Jump to content

Help - Popups are killing me-(Solved)


chattykay
 Share

Recommended Posts

Something has happened to my computer. When I open up my internet explorer and try to go to a site numerous other windows open up and are very irritating. I saw a post from someone that seems to be having the same problem and they were told to do the Farbar scan and post the results so that is what I did. Hope this is right (I am an senior and not really computer savy). A little background, my husband called Norton trying to get this straightened out and they spent a good deal of time and they helped a little but did not solve my problem. I also read a couple of things and downloaded Emsisoft Anti Malware program and they gave a list of things they could not change. Really hoping you can help --- at my wits end!! Here are the posting from Farbar. Sorry I do not know how to zip files.

 

can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01 Ran by Bedroom (administrator) on BEDROOM-PC on 07-07-2014 16:41:43 Running from C:\Users\Bedroom\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe () C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe () C:\Users\Bedroom\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe () C:\Program Files (x86)\6E6B36EB-9156-411B-B951-C735F4747DCF\SupraSavingsService64.exe () C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgalry.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HP Remote Software] => C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe [172032 2009-02-06] () HKLM\...\Run: [smartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [915512 2009-03-05] (Hewlett-Packard) HKLM-x32\...\Run: [hpqSRMon] => [X] HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [bingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.) HKLM-x32\...\Run: [fst_us_114] => [X] HKLM-x32\...\Run: [t4pc_en_6] => [X] HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4842336 2014-07-05] (Emsisoft GmbH) HKLM-x32\...\Runonce: [sMRequiresRestart] - [X] HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [122200 2014-06-09] (Garmin Ltd or its subsidiaries) HKU\S-1-5-21-280013538-1748576864-239738109-1000\...\Run: [HP Deskjet 3520 series (NET)] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2551656 2012-01-31] (Hewlett-Packard Co.) HKU\S-1-5-21-280013538-1748576864-239738109-1000\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Bedroom\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l HKU\S-1-5-21-280013538-1748576864-239738109-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [122200 2014-06-09] (Garmin Ltd or its subsidiaries) HKU\S-1-5-21-280013538-1748576864-239738109-1000\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-280013538-1748576864-239738109-1000\...\MountPoints2: {df3f4179-64a8-11df-8ead-0026180644ab} - G:\LaunchU3.exe -a HKU\S-1-5-21-280013538-1748576864-239738109-1000\...\MountPoints2: {df3f4181-64a8-11df-8ead-0026180644ab} - M:\LaunchU3.exe -a Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk ShortcutTarget: HP Image Zone Fast Start.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.) Startup: C:\Users\Bedroom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\Bedroom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk ShortcutTarget: Severe Weather Alerts App.lnk -> C:\Users\Bedroom\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe () Startup: C:\Users\Bedroom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk ShortcutTarget: Severe Weather Alerts.lnk -> C:\Users\Bedroom\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe (Weather Notifications, LLC) BootExecute: autocheck autochk /p \??\C:autocheck smrgdf C:\Users\Bedroom\AppData\Roaming\iolo\ GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2B86B3F80697CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delawareonline.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com/web/?type=ds&ts=1403469313&from=air&uid=ST31000333AS_9TE24RTA&i=psd&t=344886c0e&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com/web/?type=ds&ts=1403469313&from=air&uid=ST31000333AS_9TE24RTA&i=psd&t=344886c0e&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com/web/?type=ds&ts=1403469313&from=air&uid=ST31000333AS_9TE24RTA&i=psd&t=344886c0e&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?type=hp&ts=1403469313&from=air&uid=ST31000333AS_9TE24RTA&i=psd&t=344886c0e HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com/web/?type=ds&ts=1403469313&from=air&uid=ST31000333AS_9TE24RTA&i=psd&t=344886c0e&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?type=ds&ts=1403469313&from=air&uid=ST31000333AS_9TE24RTA&i=psd&t=344886c0e&q={searchTerms} SearchScopes: HKLM-x32 - {1E75F549-593C-4890-BAC3-C26DFA7D2B98} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?type=ds&ts=1403469313&from=air&uid=ST31000333AS_9TE24RTA&i=psd&t=344886c0e&q={searchTerms} SearchScopes: HKLM-x32 - {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZLxdm019YYUS&ptb=cRkk9B1LfGCvBTaPEZVveg&ind=2010102710&ptnrS=ZLxdm019YYUS&si=&n=77cfbbb6&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKLM-x32 - {64FACBAB-65BD-4308-8C71-8D651EAC607D} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL = http://search.imesh.com/web?src=ieb&q={searchTerms} SearchScopes: HKLM-x32 - {acbd5593-e5ee-4c15-b48f-1823ce819dec} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^ZU^xdm080^S01630^us&si=CPrTg6KtqLACFYhM4AodJRibZw&ptb=466DF877-49CD-418F-BF4A-D2C898D523DB&ind=2012053011&n=77ed7e13&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2857571 SearchScopes: HKLM-x32 - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^HJ^xdm003^S06473^us&si=CMre0Nr0grkCFcef4AodASkAnw&ptb=E60A831D-FE60-48B8-BA17-0C02182D0A49&ind=2013081617&n=77fd3011&psa=&st=sb&searchfor={searchTerms} BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: No Name - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - No File BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-x32: No Name - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - No File BHO-x32: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.) BHO-x32: No Name - {9D425283-D487-4337-BAB6-AB8354A81457} - No File BHO-x32: No Name - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - No File BHO-x32: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.625.1\NativeBHO.dll No File Toolbar: HKLM-x32 - No Name - {9D425283-D487-4337-BAB6-AB8354A81457} - No File Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - No Name - {F5046A39-68F3-4732-995F-EB2EA26D93FB} - No File Toolbar: HKCU - No Name - {313A832A-AAF3-4880-A8D0-C42BEE319C02} - No File Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File Toolbar: HKCU - No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File Toolbar: HKCU - No Name - {9D425283-D487-4337-BAB6-AB8354A81457} - No File Toolbar: HKCU - No Name - {16BB67E0-6319-4077-BE84-F41269E051F3} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM-x32 {26BFFB87-5B07-4611-82BB-AF3947013FDD} http://www.lexis.com/dl/iedap_x86.cab DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll DPF: HKLM-x32 {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Bedroom\AppData\Roaming\Mozilla\Firefox\Profiles\nwr4b26m.default FF DefaultSearchEngine: Xfinity.com Search FF DefaultSearchEngine: Xfinity.com Search FF SearchEngineOrder.1: Xfinity.com Search FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF user.js: detected! => C:\Users\Bedroom\AppData\Roaming\Mozilla\Firefox\Profiles\nwr4b26m.default\user.js FF SearchPlugin: C:\Users\Bedroom\AppData\Roaming\Mozilla\Firefox\Profiles\nwr4b26m.default\searchplugins\babylon.