edsa Posted July 18, 2013 ID:704364 Share Posted July 18, 2013 Addition.txt Link to post Share on other sites More sharing options...
edsa Posted July 18, 2013 Author ID:704366 Share Posted July 18, 2013 I had already emailed Catbyte that I am plagued by adware that appears most of the times I click the link of a webpage. The internet also often slows or stops responding and I have to keep refreshing (F5). I am attaching the FRST and Addition texts that were created after use of the Farbar Recovery Scan Tool. An error message said: 'You aren't permitted to up[load this kind of file' This the FRST.txt file. The other text file is OKAddition.txt So what do I do please?Addition.txt Link to post Share on other sites More sharing options...
Staff CatByte Posted July 18, 2013 Staff ID:704394 Share Posted July 18, 2013 Hello, Could you please post the content of the FRST.txt thanks Link to post Share on other sites More sharing options...
edsa Posted July 18, 2013 Author ID:704402 Share Posted July 18, 2013 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2013 Ran by Eddie (administrator) on 15-07-2013 10:05:30 Running from C:\Users\Eddie\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe () C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe () C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (Mirics Semiconductor Ltd) C:\Windows\system32\hauppauge\hcwD3dvb\DVBT\DVBService.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Alcatel-Lucent) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe (Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE (SourceTec Software Co., LTD) C:\Program Files (x86)\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe (PC Drivers Headquarters) C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe () C:\Program Files (x86)\AVG Secure Search\vprot.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation) C:\Windows\System32\Magnify.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Farbar) C:\Users\Eddie\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [smartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [611896 2010-09-15] () HKLM\...\Run: [btbb_McciTrayApp] - "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2821808 2012-11-23] (Alcatel-Lucent) HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.) HKLM\...\Run: [itype] - "c:\Program Files\Microsoft IntelliType Pro\itype.exe" [1873256 2011-08-10] (Microsoft Corporation) HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKCU\...\Run: [Web Video Downloader] - "C:\Program Files (x86)\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe" [5989752 2012-06-12] (SourceTec Software Co., LTD) HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKCU\...\Run: [skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.) HKCU\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-07-09] (Google Inc.) HKCU\...\Run: [Driver Manager] - C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false [3969400 2013-07-13] (PC Drivers Headquarters) HKCU\...\Run: [Xvid] - C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] () HKCU\...\Policies\system: [DisableLockWorkstation] 0 HKCU\...\Policies\system: [DisableChangePassword] 0 HKLM-x32\...\Run: [startCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-09-08] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [664600 2010-09-28] (PDF Complete Inc) HKLM-x32\...\Run: [HP Remote Solution] - %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-25] (Hewlett-Packard) HKLM-x32\...\Run: [bATINDICATOR] - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-09] (Hewlett-Packard) HKLM-x32\...