C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon64.exe [71752 2014-07-05] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\Run: [Google Update] => C:\Users\ebahl_000\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-23] (Google Inc.)
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\MountPoints2: {1a6df60b-53a7-11e4-82cd-ac7ba148f0c0} - "E:\TL_Bootstrap.exe"
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\MountPoints2: {4b315e66-b847-11e3-825d-ac7ba148f0c0} - "E:\LaunchU3.exe" -a
HKU\S-1-5-21-2139192759-2354198401-3335630422-1004\...\MountPoints2: {aa4305c4-4ff8-11e4-82cd-ac7ba148f0c0} - "E:\TL_Bootstrap.exe"
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Internet Explorer\iexplore.exe [810640 2014-09-25] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com
URLSearchHook: HKCU - (No Name) - {0696f815-a3a9-490a-bb14-9ec3350b1276} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll (Mindspark)
URLSearchHook: HKCU - (No Name) - {4cff1016-c2e2-4fdd-9c67-e32200c25ff9} - C:\Program Files (x86)\Retrogamer_4w\bar\1.bin\4wSrcAs.dll (Mindspark)
SearchScopes: HKLM - DefaultScope {145163FA-AA60-4A4C-869B-7066FCCE6680} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TNJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {145163FA-AA60-4A4C-869B-7066FCCE6680} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TNJB
SearchScopes: HKLM-x32 - DefaultScope {145163FA-AA60-4A4C-869B-7066FCCE6680} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TNJB
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {145163FA-AA60-4A4C-869B-7066FCCE6680} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TNJB
SearchScopes: HKLM-x32 - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^XP^xdm044^S10228^us&si=CMSksf_Zr78CFS0YMgodi0IAmg&ptb=447F 88BB-92BA-4EBF-86B1-1FEACDE088D5&psa=&ind=2014080710&st=sb&n=780c6ec6&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {ef80d754-fb77-4a7f-be75-489beebb20c9} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^RG^xdm907^YYA^us&ptb=B0189651-73D6-40DF-94B4-1AEC81168BE7&ind=2014080710&n=780c6ec6&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {145163FA-AA60-4A4C-869B-7066FCCE6680} URL =
SearchScopes: HKCU - {145163FA-AA60-4A4C-869B-7066FCCE6680} URL =
SearchScopes: HKCU - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^XP^xdm044^S10228^us&si=CMSksf_Zr78CFS0YMgodi0IAmg&ptb=447F 88BB-92BA-4EBF-86B1-1FEACDE088D5&psa=&ind=2014080710&st=sb&n=780c6ec6&searchfor={searchTerms}
SearchScopes: HKCU - {ef80d754-fb77-4a7f-be75-489beebb20c9} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^RG^xdm907^YYA^us&ptb=B0189651-73D6-40DF-94B4-1AEC81168BE7&ind=2014080710&n=780c6ec6&psa=&st=sb&searchfor={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: Toolbar BHO -> {03123bb6-a811-407e-b323-66cf0be510b1} -> C:\Program Files (x86)\Retrogamer_4w\bar\1.bin\4wbar.dll (Mindspark)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Search Assistant BHO -> {5d79f641-c168-40df-a32f-bacea7509e75} -> C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll (Mindspark)
BHO-x32: ArcadeYum Addon -> {651CA263-4157-4AC5-B7C2-03A7C1C00457} -> C:\Users\zon\AppData\Local\ArcadeYum\ArcadeYumIEHelper.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: No Name -> {b4a89cd3-c5f5-49c4-abcf-5f26d636476f} -> No File
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)
BHO-x32: Toolbar BHO -> {cb41fc95-f1b3-4797-8bb6-1012ff62abba} -> C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll (Mindspark)
BHO-x32: Search Assistant BHO -> {d757dbfc-1494-4647-a8b3-abd654988dd8} -> C:\Program Files (x86)\Retrogamer_4w\bar\1.bin\4wSrcAs.dll (Mindspark)
BHO-x32: WeCareReminder Class -> {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} -> C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
Toolbar: HKLM-x32 - Retrogamer - {3392cfec-56f8-41ee-bdb4-4e301efd2c93} - C:\Program Files (x86)\Retrogamer_4w\bar\1.bin\4wbar.dll (Mindspark)
Toolbar: HKLM-x32 - TelevisionFanatic - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll (Mindspark)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKCU - Retrogamer - {3392CFEC-56F8-41EE-BDB4-4E301EFD2C93} - C:\Program Files (x86)\Retrogamer_4w\bar\1.bin\4wbar.dll (Mindspark)
Toolbar: HKCU - TelevisionFanatic - {C98D5B61-B0EA-4D48-9839-1079D352D880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll (Mindspark)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\ebahl_000\AppData\Roaming\Mozilla\Firefox\Profiles\6dys65sy.defaul t
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Retrogamer_4w.com/Plugin -> C:\Program Files (x86)\Retrogamer_4w\bar\1.bin\NP4wStub.dll (Mindspark)