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\xfinitylcsearch.xml FF Extension: Delta Toolbar - C:\Users\Bedroom\AppData\Roaming\Mozilla\Firefox\Profiles\nwr4b26m.default\Extensions\ffxtlbr@delta.com [2013-08-06] FF Extension: No Name - C:\Users\Bedroom\AppData\Roaming\Mozilla\Firefox\Profiles\nwr4b26m.default\Extensions\shopcbtoolbar@befrugal.com [2014-04-26] FF Extension: XFINITY Toolbar - C:\Users\Bedroom\AppData\Roaming\Mozilla\Firefox\Profiles\nwr4b26m.default\Extensions\{4b9bcce8-a70b-402a-a7e1-db96831ee26f} [2013-03-26] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-21] FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-01-15] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-21] Chrome: ======= CHR DefaultSearchKeyword: xfinity.com search CHR DefaultSearchProvider: Xfinity.com Search CHR DefaultSearchURL: http://search.xfinity.com/?cat=web&con=toolbar&cid=xfstart_tech_search&q={searchTerms} CHR DefaultNewTabURL: CHR Extension: (Google Docs) - C:\Users\Bedroom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-30] CHR Extension: (Google Drive) - C:\Users\Bedroom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-30] CHR Extension: (Speedial) - C:\Users\Bedroom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd [2014-06-14] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bedroom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-14] CHR Extension: (YouTube) - C:\Users\Bedroom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-30] CHR Extension: (Google Search) - C:\Users\Bedroom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-30] CHR Extension: (Motive Extension) - C:\Users\Bedroom\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2014-05-30] CHR Extension: (Delta Toolbar) - C:\Users\Bedroom\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2014-05-30] CHR Extension: (XFINITY Constant Guard Protection Suite) - C:\Users\Bedroom\AppData\Local\Google\Chrome\User Data\Default\Extensions\faknfdmfmhcmgphbfjhgmomfcihmocmp [2014-05-30] CHR Extension: (MixiDJ V31) - C:\Users\Bedroom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmaikkamgfhkjbadgihldfmkpngkhgbb [2014-05-30] CHR Extension: (Google Wallet) - C:\Users\Bedroom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-30] CHR Extension: (Gmail) - C:\Users\Bedroom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-30] CHR HKLM\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Bedroom\AppData\Local\speedial.crx [2014-04-10] CHR HKCU\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Bedroom\AppData\Local\speedial.crx [2014-04-10] CHR HKCU\...\Chrome\Extension: [nmaikkamgfhkjbadgihldfmkpngkhgbb] - C:\Users\Bedroom\AppData\Local\CRE\nmaikkamgfhkjbadgihldfmkpngkhgbb.crx [2013-08-07] CHR HKLM-x32\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Bedroom\AppData\Local\speedial.crx [2014-04-10] CHR HKLM-x32\...\Chrome\Extension: [nmaikkamgfhkjbadgihldfmkpngkhgbb] - C:\Users\Bedroom\AppData\Local\CRE\nmaikkamgfhkjbadgihldfmkpngkhgbb.crx [2013-08-07] ==================== Services (Whitelisted) ================= R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4725440 2014-07-05] (Emsisoft GmbH) R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.) R3 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [435032 2014-06-09] (Garmin Ltd or its subsidiaries) S4 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed] S2 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] () [File not signed] R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed] R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] (Cherished Technololgy LIMITED) R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4492776 2014-04-30] (iolo technologies, LLC) S4 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed] R2 SupraSavingsService64; C:\Program Files (x86)\6E6B36EB-9156-411B-B951-C735F4747DCF\SupraSavingsService64.exe [172544 2014-06-25] () [File not signed] R2 UsbService; C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [334848 2010-08-10] () [File not signed] ==================== Drivers (Whitelisted) ==================== R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH) R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH) R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH) R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH) R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH) R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [31432 2012-04-17] (EldoS Corporation) R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-12] (NetFilterSDK.com) S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA)) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-06-21] () S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.) S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.) S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.) R3 vuhub; C:\Windows\System32\DRIVERS\vuhub.sys [47616 2007-12-16] () R1 {0782648b-1717-4fef-ac58-8cb3ce03adb3}w64; C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}w64.sys [61120 2014-06-16] (StdLib) R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-03-19] (CyberLink Corp.) S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X] S3 EraserUtilDrv11220; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys [X] S3 EraserUtilDrv11310; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11310.sys [X] S3 EraserUtilDrv11311; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X] S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X] S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X] S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X] S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X] S1 qknfd; system32\drivers\qknfd.sys [X] S0 SMR430; System32\drivers\SMR430.SYS [X] S1 ssnfd; system32\drivers\ssnfd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-07 16:41 - 2014-07-07 16:42 - 00024634 _____ () C:\Users\Bedroom\Desktop\FRST.txt 2014-07-07 16:41 - 2014-07-07 16:41 - 00000000 ____D () C:\FRST 2014-07-07 16:40 - 2014-07-07 16:40 - 02084352 _____ (Farbar) C:\Users\Bedroom\Desktop\FRST64.exe 2014-07-07 12:04 - 2014-07-07 12:04 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{5B87587D-CA6A-474C-8CBC-A7E9382F12B6} 2014-07-07 09:21 - 2014-07-07 09:21 - 19537920 _____ () C:\Users\Bedroom\Documents\Main Quicken Acct-2014-07-07.QDF-backup 2014-07-07 09:19 - 2014-07-07 09:19 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{E9A6611E-EBCB-48A8-BF27-F4992BA9152F} 2014-07-06 17:43 - 2014-07-06 17:43 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{8A481EE3-B81D-483E-A083-9D80ADBA4CAB} 2014-07-06 15:29 - 2014-07-06 15:29 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{23DA6FA9-0AC7-4C58-AFA0-CCFA13E7916F} 2014-07-06 15:28 - 2014-07-06 15:28 - 19537920 _____ () C:\Users\Bedroom\Documents\Main Quicken Acct-2014-07-06.QDF-backup 2014-07-06 15:28 - 2014-07-06 15:28 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{658EE958-7A3A-4CBE-AA3C-8904DEB42F8C} 2014-07-06 13:01 - 2014-07-06 13:01 - 00000000 _____ () C:\Windows\system32\smrgdf.txt 2014-07-05 16:32 - 2014-07-05 16:32 - 00000000 ____D () C:\ProgramData\Emsisoft 2014-07-05 15:42 - 2014-07-05 15:42 - 00001093 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-07-05 15:42 - 2014-07-05 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2014-07-05 15:41 - 2014-07-07 16:04 - 00000000 ___HD () C:\Program Files (x86)\Emsisoft Anti-Malware 2014-07-05 15:35 - 2014-07-05 15:35 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Bedroom\Desktop\iExplore.exe 2014-07-05 15:31 - 2014-07-05 15:31 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Bedroom\Downloads\rkill.exe 