\Run: [LaunchHPOSIAPP] - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-04] (Hewlett-Packard) HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-08-30] (EasyBits Software AS) HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.) HKLM-x32\...\Run: [TaskTray] - [x] HKLM-x32\...\Run: [vProt] - "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [2236080 2013-06-26] () HKLM-x32\...\Run: [brdefprn] - C:\Program Files (x86)\Brother\BRHL2035\Brdefprn.exe -d [45056 2009-07-08] () HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.) AppInit_DLLs: [0 ] () AppInit_DLLs-x32: c:\progra~3\browse~2\261339~1.144\{c16c1~1\browse~1.dll c:\progra~2\contin~1\sprote~1.dll [1050112 2013-01-24] () Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Start Menu\Programs\Startup\Snapfish PictureMover.lnk ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company) Startup: C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://news.google.com/news?ned=uk HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.a-searchpage.info/?pid=964&r=2013/06/07&hid=2948431811&lg=EN&cc=GB&unqvl=18 URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File URLSearchHook: (No Name) - {739df940-c5ee-4bab-9d7e-270894ae687a} - No File HKLM SearchScopes: DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=410&apn_dtid=BND410&apn_ptnrs=AGA&o=APN10649&apn_uid=5548756052104342&q={searchTerms} SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=410&apn_dtid=BND410&apn_ptnrs=AGA&o=APN10649&apn_uid=5548756052104342&q={searchTerms} SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/710-111095-2958-0/4?satitle={searchTerms}&mfe=Desktops HKLM-x32 SearchScopes: DefaultScope {FA13C156-AE0C-4973-B2C4-C31F5EFEAB4E} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=410&apn_dtid=BND410&apn_ptnrs=AGA&o=APN10649&apn_uid=5548756052104342&q={searchTerms} SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.a-searchpage.info/?l=1&q={searchTerms}&pid=964&r=2013/06/07&hid=2948431811&lg=EN&cc=GB&unqvl=18 SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/710-111095-2958-0/4?satitle={searchTerms}&mfe=Desktops SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_din2g&mntrId=161100FF46595BDA&affID=122298&tt=250613_gr3&tsp=4925 SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=STK&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=2DDB129A-779A-4866-9B3A-3DCC23BD3056&apn_sauid=CB2F2D22-9A0F-4140-9EB1-FD13558DCB64 SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={FD4A0962-2C12-43DD-93CE-91C6B366C47C}&mid=adc1cf4d6c3b4fbc946ee4f2e7d30bd8-5cb72af4629e2b10274d2705caff7ce47fa7daed〈=en&ds=hk011&pr=sa&d=2012-07-12 21:05:30&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=410&apn_dtid=BND410&apn_ptnrs=AGA&o=APN10649&apn_uid=5548756052104342&q={searchTerms} SearchScopes: HKCU - {B5970CB1-CC0A-418B-8E45-86FCF3E6AB73} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=bt-odbrws SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.a-searchpage.info/?l=1&q={searchTerms}&pid=964&r=2013/06/07&hid=2948431811&lg=EN&cc=GB&unqvl=18 SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/710-111095-2958-0/4?satitle={searchTerms}&mfe=Desktops SearchScopes: HKCU - {EA8AC88B-32EF-4AE9-A9ED-935FBDFBBE22} URL = http://www.flickr.com/search/?q={searchTerms} SearchScopes: HKCU - {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = SearchScopes: HKCU - {FA13C156-AE0C-4973-B2C4-C31F5EFEAB4E} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN40978677702659229&UM=2&SSPV=TB_C5 BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) BHO-x32: Cool Smiley Bar for Facebook - {4723AAA8-B2F9-4CC1-9E60-190976DB1FA4} - C:\Program Files (x86)\Cool Smiley Bar for Facebook\ScriptHost.dll (Plus Winks) BHO-x32: ccooNttinuetosave - {556DA3BF-D235-2B15-397C-698795A5F7BB} - C:\ProgramData\ccooNttinuetosave\51b222e5895d5.dll () BHO-x32: WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.) BHO-x32: SearchNewTab - {857F05BB-8F97-4670-2644-77ECE2911D89} - C:\ProgramData\SearchNewTab\51b222fc0c41a.dll () BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search) BHO-x32: ccooNttinuetosave - {9956AF12-A4C0-5708-2D58-5400F4324DA0} - C:\ProgramData\ccooNttinuetosave\51b21e7d33323.dll () BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) BHO-x32: SoThink Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) BHO-x32: ccooNttinuetosave - {EDB81517-14B1-09FF-3408-78FB4AAA338D} - C:\ProgramData\ccooNttinuetosave\51b223515ef87.dll () BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - SoThink Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search) Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) Toolbar: HKLM-x32 - WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKCU - No Name - {739DF940-C5EE-4BAB-9D7E-270894AE687A} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (AVG Secure Search) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52920 2011-03-16] (EasyBits Software Corp.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Chrome: ======= CHR Extension: (SearchNewTab) - C:\Users\Eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions\biogdpakigoblalpeidbcgdljeepjelf\1 CHR Extension: (YouTube) - C:\Users\Eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1 CHR Extension: (Google Search) - C:\Users\Eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1 CHR Extension: (Motive Extension) - C:\Users\Eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.0_0 CHR Extension: (ccooNttinuetosave) - C:\Users\Eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcplhnlcpbbdcmcmeigceeimoadmolak\1 CHR Extension: (Sothink web video downloader chrome extension) - C:\Users\Eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggpkaghlpmnpcmlcolhndoopcoipjeoe\1.0_0 CHR Extension: (SearchNewTab) - C:\Users\Eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmhkndjhcaacmdgfbinnpnmdcbhilgb\1 CHR Extension: (ccooNttinuetosave) - C:\Users\Eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajioafogdffknbipcdfdnlmdbcngmnk\1 CHR Extension: (ccooNttinuetosave) - C:\Users\Eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmpoolimommkkjpelhohdhlclbcphap\1 CHR Extension: (Skype Click to Call) - C:\Users\Eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0 CHR Extension: () - C:\Users\Eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mocblcnaofikinigmceddfghppkkjbog\1.0.0.3 CHR Extension: (AVG Secure Search) - C:\Users\Eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0 CHR Extension: (Gmail) - C:\Users\Eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 ==================== Services (Whitelisted) ================= R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2827728 2013-05-23] () S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH) R2 hcwD3bda_dvbt; C:\Windows\system32\hauppauge\hcwD3dvb\DVBT\DVBService.exe [2641920 2010-07-15] (Mirics Semiconductor Ltd) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation) R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2012-11-01] (Alcatel-Lucent) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc) R2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-06-26] (AVG