FF Plugin-x32: @TelevisionFanatic.com/Plugin -> C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll (Mindspark)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\ebahl_000\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\ebahl_000\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\ebahl_000\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\ebahl_000\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\ebahl_000\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\ebahl_000\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Webroot Password Manager - C:\Users\ebahl_000\AppData\Roaming\Mozilla\Firefox\Profiles\6dys65sy.defaul t\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2014-10-08]
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2014-03-27]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\ebahl_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\ebahl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-07]
CHR Extension: (Google Drive) - C:\Users\ebahl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ebahl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-07]
CHR Extension: (YouTube) - C:\Users\ebahl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-07]
CHR Extension: (Google Search) - C:\Users\ebahl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-07]
CHR Extension: (Yahoo! Toolbar for Chrome) - C:\Users\ebahl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag [2014-10-13]
CHR Extension: (Webroot Filtering Extension) - C:\Users\ebahl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2014-08-07]
CHR Extension: (Hangouts) - C:\Users\ebahl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-08-07]
CHR Extension: (Google Wallet) - C:\Users\ebahl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-07]
CHR Extension: (Webroot Password Manager) - C:\Users\ebahl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2014-08-07]
CHR Extension: (Gmail) - C:\Users\ebahl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-07]
CHR HKLM-x32\...\Chrome\Extension: [jmfmbeipcnbmgifkjkhppnjiffmpmpga] - C:\ProgramData\WeCareReminder\\wecarereminderro.crx [2013-09-27]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.32.crx [2014-03-27]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2014-03-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [254016 2014-10-24] (WildTangent)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-07-29] ()
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 Retrogamer_4wService; C:\Program Files (x86)\Retrogamer_4w\bar\1.bin\4wbarsvc.exe [88648 2014-06-10] (COMPANYVERS_NAME)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
R2 TelevisionFanaticService; C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe [88648 2014-07-05] (COMPANYVERS_NAME)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [767600 2014-09-28] (Webroot)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3668208 2013-07-29] (Intel® Corporation)
S2 Update Laflurla; "C:\Program Files (x86)\Laflurla\updateLaflurla.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [117192 2013-08-29] (Intel Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S3 NMgamingmsFltr; C:\Windows\system32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [115680 2014-09-28] (Webroot)
S3 iscFlash; \??\C:\Windows\Temp\ArchesP10SP10SG_BIOS_V150_WIN\x64\iscflashx64.sys [X]
U0 SR; No ImagePath
U2 srservice; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-29 18:18 - 2014-10-29 18:18 - 00031353 _____ () C:\Users\ebahl_000\Downloads\Addition.txt
2014-10-29 18:17 - 2014-10-29 18:20 - 00033514 _____ () C:\Users\ebahl_000\Downloads\FRST.txt
2014-10-29 18:16 - 2014-10-29 18:20 - 00000000 ____D () C:\FRST
2014-10-29 18:16 - 2014-10-29 18:16 - 02113536 _____ (Farbar) C:\Users\ebahl_000\Downloads\FRST64.exe
2014-10-29 18:14 - 2014-10-29 18:14 - 01105408 _____ (Farbar) C:\Users\ebahl_000\Desktop\FRST.exe
2014-10-28 22:23 - 2014-10-28 22:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-28 20:00 - 2014-10-28 20:00 - 00004163 _____ () C:\Users\ebahl_000\Downloads\TheKingdomKeepers.odm
2014-10-28 19:16 - 2014-10-28 19:16 - 00004522 _____ () C:\Users\ebahl_000\Downloads\20thCenturyGhosts9781415945988(1).odm
2014-10-28 19:15 - 2014-10-28 19:16 - 00004522 _____ () C:\Users\ebahl_000\Downloads\20thCenturyGhosts9781415945988.odm
2014-10-28 10:09 - 2014-10-28 10:10 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-10-28 10:09 - 2014-10-28 10:09 - 00001868 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-10-28 10:09 - 2014-10-28 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-10-27 21:59 - 2014-10-27 21:59 - 00002438 _____ () C:\Users\ebahl_000\Desktop\WirelessDiagLog.csv
2014-10-24 17:47 - 2014-10-24 17:47 - 00968642 _____ () C:\Users\ebahl_000\Downloads\rent documents.zip
2014-10-23 23:57 - 2014-10-23 23:57 - 00000000 ____D () C:\Users\ebahl_000\AppData\Local\Secunia PSI
2014-10-20 15:44 - 2014-10-20 15:44 - 00001806 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-20 15:44 - 2014-10-20 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-20 15:42 - 2014-10-26 13:49 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-20 15:42 - 2014-10-20 15:43 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-20 15:42 - 2014-10-20 15:43 - 00000000 ____D () C:\Program Files\iTunes