2014-07-05 09:32 - 2014-07-05 09:32 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{C82FD848-6B9F-45ED-9019-4182F2C9808C} 2014-07-04 12:11 - 2014-07-06 11:24 - 00002568 _____ () C:\Users\Bedroom\Desktop\Rkill.txt 2014-07-04 12:11 - 2014-07-04 12:11 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Bedroom\Downloads\rkill.com 2014-07-04 12:11 - 2014-07-04 12:11 - 01062136 _____ (Bleeping Computer, LLC) C:\Users\Bedroom\Downloads\rkill64.com 2014-07-04 11:39 - 2014-07-07 12:16 - 00000000 ____D () C:\Program Files\SupraSavings 2014-07-04 09:28 - 2014-07-04 09:28 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{F9E4A1F8-8B74-4A22-A4AC-A47538CFE40C} 2014-07-03 16:40 - 2014-07-03 17:01 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\NPE 2014-07-03 14:01 - 2014-07-03 14:02 - 00002940 _____ () C:\Users\Bedroom\AppData\Roaming\aps.scan.results 2014-07-03 14:01 - 2014-07-03 14:02 - 00001192 _____ () C:\Users\Bedroom\AppData\Roaming\aps.scan.quick.results 2014-07-03 14:01 - 2014-07-03 14:01 - 00000000 ____D () C:\Users\Bedroom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup 2014-07-03 13:59 - 2014-07-07 13:37 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\SevereWeatherAlerts 2014-07-03 13:59 - 2014-07-03 13:59 - 00003256 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule 2014-07-03 13:59 - 2014-07-03 13:59 - 00000000 ____D () C:\Users\Bedroom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Severe Weather Alerts 2014-07-03 13:59 - 2014-07-03 13:59 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\Weather_Notifications,_LL 2014-07-03 11:36 - 2014-07-03 11:36 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{8E96BD38-0205-401E-8F76-4F6517706275} 2014-07-02 10:22 - 2014-07-02 10:28 - 00000000 ___HD () C:\Program Files (x86)\Constant Guard Protection Suite 2014-07-02 10:00 - 2014-07-02 10:00 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{C530B63C-4B4B-4560-92BD-274DB9D63E1E} 2014-07-01 19:06 - 2014-07-01 19:06 - 19533824 _____ () C:\Users\Bedroom\Documents\Main Quicken Acct-2014-07-01.QDF-backup 2014-07-01 09:05 - 2014-07-01 09:05 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{95E12475-7A67-44E1-8D43-9984DEBE978F} 2014-06-30 15:13 - 2014-07-02 10:09 - 00000000 ____D () C:\Users\Bedroom\AppData\Roaming\Systweak 2014-06-30 15:13 - 2014-06-30 15:13 - 00003340 _____ () C:\Windows\System32\Tasks\Codec Update Service 2014-06-30 15:13 - 2014-06-30 15:13 - 00000000 ___HD () C:\Program Files (x86)\Windows Essentials Codec Pack 2014-06-30 15:13 - 2014-06-30 15:13 - 00000000 ____D () C:\Users\Bedroom\AppData\Roaming\Windows Essentials Codec Pack 2014-06-30 15:13 - 2014-06-30 15:13 - 00000000 ____D () C:\Users\Bedroom\AppData\Roaming\WECP 2014-06-30 15:13 - 2014-06-30 15:13 - 00000000 ____D () C:\Users\Bedroom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Essentials Codec Pack 2014-06-30 08:57 - 2014-06-30 08:57 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{442261AD-792A-4304-8E00-E6265AEC116A} 2014-06-29 09:05 - 2014-06-29 09:05 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{73C6C903-F747-48EF-A462-42211BA83E9F} 2014-06-28 19:30 - 2014-06-28 19:30 - 00000283 _____ () C:\Users\Bedroom\Desktop\HP Printing Software.url 2014-06-28 19:30 - 2014-06-28 19:30 - 00000241 _____ () C:\Users\Bedroom\Desktop\HP Windows 7 Full Feature Printer Software alert 1.url 2014-06-28 10:34 - 2014-06-28 10:34 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{0E6C2DA3-3741-411B-8CA4-A7F3D46EE25E} 2014-06-28 09:58 - 2014-07-04 11:39 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\LogMeIn Rescue Applet 2014-06-28 09:28 - 2014-06-28 19:10 - 00000003 _____ () C:\Users\Bedroom\AppData\Local\proxy.log 2014-06-27 18:40 - 2014-06-27 18:40 - 00000000 _____ () C:\autoexec.bat 2014-06-27 18:39 - 2014-06-28 09:17 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-06-27 09:44 - 2014-06-27 09:44 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{B16763D2-6085-47E5-B6FD-3DB1443F7912} 2014-06-26 15:48 - 2014-06-26 15:48 - 00000000 ____D () C:\Users\Default\AppData\Roaming\iolo 2014-06-26 15:48 - 2014-06-26 15:48 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\iolo 2014-06-26 15:23 - 2014-06-27 10:15 - 00000000 ___HD () C:\Program Files (x86)\6E6B36EB-9156-411B-B951-C735F4747DCF 2014-06-26 08:15 - 2014-06-26 08:16 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{87C62EC6-6E6E-4002-8544-1F27D73FD447} 2014-06-25 20:15 - 2014-06-25 20:15 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{76B09522-65B5-434D-98DD-9E968A303A19} 2014-06-25 08:14 - 2014-06-25 08:15 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{BB14D132-B3E1-4A68-BA1F-44DF255AD8B8} 2014-06-24 14:13 - 2014-07-03 18:07 - 00000000 ____D () C:\ProgramData\374311380 2014-06-24 09:33 - 2014-06-24 09:33 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{195B3043-F1B7-41F6-8475-0232C56F8BAB} 2014-06-23 21:32 - 2014-06-23 21:32 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{17884ADE-5BDC-406E-8027-EB42A949244D} 2014-06-23 09:30 - 2014-06-23 09:31 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{9175C702-A7BA-46FE-B82A-DE763B728051} 2014-06-22 16:35 - 2014-06-28 13:17 - 00000000 ___HD () C:\Program Files (x86)\SupTab 2014-06-22 16:35 - 2014-06-22 16:35 - 00000000 ____D () C:\ProgramData\IePluginServices 2014-06-22 13:11 - 2014-06-22 13:11 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{B85BDC4D-E242-467E-9D0F-2210257DF35D} 2014-06-22 09:46 - 2014-06-22 09:47 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{A14F48B0-7921-4629-8F74-49202BBBB51B} 2014-06-21 10:51 - 2014-06-21 10:51 - 00003122 _____ () C:\Windows\System32\Tasks\{89F5B06F-67A9-463B-8454-7DDD0458BC55} 2014-06-21 10:34 - 2014-06-21 10:34 - 00000000 ___HD () C:\Program Files (x86)\predm 2014-06-21 10:29 - 2014-07-03 16:56 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job 2014-06-21 10:29 - 2014-07-03 16:56 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job 2014-06-21 10:29 - 2014-07-03 16:56 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job 2014-06-21 10:29 - 2014-07-03 14:02 - 00000318 _____ () C:\Users\Bedroom\AppData\Roaming\aps.uninstall.scan.results 2014-06-21 10:29 - 2014-06-21 10:55 - 00002832 _____ () C:\Windows\System32\Tasks\APSnotifierPP1 2014-06-21 10:29 - 2014-06-21 10:55 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP3 2014-06-21 10:29 - 2014-06-21 10:55 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP2 2014-06-21 10:29 - 2014-06-18 11:44 - 00608179 _____ (Click Me In Limited) C:\Users\Bedroom\AppData\Local\AnyProtectScannerSetup.exe 2014-06-21 10:07 - 2014-06-21 10:50 - 00000258 __RSH () C:\ProgramData\ntuser.pol 2014-06-21 09:39 - 2014-06-21 09:39 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{4724FBCA-3F0E-4A22-9977-773A15D2E44C} 2014-06-21 09:37 - 2014-07-04 10:35 - 00000000 ____D () C:\Users\Bedroom\Documents\PC Speed Maximizer 2014-06-21 09:36 - 2014-07-03 14:00 - 00000000 _____ () C:\end 2014-06-21 09:32 - 2014-06-21 09:32 - 00003698 _____ () C:\Windows\System32\Tasks\pcreg 2014-06-21 09:31 - 2014-07-03 17:07 - 00000000 ___HD () C:\Program Files (x86)\globalUpdate 2014-06-21 09:31 - 2014-06-21 09:31 - 00003590 _____ () C:\Windows\System32\Tasks\YTDownloader 2014-06-21 09:31 - 2014-06-21 09:31 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro 2014-06-21 09:31 - 2014-06-21 09:31 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\globalUpdate 2014-06-21 09:31 - 2014-06-21 09:31 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\CrashRpt 2014-06-21 07:43 - 2014-06-21 07:43 - 00404992 _____ () C:\Windows\SysWOW64\CommonDlg.dll 2014-06-20 09:36 - 2014-06-20 09:36 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{9CE6FF85-75E0-4106-ACD3-612003E99EC7} 2014-06-19 11:13 - 2014-06-19 11:13 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{2BF54F29-95C3-456A-B7AD-0316BDF3171D} 2014-06-18 23:13 - 2014-06-18 23:13 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{7C8FAEDB-AE77-4444-89D4-124F0AEB7B5B} 2014-06-18 13:07 - 2014-06-16 14:14 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}w64.sys 2014-06-18 07:01 - 2014-06-18 07:01 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{F10CCD8D-6B22-4442-B5D2-A570976DE038} 2014-06-17 18:44 - 2014-06-17 18:44 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{64EB3A49-EFDE-43C4-A0CC-A7391D9E01DC} 2014-06-17 12:05 - 2014-06-17 12:05 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{69A11820-BD48-4CF7-A6DB-1AB63C1EA2E1} 2014-06-16 17:43 - 2014-06-28 10:47 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\Adobe 2014-06-16 16:26 - 2014-06-16 16:26 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{7FC4B9DD-D24B-4EDE-A81D-1653B6E52649} 2014-06-16 07:04 - 2014-06-16 07:04 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{2B51776B-F6C4-4C5D-A595-DEB99CADE605} 2014-06-16 04:04 - 2014-06-16 04:04 - 00001890 _____ () C:\Users\Public\Desktop\Garmin Express.lnk 2014-06-16 04:04 - 2014-06-16 04:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2014-06-15 16:06 - 2014-06-15 16:06 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{A8E0ECE5-E74E-4D97-9AFD-A349D027B6FE} 2014-06-15 12:27 - 2014-06-15 12:27 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{A2BE06A8-6426-4631-896C-DC8B5036A2BB} 2014-06-14 19:10 - 2014-06-14 19:10 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{ECF178ED-A35B-43EF-BCAB-45DE8657B4DE} 2014-06-14 19:05 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-14 19:05 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-14 19:05 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-14 19:05 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-14 19:05 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-14 19:05 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-14 19:05 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-14 19:05 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-14 19:05 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-14 19:05 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-14 19:05 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-14 19:05 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-14 19:05 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-14 19:05 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-14 19:05 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-14 19:05 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-06-14 19:05 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-14 19:05 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-14 19:05 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-14 19:05 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-06-14 19:05 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-14 19:05 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-14 19:05 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-14 19:05 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-06-14 19:05 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-14 19:05 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-06-14 19:05 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-06-14 19:05 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-06-14 19:05 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-14 19:05 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-06-14 19:05 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-06-14 19:05 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-06-14 19:05 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-14 19:05 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-06-14 19:05 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-06-14 19:05 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-14 19:05 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-14 19:05 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-06-14 19:05 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-14 19:05 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-06-14 19:05 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-06-14 19:05 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-06-14 19:05 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-06-14 19:05 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-14 19:05 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-06-14 19:05 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-06-14 19:05 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-06-14 19:05 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-14 19:05 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-06-14 19:05 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-14 19:05 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-06-14 19:05 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-06-14 19:05 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-14 19:05 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-06-14 19:05 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-06-14 19:05 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2014-06-14 19:05 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-14 19:05 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2014-06-14 19:05 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-14 19:05 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-06-14 19:05 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-14 19:05 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-14 19:05 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-06-14 19:05 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-06-14 19:05 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2014-06-14 19:05 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-06-14 19:05 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2014-06-14 19:05 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-06-12 15:05 - 2014-06-12 15:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys ==================== One Month Modified Files and Folders ======= 2014-07-07 16:42 - 2014-07-07 16:41 - 00024634 _____ () C:\Users\Bedroom\Desktop\FRST.txt 2014-07-07 16:41 - 2014-07-07 16:41 - 00000000 ____D () C:\FRST 2014-07-07 16:40 - 2014-07-07 16:40 - 02084352 _____ (Farbar) C:\Users\Bedroom\Desktop\FRST64.exe 2014-07-07 16:04 - 2014-07-05 15:41 - 00000000 ___HD () C:\Program Files (x86)\Emsisoft Anti-Malware 2014-07-07 13:37 - 2014-07-03 13:59 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\SevereWeatherAlerts 2014-07-07 12:18 - 2009-05-20 01:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2014-07-07 12:16 - 2014-07-04 11:39 - 00000000 ____D () C:\Program Files\SupraSavings 2014-07-07 12:12 - 2010-05-21 18:16 - 01461213 _____ () C:\Windows\WindowsUpdate.log 2014-07-07 12:07 - 2014-04-10 19:07 - 00000434 _____ () C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Bedroom).job 2014-07-07 12:04 - 2014-07-07 12:04 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{5B87587D-CA6A-474C-8CBC-A7E9382F12B6} 2014-07-07 11:27 - 2009-07-14 01:13 - 00795960 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-07 09:21 - 2014-07-07 09:21 - 19537920 _____ () C:\Users\Bedroom\Documents\Main Quicken Acct-2014-07-07.QDF-backup 2014-07-07 09:19 - 2014-07-07 09:19 