Secure Search) ==================== Drivers (Whitelisted) ==================== R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-26] (AVG Technologies) R3 hcwD3bda; C:\Windows\System32\DRIVERS\hcwD3bda64.sys [116352 2010-07-15] (Mirics) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation) S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MREMP50a64; C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [43008 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA)) R3 MRESP50a64; C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [40960 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA)) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation) S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-15 10:05 - 2013-07-15 10:05 - 00000000 ____D C:\FRST 2013-07-15 10:03 - 2013-07-15 10:04 - 01777839 _____ (Farbar) C:\Users\Eddie\Downloads\FRST64 (1).exe 2013-07-15 10:00 - 2013-07-15 10:02 - 01777839 _____ (Farbar) C:\Users\Eddie\Downloads\FRST64.exe 2013-07-15 09:52 - 2013-07-15 09:52 - 00000000 ____D C:\Users\Eddie\AppData\Local\{14D63556-E4B8-4D38-AFAA-5A31CC9212E6} 2013-07-15 09:50 - 2013-07-15 09:50 - 00000056 _____ C:\Windows\setupact.log 2013-07-15 09:50 - 2013-07-15 09:50 - 00000000 _____ C:\Windows\setuperr.log 2013-07-14 11:48 - 2013-07-14 11:48 - 00023775 _____ C:\Users\Eddie\Desktop\Jul13- Play piano today What keybd to buy.eml 2013-07-14 11:46 - 2013-07-14 11:46 - 00000000 ____D C:\Users\Eddie\AppData\Local\{A489745A-40A8-4A00-A64C-80AEEFF44CD3} 2013-07-13 16:38 - 2013-07-13 16:38 - 00000000 ____D C:\Users\Eddie\AppData\Local\{71CD9CC5-E12B-4ED9-AFC7-85AB0A9BA2F9} 2013-07-12 22:13 - 2013-07-12 22:14 - 00000000 ____D C:\Users\Eddie\AppData\Local\{8E9C702F-D023-483F-A5C3-AC55E37AE583} 2013-07-12 10:13 - 2013-07-12 10:13 - 00000000 ____D C:\Users\Eddie\AppData\Local\{ABBEB59E-B704-4E16-95BA-C4352C270703} 2013-07-11 22:08 - 2013-07-11 22:08 - 00000000 ____D C:\Users\Eddie\AppData\Local\{0E8074E6-EA46-48A3-B3CD-4920F08EF03B} 2013-07-11 17:44 - 2013-06-18 19:22 - 00009264 _____ C:\Users\Eddie\Downloads\A story - and some advice for Blender users._._eml 2013-07-11 11:32 - 2013-07-11 11:32 - 00068965 _____ C:\Users\Eddie\Desktop\Xavier COMMON FALLACIES IN REASONING.eml 2013-07-11 10:28 - 2013-07-11 10:28 - 00090839 _____ C:\Users\Eddie\Desktop\Jul13- India's Parliament is awash with criminal MPs.eml 2013-07-11 10:07 - 2013-07-11 10:07 - 00000000 ____D C:\Users\Eddie\AppData\Local\{233D227A-388A-4220-A969-ED4527CEFDA1} 2013-07-10 22:31 - 2013-06-12 00:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-10 22:31 - 2013-06-12 00:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-10 22:31 - 2013-06-12 00:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-10 22:31 - 2013-06-12 00:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-10 22:31 - 2013-06-12 00:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-10 22:31 - 2013-06-12 00:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-10 22:31 - 2013-06-12 00:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-07-10 22:31 - 2013-06-12 00:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-10 22:31 - 2013-06-12 00:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-10 22:31 - 2013-06-12 00:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-07-10 22:31 - 2013-06-12 00:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-07-10 22:31 - 2013-06-12 00:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-07-10 22:31 - 2013-06-12 00:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-07-10 22:31 - 