2014-10-20 15:42 - 2014-10-20 15:42 - 00000000 ____D () C:\Program Files\iPod
2014-10-19 14:54 - 2014-10-24 19:44 - 00151040 ___SH () C:\Users\ebahl_000\Downloads\Thumbs.db
2014-10-19 14:54 - 2014-10-19 14:54 - 00015872 ___SH () C:\Users\ebahl_000\Documents\Thumbs.db
2014-10-18 17:51 - 2014-10-18 17:51 - 00000363 _____ () C:\Users\ebahl_000\Documents\Aiala, Cortus, and Gaius (4).lnk
2014-10-15 08:43 - 2014-09-27 17:25 - 04183040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 08:43 - 2014-09-03 19:10 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-10-15 08:43 - 2014-09-03 18:57 - 00921600 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-10-15 08:43 - 2014-09-03 18:49 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-10-15 08:42 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 08:42 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 08:42 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 08:42 - 2014-09-07 22:15 - 00054752 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-15 08:42 - 2014-09-07 20:46 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-15 08:42 - 2014-09-07 20:46 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-15 08:42 - 2014-09-07 19:08 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-15 08:42 - 2014-09-07 19:07 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-15 08:42 - 2014-09-07 19:05 - 03448320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-15 08:42 - 2014-09-07 19:04 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-10-15 08:42 - 2014-09-07 19:04 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-15 08:42 - 2014-09-07 19:03 - 01702400 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-15 08:42 - 2014-09-07 19:03 - 00839680 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-15 08:42 - 2014-09-07 18:59 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-15 08:42 - 2014-09-07 18:59 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-15 08:42 - 2014-09-07 18:56 - 00672256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-15 08:42 - 2014-09-07 18:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-15 08:41 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 08:41 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 08:41 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 08:41 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 08:41 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 08:41 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 08:41 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 08:41 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 08:41 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 08:41 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 08:41 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 08:41 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 08:41 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 08:41 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 08:41 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 08:41 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 08:41 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 08:41 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 08:41 - 2014-09-18 19:42 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 08:41 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 08:41 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 08:41 - 2014-09-18 19:20 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 08:41 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 08:41 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 08:41 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 08:41 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 08:41 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 08:41 - 2014-09-13 01:29 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 08:41 - 2014-09-13 00:49 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 08:41 - 2014-09-03 19:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 08:41 - 2014-09-03 19:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 08:41 - 2014-08-15 23:08 - 21195616 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-15 08:41 - 2014-08-15 23:08 - 01507648 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-10-15 08:41 - 2014-08-15 23:01 - 01710184 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-10-15 08:41 - 2014-08-15 22:58 - 01112512 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-10-15 08:41 - 2014-08-15 22:57 - 02498880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-15 08:41 - 2014-08-15 22:57 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-10-15 08:41 - 2014-08-15 22:16 - 18722600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-15 08:41 - 2014-08-15 22:16 - 01205976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-10-15 08:41 - 2014-08-15 22:03 - 01467384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-10-15 08:41 - 2014-08-15 20:31 - 00838144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-10-15 08:41 - 2014-08-15 20:04 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2014-10-15 08:41 - 2014-08-15 19:58 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2014-10-15 08:41 - 2014-08-15 19:53 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2014-10-15 08:41 - 2014-08-15 19:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll
2014-10-15 08:41 - 2014-08-15 19:45 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2014-10-15 08:41 - 2014-08-15 19:43 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2014-10-15 08:41 - 2014-08-15 19:43 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2014-10-15 08:41 - 2014-08-15 19:31 - 00914432 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-10-15 08:41 - 2014-08-15 19:31 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll
2014-10-15 08:41 - 2014-08-15 19:29 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-15 08:41 - 2014-08-15 19:23 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-10-15 08:41 - 2014-08-15 19:22 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-10-15 08:41 - 2014-08-15 19:22 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-10-15 08:41 - 2014-08-15 19:19 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-15 08:41 - 2014-08-15 19:18 - 04758528 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-10-15 08:41 - 2014-08-15 19:17 - 08757760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-10-15 08:41 - 2014-08-15 19:14 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-10-15 08:41 - 2014-08-15 19:13 - 06649344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 08:41 - 2014-08-15 19:13 - 05902848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-10-15 08:41 - 2014-08-15 19:13 - 00840192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-10-15 08:41 - 2014-08-15 19:11 - 00920064 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-10-15 08:41 - 2014-08-15 19:10 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-10-15 08:41 - 2014-08-15 19:08 - 05777408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 08:41 - 2014-08-15 19:07 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-10-15 08:41 - 2014-07-31 18:22 - 00388729 _____ () C:\Windows\system32\ApnDatabase.xml
2014-10-15 08:35 - 2014-10-09 17:16 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 08:35 - 2014-10-08 17:09 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 08:35 - 2014-09-18 20:24 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 08:35 - 2014-09-13 01:02 - 02779648 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 08:35 - 2014-09-13 00:30 - 03117568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 08:35 - 2014-08-28 20:58 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-10-15 08:35 - 2014-08-28 18:56 - 02646016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-10-15 08:35 - 2014-08-28 18:47 - 02321920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-10-15 08:26 - 2014-10-15 08:26 - 00006381 _____ () C:\Users\ebahl_000\Downloads\NOS4A29780062237743.odm
2014-10-13 19:00 - 2014-10-13 19:00 - 00000000 ____D () C:\Users\ebahl_000\AppData\Roaming\Yahoo!
2014-10-13 18:55 - 2014-10-13 18:55 - 00000000 ____D () C:\Users\zon\AppData\Roaming\Yahoo!
2014-10-13 18:55 - 2014-10-13 18:55 - 00000000 ____D () C:\ProgramData\Yahoo! Companion
2014-10-13 18:54 - 2014-10-13 18:55 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-10-13 18:54 - 2014-10-13 18:54 - 00001168 _____ () C:\Users\Public\Desktop\Yahoo! Messenger.lnk
2014-10-13 18:54 - 2014-10-13 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2014-10-13 18:51 - 2014-10-13 18:55 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-10-13 18:45 - 2014-10-13 18:45 - 00691576 _____ (Yahoo! Inc.) C:\Users\ebahl_000\Downloads\msgr11us.exe
2014-10-02 14:23 - 2014-10-02 14:23 - 00094208 _____ (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2014-10-02 14:23 - 2014-10-02 14:23 - 00069632 _____ (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-29 18:20 - 2014-07-16 23:18 - 01302382 _____ () C:\Windows\WindowsUpdate.log
2014-10-29 18:17 - 2014-03-27 00:00 - 00000000 ____D () C:\ProgramData\WRData
2014-10-29 18:15 - 2014-08-07 09:47 - 00000000 ___DO () C:\Users\ebahl_000\OneDrive
2014-10-29 18:13 - 2014-08-07 11:15 - 00000000 ___RD () C:\Users\ebahl_000\Google Drive
2014-10-29 18:11 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-29 18:10 - 2014-09-21 16:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-29 18:10 - 2014-07-17 03:19 - 01867462 _____ () C:\Windows\PFRO.log
2014-10-29 18:10 - 2013-11-05 05:48 - 00000000 ____D () C:\ProgramData\Norton