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{E9A6611E-EBCB-48A8-BF27-F4992BA9152F} 2014-07-06 22:30 - 2014-02-01 16:47 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C42AA9FE-AE76-4A8A-9961-637F41521DAC} 2014-07-06 19:12 - 2010-05-21 17:43 - 00011104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-06 19:12 - 2010-05-21 17:43 - 00011104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-06 17:43 - 2014-07-06 17:43 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{8A481EE3-B81D-483E-A083-9D80ADBA4CAB} 2014-07-06 15:29 - 2014-07-06 15:29 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{23DA6FA9-0AC7-4C58-AFA0-CCFA13E7916F} 2014-07-06 15:28 - 2014-07-06 15:28 - 19537920 _____ () C:\Users\Bedroom\Documents\Main Quicken Acct-2014-07-06.QDF-backup 2014-07-06 15:28 - 2014-07-06 15:28 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{658EE958-7A3A-4CBE-AA3C-8904DEB42F8C} 2014-07-06 13:01 - 2014-07-06 13:01 - 00000000 _____ () C:\Windows\system32\smrgdf.txt 2014-07-06 12:59 - 2011-01-02 11:56 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\CrashDumps 2014-07-06 12:16 - 2010-01-14 12:51 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-07-06 12:13 - 2013-12-19 16:43 - 00000000 ____D () C:\Users\Bedroom\AppData\Roaming\newnext.me 2014-07-06 12:12 - 2013-11-21 18:04 - 00000824 _____ () C:\Windows\Tasks\AV_PWB.job 2014-07-06 12:12 - 2010-05-21 17:49 - 00000000 ____D () C:\Users\Bedroom 2014-07-06 12:12 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-06 12:12 - 2009-07-14 00:51 - 02125621 _____ () C:\Windows\setupact.log 2014-07-06 11:48 - 2011-04-17 16:01 - 00047104 ___SH () C:\Users\Bedroom\Documents\Thumbs.db 2014-07-06 11:24 - 2014-07-04 12:11 - 00002568 _____ () C:\Users\Bedroom\Desktop\Rkill.txt 2014-07-06 10:23 - 2013-09-16 11:02 - 00000000 ____D () C:\Users\Bedroom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game - Total Domination 2014-07-05 19:59 - 2010-01-12 21:36 - 00000000 ___HD () C:\Program Files (x86)\Microsoft Works 2014-07-05 19:32 - 2010-04-28 23:12 - 00000000 ____D () C:\Users\Bedroom\AppData\Roaming\HpUpdate 2014-07-05 19:04 - 2013-12-19 16:43 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\Mobogenie 2014-07-05 16:32 - 2014-07-05 16:32 - 00000000 ____D () C:\ProgramData\Emsisoft 2014-07-05 15:42 - 2014-07-05 15:42 - 00001093 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-07-05 15:42 - 2014-07-05 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2014-07-05 15:35 - 2014-07-05 15:35 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Bedroom\Desktop\iExplore.exe 2014-07-05 15:31 - 2014-07-05 15:31 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Bedroom\Downloads\rkill.exe 2014-07-05 09:32 - 2014-07-05 09:32 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{C82FD848-6B9F-45ED-9019-4182F2C9808C} 2014-07-04 12:11 - 2014-07-04 12:11 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Bedroom\Downloads\rkill.com 2014-07-04 12:11 - 2014-07-04 12:11 - 01062136 _____ (Bleeping Computer, LLC) C:\Users\Bedroom\Downloads\rkill64.com 2014-07-04 12:03 - 2010-05-21 18:04 - 02952764 _____ () C:\Windows\PFRO.log 2014-07-04 11:39 - 2014-06-28 09:58 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\LogMeIn Rescue Applet 2014-07-04 10:35 - 2014-06-21 09:37 - 00000000 ____D () C:\Users\Bedroom\Documents\PC Speed Maximizer 2014-07-04 10:34 - 2014-04-06 15:57 - 00000000 ____D () C:\Users\Bedroom\Documents\Will - Charles Pritchard 2014-07-04 09:28 - 2014-07-04 09:28 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{F9E4A1F8-8B74-4A22-A4AC-A47538CFE40C} 2014-07-03 18:07 - 2014-06-24 14:13 - 00000000 ____D () C:\ProgramData\374311380 2014-07-03 17:07 - 2014-06-21 09:31 - 00000000 ___HD () C:\Program Files (x86)\globalUpdate 2014-07-03 17:01 - 2014-07-03 16:40 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\NPE 2014-07-03 16:56 - 2014-06-21 10:29 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job 2014-07-03 16:56 - 2014-06-21 10:29 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job 2014-07-03 16:56 - 2014-06-21 10:29 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job 2014-07-03 16:40 - 2009-05-20 02:21 - 00000000 ____D () C:\ProgramData\Norton 2014-07-03 14:02 - 2014-07-03 14:01 - 00002940 _____ () C:\Users\Bedroom\AppData\Roaming\aps.scan.results 2014-07-03 14:02 - 2014-07-03 14:01 - 00001192 _____ () C:\Users\Bedroom\AppData\Roaming\aps.scan.quick.results 2014-07-03 14:02 - 2014-06-21 10:29 - 00000318 _____ () C:\Users\Bedroom\AppData\Roaming\aps.uninstall.scan.results 2014-07-03 14:01 - 2014-07-03 14:01 - 00000000 ____D () C:\Users\Bedroom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup 2014-07-03 14:00 - 2014-06-21 09:36 - 00000000 _____ () C:\end 2014-07-03 14:00 - 2011-04-21 18:39 - 00000000 ___HD () C:\Program Files (x86)\Google 2014-07-03 14:00 - 2009-05-20 01:53 - 00000000 ____D () C:\ProgramData\Temp 2014-07-03 13:59 - 2014-07-03 13:59 - 00003256 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule 2014-07-03 13:59 - 2014-07-03 13:59 - 00000000 ____D () C:\Users\Bedroom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Severe Weather Alerts 2014-07-03 13:59 - 2014-07-03 13:59 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\Weather_Notifications,_LL 2014-07-03 13:45 - 2010-10-17 10:57 - 00000000 ___HD () C:\Program Files (x86)\Adobe 2014-07-03 13:45 - 2010-01-16 11:58 - 00000000 ____D () C:\ProgramData\Adobe 2014-07-03 11:36 - 2014-07-03 11:36 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{8E96BD38-0205-401E-8F76-4F6517706275} 2014-07-02 10:28 - 2014-07-02 10:22 - 00000000 ___HD () C:\Program Files (x86)\Constant Guard Protection Suite 2014-07-02 10:09 - 2014-06-30 15:13 - 00000000 ____D () C:\Users\Bedroom\AppData\Roaming\Systweak 2014-07-02 10:00 - 2014-07-02 10:00 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{C530B63C-4B4B-4560-92BD-274DB9D63E1E} 2014-07-01 19:06 - 2014-07-01 19:06 - 19533824 _____ () C:\Users\Bedroom\Documents\Main Quicken Acct-2014-07-01.QDF-backup 2014-07-01 09:05 - 2014-07-01 09:05 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{95E12475-7A67-44E1-8D43-9984DEBE978F} 2014-06-30 15:13 - 2014-06-30 15:13 - 00003340 _____ () C:\Windows\System32\Tasks\Codec Update Service 2014-06-30 15:13 - 2014-06-30 15:13 - 00000000 ___HD () C:\Program Files (x86)\Windows Essentials Codec Pack 2014-06-30 15:13 - 2014-06-30 15:13 - 00000000 ____D () C:\Users\Bedroom\AppData\Roaming\Windows Essentials Codec Pack 2014-06-30 15:13 - 2014-06-30 15:13 - 00000000 ____D () C:\Users\Bedroom\AppData\Roaming\WECP 2014-06-30 15:13 - 2014-06-30 15:13 - 00000000 ____D () C:\Users\Bedroom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Essentials Codec Pack 2014-06-30 15:13 - 2013-09-16 11:13 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\Deployment 2014-06-30 08:57 - 2014-06-30 08:57 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{442261AD-792A-4304-8E00-E6265AEC116A} 2014-06-29 09:05 - 2014-06-29 09:05 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{73C6C903-F747-48EF-A462-42211BA83E9F} 2014-06-28 19:30 - 2014-06-28 19:30 - 00000283 _____ () C:\Users\Bedroom\Desktop\HP Printing Software.url 2014-06-28 19:30 - 2014-06-28 19:30 - 00000241 _____ () C:\Users\Bedroom\Desktop\HP Windows 7 Full Feature Printer Software alert 1.url 2014-06-28 19:17 - 2009-05-20 02:08 - 00000000 ___HD () C:\Program Files (x86)\HP 2014-06-28 19:17 - 2009-05-20 01:38 - 00000000 ___HD () C:\Program Files (x86)\Hewlett-Packard 2014-06-28 19:10 - 2014-06-28 09:28 - 00000003 _____ () C:\Users\Bedroom\AppData\Local\proxy.log 2014-06-28 19:09 - 2012-05-25 10:36 - 00003204 _____ () C:\Windows\System32\Tasks\IHUninstallTrackingTASK 2014-06-28 19:07 - 2012-05-25 10:32 - 00000000 ____D () C:\Program Files\Common Files\Motive 2014-06-28 13:17 - 2014-06-22 16:35 - 00000000 ___HD () C:\Program Files (x86)\SupTab 2014-06-28 13:08 - 2012-05-07 16:09 - 00000000 ___HD () C:\Program Files (x86)\Easy Media Player 2014-06-28 10:47 - 2014-06-16 17:43 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\Adobe 2014-06-28 10:34 - 2014-06-28 10:34 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{0E6C2DA3-3741-411B-8CA4-A7F3D46EE25E} 2014-06-28 10:03 - 2011-03-01 00:04 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\Conduit 2014-06-28 10:01 - 2011-08-25 23:10 - 00000000 ___HD () C:\Program Files (x86)\File Type Assistant 2014-06-28 09:28 - 2014-04-18 15:22 - 00000000 ____D () C:\TEMP 2014-06-28 09:17 - 2014-06-27 18:39 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-06-27 18:40 - 2014-06-27 18:40 - 00000000 _____ () C:\autoexec.bat 2014-06-27 16:18 - 2010-01-13 17:42 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\HP 2014-06-27 10:15 - 2014-06-26 15:23 - 00000000 ___HD () C:\Program Files (x86)\6E6B36EB-9156-411B-B951-C735F4747DCF 2014-06-27 09:44 - 2014-06-27 09:44 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{B16763D2-6085-47E5-B6FD-3DB1443F7912} 2014-06-26 18:56 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Resources 2014-06-26 15:48 - 2014-06-26 15:48 - 00000000 ____D () C:\Users\Default\AppData\Roaming\iolo 2014-06-26 15:48 - 2014-06-26 15:48 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\iolo 2014-06-26 08:16 - 2014-06-26 08:15 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{87C62EC6-6E6E-4002-8544-1F27D73FD447} 2014-06-25 20:15 - 2014-06-25 20:15 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{76B09522-65B5-434D-98DD-9E968A303A19} 2014-06-25 08:15 - 2014-06-25 08:14 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{BB14D132-B3E1-4A68-BA1F-44DF255AD8B8} 2014-06-24 09:33 - 2014-06-24 09:33 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{195B3043-F1B7-41F6-8475-0232C56F8BAB} 2014-06-23 21:32 - 2014-06-23 21:32 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{17884ADE-5BDC-406E-8027-EB42A949244D} 2014-06-23 09:31 - 2014-06-23 09:30 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{9175C702-A7BA-46FE-B82A-DE763B728051} 2014-06-22 16:35 - 2014-06-22 16:35 - 00000000 ____D () C:\ProgramData\IePluginServices 2014-06-22 13:11 - 2014-06-22 13:11 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{B85BDC4D-E242-467E-9D0F-2210257DF35D} 2014-06-22 09:47 - 2014-06-22 09:46 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{A14F48B0-7921-4629-8F74-49202BBBB51B} 2014-06-21 10:59 - 2014-01-28 16:18 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys 2014-06-21 10:55 - 2014-06-21 10:29 - 00002832 _____ () C:\Windows\System32\Tasks\APSnotifierPP1 2014-06-21 10:55 - 2014-06-21 10:29 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP3 2014-06-21 10:55 - 2014-06-21 10:29 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP2 2014-06-21 10:53 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\System 2014-06-21 10:51 - 2014-06-21 10:51 - 00003122 _____ () C:\Windows\System32\Tasks\{89F5B06F-67A9-463B-8454-7DDD0458BC55} 2014-06-21 10:50 - 2014-06-21 10:07 - 00000258 __RSH () C:\ProgramData\ntuser.pol 2014-06-21 10:48 - 2014-05-30 10:16 - 00000704 _____ () C:\Windows\SysWOW64\ff.bin 2014-06-21 10:44 - 2014-05-30 10:11 - 00000552 _____ () C:\Windows\SysWOW64\schtasks.bin 2014-06-21 10:34 - 2014-06-21 10:34 - 00000000 ___HD () C:\Program Files (x86)\predm 2014-06-21 10:07 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-06-21 10:07 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-06-21 09:39 - 2014-06-21 09:39 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{4724FBCA-3F0E-4A22-9977-773A15D2E44C} 2014-06-21 09:32 - 2014-06-21 09:32 - 00003698 _____ () C:\Windows\System32\Tasks\pcreg 2014-06-21 09:31 - 2014-06-21 09:31 - 00003590 _____ () C:\Windows\System32\Tasks\YTDownloader 2014-06-21 09:31 - 2014-06-21 09:31 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro 2014-06-21 09:31 - 2014-06-21 09:31 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\globalUpdate 2014-06-21 09:31 - 2014-06-21 09:31 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\CrashRpt 2014-06-21 07:43 - 2014-06-21 07:43 - 00404992 _____ () C:\Windows\SysWOW64\CommonDlg.dll 2014-06-20 13:24 - 2010-01-12 21:35 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\VirtualStore 2014-06-20 09:36 - 2014-06-20 09:36 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{9CE6FF85-75E0-4106-ACD3-612003E99EC7} 2014-06-19 11:13 - 2014-06-19 11:13 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{2BF54F29-95C3-456A-B7AD-0316BDF3171D} 2014-06-18 23:13 - 2014-06-18 23:13 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{7C8FAEDB-AE77-4444-89D4-124F0AEB7B5B} 2014-06-18 23:07 - 2014-01-28 16:18 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers 2014-06-18 21:07 - 2006-11-02 08:34 - 00000428 _____ () C:\Windows\win.ini 2014-06-18 11:44 - 2014-06-21 10:29 - 00608179 _____ (Click Me In Limited) C:\Users\Bedroom\AppData\Local\AnyProtectScannerSetup.exe 2014-06-18 07:01 - 2014-06-18 07:01 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{F10CCD8D-6B22-4442-B5D2-A570976DE038} 2014-06-17 18:44 - 2014-06-17 18:44 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{64EB3A49-EFDE-43C4-A0CC-A7391D9E01DC} 2014-06-17 18:01 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-06-17 12:05 - 2014-06-17 12:05 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{69A11820-BD48-4CF7-A6DB-1AB63C1EA2E1} 2014-06-16 16:26 - 2014-06-16 16:26 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{7FC4B9DD-D24B-4EDE-A81D-1653B6E52649} 2014-06-16 14:14 - 2014-06-18 13:07 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}w64.sys 2014-06-16 07:04 - 2014-06-16 07:04 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{2B51776B-F6C4-4C5D-A595-DEB99CADE605} 2014-06-16 04:05 - 2013-03-26 10:40 - 00000000 ____D () C:\ProgramData\Package Cache 2014-06-16 04:04 - 2014-06-16 04:04 - 00001890 _____ () C:\Users\Public\Desktop\Garmin Express.lnk 2014-06-16 04:04 - 2014-06-16 04:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2014-06-16 04:04 - 2014-03-18 10:18 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask 2014-06-16 04:04 - 2013-03-26 10:40 - 00000000 ____D () C:\ProgramData\Garmin 2014-06-16 04:04 - 2012-11-19 21:42 - 00000000 ___HD () C:\Program Files (x86)\Garmin 2014-06-15 16:06 - 2014-06-15 16:06 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{A8E0ECE5-E74E-4D97-9AFD-A349D027B6FE} 2014-06-15 12:27 - 2014-06-15 12:27 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{A2BE06A8-6426-4631-896C-DC8B5036A2BB} 2014-06-15 04:01 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache 2014-06-15 03:04 - 2013-08-14 03:01 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-15 03:02 - 2010-07-03 23:10 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-06-15 03:00 - 2014-04-30 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-06-14 19:10 - 2014-06-14 19:10 - 00000000 ____D () C:\Users\Bedroom\AppData\Local\{ECF178ED-A35B-43EF-BCAB-45DE8657B4DE} 2014-06-14 18:59 - 2010-06-02 18:21 - 00028160 _____ () C:\Users\Bedroom\Documents\Casino Chips.xls 2014-06-12 15:05 - 2014-06-12 15:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys 2014-06-08 05:13 - 2014-06-14 19:05 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-08 05:08 - 2014-06-14 19:05 - 00424448 _____ (Microsoft Corporation