2013-06-12 00:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-10 22:31 - 2013-06-12 00:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-10 22:31 - 2013-06-12 00:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-07-10 22:31 - 2013-06-12 00:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-10 22:31 - 2013-06-12 00:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-10 22:31 - 2013-06-12 00:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-10 22:31 - 2013-06-12 00:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-10 22:31 - 2013-06-12 00:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-10 22:31 - 2013-06-12 00:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-10 22:31 - 2013-06-12 00:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-10 22:31 - 2013-06-12 00:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-07-10 22:31 - 2013-06-12 00:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-07-10 22:31 - 2013-06-12 00:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-10 22:31 - 2013-06-12 00:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-07-10 22:31 - 2013-06-11 23:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-10 22:31 - 2013-06-11 23:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-07-10 22:31 - 2013-06-07 04:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-10 22:31 - 2013-06-07 03:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-07-10 21:30 - 2013-07-10 21:30 - 00000000 ____D C:\Users\Eddie\AppData\Local\{1D93CD4B-0D65-4E9B-A2EA-0F36EE16B3BF} 2013-07-10 16:18 - 2013-06-05 04:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-07-10 16:18 - 2013-06-04 07:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2013-07-10 16:18 - 2013-06-04 05:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2013-07-10 16:18 - 2013-05-06 07:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-07-10 16:18 - 2013-05-06 05:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-10 16:17 - 2013-04-10 00:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-07-10 16:17 - 2013-04-02 23:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-07-10 09:29 - 2013-07-10 09:29 - 00000000 ____D C:\Users\Eddie\AppData\Local\{337DE0E6-28FB-4F81-848F-85C38D5F128E} 2013-07-10 09:27 - 2013-07-10 09:27 - 00000000 ____D C:\Users\Eddie\AppData\Local\Adobe 2013-07-09 21:18 - 2013-04-16 13:56 - 00003273 _____ C:\Users\Eddie\Desktop\Blender Addon _ Automatic Rig Layer Panel.rss 2013-07-09 10:45 - 2013-07-09 11:00 - 02749856 _____ (Microsoft Corporation) C:\Users\Eddie\Downloads\EIE10_EN-US_MCM_Win764L.EXE 2013-07-09 09:49 - 2013-07-09 09:49 - 00000000 ____D C:\Users\Eddie\AppData\Local\{88181B4D-F7CB-4569-A61D-124B451AFB36} 2013-07-08 21:49 - 2013-07-08 21:49 - 00000000 ____D C:\Users\Eddie\AppData\Local\{57FC5215-D3D3-4671-B593-84D9E62DE510} 2013-07-08 09:48 - 2013-07-08 09:49 - 00000000 ____D C:\Users\Eddie\AppData\Local\{644CD492-6BDE-437E-82BD-AD1327BD3867} 2013-07-07 14:59 - 2013-07-07 14:59 - 00000000 ____D C:\Users\Eddie\AppData\Local\{51169B30-1722-4937-B28A-5114B97E04D9} 2013-07-06 20:45 - 2013-07-06 20:45 - 00000000 ____D C:\Users\Eddie\AppData\Local\{53115A6A-455B-4475-86AD-C3458A282534} 2013-07-06 17:02 - 2013-07-06 17:02 - 00000000 ____D C:\Hewlett-Packard 2013-07-06 08:26 - 2013-07-06 08:26 - 00000000 ____D C:\Users\Eddie\AppData\Local\{22F6936A-307D-4CF9-97D1-016E2B965E33} 2013-07-05 10:07 - 2013-07-08 10:47 - 00000000 ___RD C:\Users\Eddie\Desktop\SPECIAL pieces (UN shame on Snowden) 2013-07-05 10:02 - 2013-07-05 10:03 - 00000000 ____D