2014-10-29 18:09 - 2013-08-22 10:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-10-29 18:07 - 2014-08-07 17:57 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2139192759-2354198401-3335630422-1004UA.job
2014-10-29 18:03 - 2014-08-07 09:48 - 00000000 __SHD () C:\Users\ebahl_000\AppData\Local\EmieSiteList
2014-10-29 18:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2014-10-29 17:49 - 2014-09-21 17:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-29 17:47 - 2014-08-07 09:36 - 00000000 ____D () C:\Users\ebahl_000\AppData\Local\Packages
2014-10-29 17:47 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-29 17:24 - 2014-02-25 22:33 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-29 13:32 - 2014-05-08 13:27 - 00000948 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2139192759-2354198401-3335630422-1001UA.job
2014-10-29 13:32 - 2014-05-08 13:27 - 00000926 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2139192759-2354198401-3335630422-1001Core.job
2014-10-29 13:27 - 2014-07-14 12:32 - 00000442 _____ () C:\Windows\Tasks\ArcadeYum.job
2014-10-29 07:24 - 2014-08-07 11:58 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-29 00:07 - 2014-08-07 17:57 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2139192759-2354198401-3335630422-1004Core.job
2014-10-28 20:08 - 2014-08-07 17:57 - 00000000 ____D () C:\Users\ebahl_000\AppData\Roaming\Mozilla
2014-10-28 09:54 - 2014-07-27 20:24 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-27 22:50 - 2014-03-27 00:08 - 00002213 ____N () C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
2014-10-27 22:50 - 2013-11-05 05:32 - 00002495 ____N () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - toshiba.lnk
2014-10-27 22:50 - 2013-11-05 05:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-27 22:19 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-27 22:00 - 2014-03-26 23:23 - 00000000 __RDO () C:\Users\zon\SkyDrive
2014-10-27 21:07 - 2014-03-31 15:52 - 00000000 ____D () C:\ProgramData\Hero Lab
2014-10-24 23:18 - 2013-11-05 05:32 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-10-22 13:51 - 2014-08-12 07:26 - 00000000 ____D () C:\Users\ebahl_000\AppData\Roaming\Skype
2014-10-22 13:47 - 2014-03-27 17:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-22 13:47 - 2014-03-27 17:58 - 00000000 ____D () C:\ProgramData\Skype
2014-10-22 12:12 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
2014-10-20 15:42 - 2014-09-15 14:41 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-20 15:42 - 2014-05-08 12:09 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-20 08:36 - 2014-07-17 03:19 - 00362680 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-20 08:31 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ToastData
2014-10-20 08:31 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\WinStore
2014-10-20 08:31 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-10-20 08:31 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\FileManager
2014-10-20 08:31 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Camera
2014-10-19 14:19 - 2014-02-25 22:33 - 00000930 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-19 00:57 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-19 00:41 - 2014-04-18 17:43 - 00000000 ____D () C:\Program Files (x86)\Laflurla
2014-10-19 00:33 - 2014-08-10 14:54 - 00000000 ____D () C:\Users\ebahl_000\AppData\Local\Adobe
2014-10-19 00:23 - 2014-07-09 10:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-19 00:23 - 2014-03-29 14:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-19 00:21 - 2014-03-29 14:37 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-18 13:06 - 2014-03-27 00:00 - 00000000 ____D () C:\Program Files\Webroot
2014-10-17 12:23 - 2014-08-07 09:45 - 00000000 ____D () C:\Users\ebahl_000\AppData\Roaming\Apple Computer
2014-10-14 14:29 - 2013-11-05 04:53 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-13 18:59 - 2014-08-07 09:36 - 00000000 ____D () C:\Users\ebahl_000\AppData\Local\VirtualStore
2014-10-13 18:51 - 2014-08-13 18:14 - 00000000 ____D () C:\Users\ebahl_000\AppData\Local\CrashDumps
2014-10-11 17:24 - 2014-04-27 12:34 - 00000000 ___RD () C:\Users\zon\Google Drive
2014-10-08 21:17 - 2014-08-07 09:36 - 00000000 ____D () C:\Users\ebahl_000
2014-10-08 17:52 - 2014-03-27 00:00 - 00154760 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2014-10-08 17:52 - 2014-03-27 00:00 - 00105320 _____ (Webroot) C:\Windows\system32\WRusr.dll
2014-10-08 17:51 - 2014-08-11 07:23 - 859112956 _____ () C:\Windows\MEMORY.DMP
2014-10-08 17:51 - 2014-06-22 19:14 - 00000000 ____D () C:\Windows\Minidump
2014-10-08 16:04 - 2014-08-07 17:09 - 00001948 _____ () C:\Windows\setupact.log
2014-10-02 19:37 - 2014-03-26 23:17 - 00000000 ____D () C:\Users\zon
2014-09-29 17:45 - 2013-08-22 10:38 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-29 17:45 - 2013-08-22 10:38 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD, see Addition.txt for additional information.