Link to comment
Share on other sites

Hi and welcome

 

The scanners I will ask you to run will post logs back in Notepad. At the top of those txt.'s please do this

At the top you will see

File | Edit | Format, click on Format, please uncheck word wrap, this will post the logs where I can read them better,

 

 

-AdwCleaner-by Xplode

 

Click on this link to download : ADWCleaner

Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

 

Do not click on any links in the top Advertisment.

 

 

adwcleaner_download.png

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
  • NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.
*****************

 

Please download Malwarebytes Anti-Malware to your desktop

http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

Install the progamme and select update

Once it has updated select Settings > Detection and Protection

Tick Scan for rootkits

 

MBAMsettings.JPG

 

Go back to the Dashboard and select Threat Scan and then click on Scan Now

 

MBAMScan.JPG

 

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

 

MBAMReboot.JPG

 

MBAMLog.JPG

 

On completion of the scan (or after the reboot) select View Detailed Log

Select Export > Select text file and save to the desktop

Attach/Copy and paste that log

 

 

*******

Please post

C:\AdwCleaner.txt

Malwarebytes Anti-Malware log

Link to comment
Share on other sites

Could be your computer security protection is interfering but we'll go another route.

 

Locate on your desktop the first txt file Farbar Recovery Scan Tool made, should say FRST.txt, right click on that and select delete.

Do this also for Addition.txt.

 

Next, I want you to run it again

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • At the bottom will be a checkbox next to Addition.txt, please check this box before you run the tool.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • Before copy and pasting the logs, At the top of those txt.'s please do this

    At the top you will see

    File | Edit | Format, click on Format, please uncheck word wrap, this will post the logs where I can read them better,

Link to comment
Share on other sites

I want you to remove a Chrome - Extension: Speedial

 

Click the Chrome menu Chrome menu button on the browser toolbar, select Tools and then click on Extensions.

 

In the Extensions tab, remove Speedial by clicking on the Recycle Bin at the end of the row.