C:\Users\Eddie\AppData\Local\{ACDB2DCA-49FF-4441-B809-3D030BD1E134} 2013-07-04 21:44 - 2013-07-04 21:45 - 00000000 ____D C:\Users\Eddie\AppData\Local\{08DDA3FF-7F1A-4549-8349-C29E311F05C1} 2013-07-04 10:57 - 2013-07-11 19:00 - 00009264 _____ C:\Users\Eddie\Desktop\test.eml 2013-07-04 09:44 - 2013-07-04 09:44 - 00001847 _____ C:\Users\Public\Desktop\QuickTime Player V7.7.4.lnk 2013-07-04 09:16 - 2013-07-04 09:16 - 00000000 ____D C:\Users\Eddie\AppData\Local\{E2C6E8C2-6B9E-43BA-8763-1A3F082089A7} 2013-07-03 22:03 - 2013-07-04 10:56 - 00000000 ___RD C:\Users\Eddie\Desktop\CG orgs 2013-07-03 16:27 - 2013-07-03 16:27 - 00000000 ____D C:\Users\Eddie\AppData\Local\{74D12FBC-40F9-4664-BFED-6A113AB27A82} 2013-07-02 21:11 - 2013-07-02 21:11 - 00000000 ____D C:\Users\Eddie\AppData\Local\{3E14F56B-F819-47A9-88F4-A3B18011B525} 2013-07-02 09:11 - 2013-07-02 09:11 - 00000000 ____D C:\Users\Eddie\AppData\Local\{42C668B2-4B23-41CC-9C64-309FD15C26B6} 2013-07-02 09:09 - 2013-07-14 23:47 - 00000000 ____D C:\Users\Eddie\Desktop\1-mix 2013-07-01 16:46 - 2013-07-01 16:47 - 00000000 ___RD C:\Users\Eddie\Desktop\IE10 installed 09Jul13 2013-07-01 15:50 - 2013-07-01 15:50 - 00000000 ____D C:\Users\Eddie\AppData\Local\{92E64A13-EF3A-4A7C-9AA8-DCBC8F9FDE22} 2013-06-30 10:37 - 2013-06-30 10:37 - 00000000 ____D C:\Users\Eddie\AppData\Local\{50BE0455-DAD7-4F6E-806E-F60E43771659} 2013-06-29 21:39 - 2013-06-29 21:39 - 01116584 _____ (AirInstaller Inc.) C:\Users\Eddie\Downloads\Setup (1).exe 2013-06-29 15:12 - 2013-06-29 15:12 - 00000000 ____D C:\Users\Eddie\AppData\Local\{201A8CEF-69A1-4593-B104-96A9351B3308} 2013-06-28 23:00 - 2013-06-28 23:00 - 00000000 ____D C:\Users\Eddie\AppData\Local\{EC6CB20F-D76D-42B8-8B19-B061583EC193} 2013-06-28 09:14 - 2013-06-28 09:15 - 00000000 ____D C:\Users\Eddie\AppData\Local\{A817B7AF-9289-4D50-87BF-0FCE626E359D} 2013-06-27 19:03 - 2013-06-27 19:03 - 00000000 ____D C:\Users\Eddie\AppData\Local\{B9A79EBF-D16A-45F1-956E-FDFAC63C8E46} 2013-06-27 05:45 - 2013-06-27 05:45 - 00000000 ____D C:\Users\Eddie\AppData\Local\{B2E7FF49-B3E6-4102-B202-DEA3B560BB3A} 2013-06-26 22:34 - 2013-06-26 22:34 - 00000997 _____ C:\Users\Eddie\Desktop\CT WebD - Shortcut.lnk 2013-06-26 21:59 - 2013-06-26 22:00 - 13691806 _____ C:\Users\Eddie\Downloads\videodownloader (2).zip 2013-06-26 21:46 - 2013-06-26 21:46 - 00000000 ____D C:\Windows\SysWOW64\cache 2013-06-26 19:01 - 2013-06-26 19:01 - 00513024 _____ C:\Users\Eddie\Downloads\web_downldr.zip 2013-06-26 18:15 - 2013-06-26 18:15 - 00008973 _____ C:\Users\Eddie\Desktop\Jul13- BGuru Trailer for Architecture Academy.eml 2013-06-26 17:49 - 2013-06-26 18:18 - 00000000 ___HD C:\Windows\AxInstSV 2013-06-26 12:25 - 2013-06-26 12:26 - 00003388 _____ C:\Windows\System32\Tasks\EPUpdater 2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Windows\SysWOW64\searchplugins 2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Windows\SysWOW64\Extensions 2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\PlusWinks 2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\Mozilla 2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter 2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender 2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\File Scout 2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\Delta 2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\Babylon 2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\BabSolution 2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\ProgramData\BrowserDefender 2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\ProgramData\Babylon 