==================== End Of Log ============================

Attached Files
File Type: txt Addition.txt (30.6 KB)
File Type: txt Shortcut.txt (47.7 KB)

mindspark removal

October 29, 2014, 5:09 pm
$
0
0
I tried to download a user's manual for the Panasonic KX-T7453 phone system I am saddled with, so I could make better use of the expletive deleted. The site instead started loading various hijacking programs onto the unit. I Ran both ESET and HMP, separately. But I found that Mindspark has replaced Chrome - and with it access to my gmail account, and blocked access to gmail through chrome or IE.
We are NOT amused. I tried resetting the tabs and clearing the browsing history. I went to Control Panel (Win 7Pro SP1 64) and removed - or so one would have though - the indentifiable malefactors. Nothing has budged it one nanometer. Chrome and gmail both blocked/replaced. Need help, urgently.:mad:

What is gtubrwkvzypn.exe

October 29, 2014, 5:46 pm
$
0
0
Does anyone know what gtubrwkvzypn.exe is for?
It is located in folder:
C:\Users\John\AppData\LocalLow\ge4644\gejhmmbcmyg\rlltlvx

Norton says irt is not permorming any suspecious actions, but Nortonalso reports that it is using alot of process resources. Any info onthis would be appreciated.

John
Viewing all 4746 articles
Browse latest View live
More Pages to Explore .....
Search

Latest Images

Eco Data 4/26/24

Eco Data 4/26/24

April 25, 2024, 5:00 pm
‘Pay day every day’ may become Shangri-La Group, BPOs’ secret to happy employees

‘Pay day every day’ may become Shangri-La Group, BPOs’ secret to happy employees

April 25, 2024, 5:51 am
Nonprofit donates custom home in this East Bay city for Marine injured in...

Nonprofit donates custom home in this East Bay city for Marine injured in...

April 23, 2024, 7:00 am
New private rooms on Tokaido Shinkansen change the way we travel from Tokyo...

New private rooms on Tokaido Shinkansen change the way we travel from Tokyo...

April 22, 2024, 6:00 am
Ukraine bans military from online gambling amid addiction concerns

Ukraine bans military from online gambling amid addiction concerns

April 22, 2024, 5:17 am
ಮಂಡ್ಯದಿಂದ ಸುಮಲತಾ ದೂರ; ಹೆಚ್‌ಡಿಕೆ ಪರ ಪ್ರಚಾರಕ್ಕಿಳಿಯದ ಸಂಸದೆ –ಬರ್ತಾರೆ ನೋಡೋಣ ಎಂದ...

ಮಂಡ್ಯದಿಂದ ಸುಮಲತಾ ದೂರ; ಹೆಚ್‌ಡಿಕೆ ಪರ ಪ್ರಚಾರಕ್ಕಿಳಿಯದ ಸಂಸದೆ –ಬರ್ತಾರೆ ನೋಡೋಣ ಎಂದ...

April 20, 2024, 8:08 pm
OCBC Bank Singapore Offers Up to 2.8% p.a. Fixed Deposit Promotion from 21...

OCBC Bank Singapore Offers Up to 2.8% p.a. Fixed Deposit Promotion from 21...

April 20, 2024, 12:38 pm
National Poetry Month 2024: Maxine Starr

National Poetry Month 2024: Maxine Starr

April 19, 2024, 9:56 am
Vegan Chicken Pot Pie

Vegan Chicken Pot Pie

April 19, 2024, 9:18 am
Firefox UX: On Purpose: Collectively Defining Our Team’s Mission Statement

Firefox UX: On Purpose: Collectively Defining Our Team’s Mission Statement

April 19, 2024, 7:03 am