 

See here--> https://support.google.com/chrome/answer/113907?hl=en

 

~~~~~~~~~~~~~

 

all iolo, slimware and uniblue related products

 

We do not recommend the use of registry cleaners. No registry cleaner is completely safe since most do not even create a backup the potential is ever present to cause more problems than they claim to fix.

If you do not have knowledge of the registry, then you would probably be better off leaving it alone, and definitely not placing blind trust in a program to do the job for you.

Our colleague miekiemoes has an excellent writeup here

http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

 

We suggest uninstalling them via Add or Remove Programs in your Control Panel.

 

***********************

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

 

start

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [fst_us_114] => [X]

HKLM-x32\...\Run: [t4pc_en_6] => [X]

HKLM-x32\...\Runonce: [sMRequiresRestart] - [X]

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKLM-x32 - {1E75F549-593C-4890-BAC3-C26DFA7D2B98} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

SearchScopes: HKLM-x32 - {acbd5593-e5ee-4c15-b48f-1823ce819dec} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^ZU^xdm080^S01630^us&si=CPrTg6KtqLACFYhM4AodJRibZw&ptb=466DF877-49CD-418F-BF4A-D2C898D523DB&ind=2012053011&n=77ed7e13&psa=&st=sb&searchfor={searchTerms}

BHO-x32: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.625.1\NativeBHO.dll No File

Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

Toolbar: HKCU - No Name - {F5046A39-68F3-4732-995F-EB2EA26D93FB} - No File

Toolbar: HKCU - No Name - {313A832A-AAF3-4880-A8D0-C42BEE319C02} - No File

Toolbar: HKCU - No Name - {16BB67E0-6319-4077-BE84-F41269E051F3} - No File

FF Extension: No Name - C:\Users\Bedroom\AppData\Roaming\Mozilla\Firefox\Profiles\nwr4b26m.default\Extensions\shopcbtoolbar@befrugal.com [2014-04-26]

CHR Extension: (Delta Toolbar) - C:\Users\Bedroom\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2014-05-30]

R2 SupraSavingsService64; C:\Program Files (x86)\6E6B36EB-9156-411B-B951-C735F4747DCF\SupraSavingsService64.exe [172544 2014-06-25] () [File not signed]

S1 ssnfd; system32\drivers\ssnfd.sys [X]

C:\Program Files\SupraSavings

C:\Users\Public\dcmsvcsetup.exe

C:\Users\Public\invokesi.exe

Task: {0C55214F-57E3-4CEB-A94C-E5D9722B1F51} - System32\Tasks\4893 => Wscript.exe C:\Users\Bedroom\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION

Task: {44E84810-2FF8-4FBE-A856-1F8B6C17C18E} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION

Task: {4EA8A768-2F01-464F-B819-B41377F1C480} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION

Task: {77097F92-4E4A-4462-9920-E8814692CA96} - \APSnotifierPP2 No Task File <==== ATTENTION

Task: {861ADA8C-0106-4DA4-B8B1-F6A9EB1B9459} - System32\Tasks\pcreg => C:\Program Files\pcmax\service.exe <==== ATTENTION

Task: {C067AE0E-4C9B-4C04-8037-D0968C685CFD} - \APSnotifierPP3 No Task File <==== ATTENTION

Task: {D0775F22-7E55-472C-8190-9F0FC1635399} - \APSnotifierPP1 No Task File <==== ATTENTION

AlternateDataStreams: C:\ProgramData\Temp:373E1720

AlternateDataStreams: C:\Users\Bedroom\Documents\id card 1.jpeg:3or4kl4x13tuuug3Byamue2s4b

AlternateDataStreams: C:\Users\Bedroom\Documents\id card 1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

AlternateDataStreams: C:\Users\Bedroom\Documents\id card 2.jpeg:3or4kl4x13tuuug3Byamue2s4b

AlternateDataStreams: C:\Users\Bedroom\Documents\id card 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

AlternateDataStreams: C:\Users\Bedroom\Documents\id card.bmp:3or4kl4x13tuuug3Byamue2s4b

AlternateDataStreams: C:\Users\Bedroom\Documents\id card.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

end

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

******************

 

Please Run TFC by OldTimer to clear temporary files:

 

Download TFC from here http://oldtimer.geekstogo.com/TFC.exe

and save it to your desktop.

 

Close any open programs and Internet browsers.

Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.

Please be patient as clearing out temp files may take a while.

Once it completes you may be prompted to restart your computer, please do so.

Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

**************************

 

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.

Most reliable and thorough.

The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.

This scanner can take quite a bit of time to run, depending of course how full your computer is.

 

 

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish
****

Please post

Fixlog.txt

Eset log

Link to comment
Share on other sites

Good deal.

I see you let it deleted - quarantined what was found.

 

Make sure that the option Remove found threats is unticked

I ask people to do this in case of a false positive. However, yours went fine and I'm glad the popups have stopped.

 

Are there any other issues at the moment?

 

We need to remove the tools used plus quarantine folders. Then I'll post preventive tips.

Link to comment
Share on other sites

 

was wandering if I should keep the

Malwarebyte, FIRST64, TFC, IExplore, or ADWcleaner?

MalwareBytes, yes. Before using the tool update it first.

 

FRST, no. This needs to be removed or future antivirus scans will find it and consider it malicious. Plus, anything held in the quarantine folder needs to go so that an accidental re-install of a malicious item can't happen.

 

TFC, yes. Most use it about once a month or so.

 

ADWcleaner, yes and no.. The tool does not have an update button so it would need to be downloaded and used when you wanted to but, after it scans you need to look at what it's finding, need to rule out any false positives before allowing it to clean and delete what was found.

 

***************

 

 

  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked

    Also tick:

    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run

 

 

Any other tools and files found can simply be deleted or uninstall via Add/Remove Programs in the Control Panel etc.

 

 

If Delfix has deleted a tool you wanted to keep, just download it again.

 

*********************************************

 

Your good to go, good job!

 

Please take the time to read over a few of my preventive tips.

 

Computer Security

http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Be prepared for CryptoLocker:

 

Cryptolocker Ransomware: What You Need To Know

 

CryptoLocker Ransomware Information Guide and FAQ

 

to help protect your computer in the future I recommend that you get the following free programmes:

 

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

 

CryptoPrevent.JPG

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.

 

 

Firefox 3

The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

 

AdblockPlus

  • AdblockPlus, Surf the web without annoying ads!
  • Blocks banners, pop-ups and video ads - even on Facebook and YouTube
  • Protects your online privacy
  • Two-click installation, It's free!
  • click the icon that corresponds to your browser and download.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

*********************************************

Please read the following safe computing articles..

 

Secure My Computer: A Layered Approach

 

 

Free Antivirus-AntiSpyware-Firewall Software

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

 

 

  • It is possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
  • Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
  • You can check these by visiting Secunia Software Inspector or you can use the following application for this purpose PatchMyPC

 

 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...