2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Program Files (x86)\Haali 2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Program Files (x86)\ffdshow 2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Program Files (x86)\Delta 2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Program Files (x86)\Cool Smiley Bar for Facebook 2013-06-26 12:25 - 2012-04-09 00:40 - 00079360 _____ C:\Windows\SysWOW64\ff_vfw.dll 2013-06-26 12:23 - 2013-06-26 12:23 - 00692544 _____ () C:\Users\Eddie\Downloads\CodecPerformerSetup.exe 2013-06-26 10:02 - 2013-06-26 10:02 - 00000000 ____D C:\Users\Eddie\AppData\Local\{9C3FF6C6-34E5-4635-B22C-ED07D7994764} 2013-06-25 20:27 - 2013-06-25 20:27 - 00000000 ____D C:\Users\Eddie\AppData\Local\{78D4AC00-9668-4B58-8B76-9395546EC1D7} 2013-06-25 08:22 - 2013-06-25 08:22 - 00000000 ____D C:\Users\Eddie\AppData\Local\{5D803B5E-ADE8-41C9-82D7-C184EFFE9B8C} 2013-06-24 16:01 - 2013-06-24 16:01 - 00000000 ____D C:\Users\Eddie\AppData\Local\{5507CC77-1C7E-4E5E-9E88-1A6F7BF3CD4A} 2013-06-23 21:44 - 2013-06-23 21:45 - 00000000 ____D C:\Users\Eddie\AppData\Local\{3390D848-80D5-40F4-9422-23569D5F7ABA} 2013-06-23 16:38 - 2013-07-12 18:29 - 00001388 _____ C:\Users\Eddie\Desktop\VITCHEK - Shortcut.lnk 2013-06-23 09:44 - 2013-06-23 09:44 - 00000000 ____D C:\Users\Eddie\AppData\Local\{4EEE99C9-C2CB-4454-9D59-52E7FD33F2E9} 2013-06-22 21:40 - 2013-06-22 21:41 - 00000000 ____D C:\Users\Eddie\AppData\Local\{9AC5EDB5-A47A-4246-866D-7D77E435A7D3} 2013-06-22 09:40 - 2013-06-22 09:40 - 00000000 ____D C:\Users\Eddie\AppData\Local\{99FCC76B-1D6F-43F8-A34B-DB53848913F0} 2013-06-21 21:40 - 2013-06-21 21:40 - 00000000 ____D C:\Users\Eddie\AppData\Local\{9DB0956D-B876-4BB3-8F3C-BAAA79683687} 2013-06-21 16:56 - 2013-06-21 16:56 - 01825632 _____ ( ) C:\Users\Eddie\Downloads\setup.exe 2013-06-21 09:39 - 2013-06-21 09:39 - 00000000 ____D C:\Users\Eddie\AppData\Local\{A5382006-242B-41FD-96AF-F4ACE8F91C00} 2013-06-20 21:19 - 2013-06-20 21:19 - 00000000 ____D C:\Users\Eddie\AppData\Local\{4DB8EA57-E2D7-4F7E-865F-CFE3827E5DCC} 2013-06-20 16:25 - 2013-06-21 17:04 - 00001595 _____ C:\Users\Eddie\Desktop\TEXTURES (selected).lnk 2013-06-20 09:19 - 2013-06-20 09:19 - 00000000 ____D C:\Users\Eddie\AppData\Local\{C2DA2A62-378C-47CC-91ED-49AF858DB18E} 2013-06-19 21:18 - 2013-06-19 21:18 - 00000000 ____D C:\Users\Eddie\AppData\Local\{58E25D9A-1D6E-4EC3-8941-7B2D7B9E6656} 2013-06-19 09:43 - 2013-06-19 09:47 - 91386504 _____ C:\Users\Eddie\Downloads\BlenderGuru+-+Cobblestone+Street+Final.blend 2013-06-19 09:17 - 2013-06-19 09:17 - 00000000 ____D C:\Users\Eddie\AppData\Local\{8B606858-8A41-40EC-B961-C5971CEA0311} 2013-06-18 21:08 - 2013-06-18 21:08 - 00000000 ____D C:\Users\Eddie\AppData\Local\{B2B76254-8CAC-4D69-94F2-91C3C1CA4BF1} 2013-06-18 21:03 - 2013-06-18 19:22 - 00009264 _____ C:\Users\Eddie\Desktop\BGuru advice and top art samples._eml 2013-06-18 21:02 - 2013-06-18 19:22 - 00009264 _____ C:\Users\Eddie\Desktop\Jun13 A story, advice for Blender users+ lots of top art._eml 2013-06-18 09:55 - 2013-07-03 18:10 - 00000000 ___RD C:\Users\Eddie\Desktop\RAVINDER Ramblings 2013-06-18 09:08 - 2013-06-18 09:08 - 00000000 ____D C:\Users\Eddie\AppData\Local\{AD12FFD5-06C9-4BCE-9FF0-8C7A06ED85F8} 2013-06-17 11:28 - 2013-06-17 11:28 - 00048900 _____ C:\Users\Eddie\Desktop\RE_ Foreign impressions of India today - Sean Kelley.eml 2013-06-17 10:40 - 2013-06-17 10:40 - 00009872 _____ C:\Users\Eddie\Desktop\[Goanet-News] 10 Useful Goa Websites (GoaStreets.com).eml 2013-06-17 10:38 - 2013-06-17 10:38 - 00000000 ____D C:\Users\Eddie\AppData\Local\{DB19CEF9-0195-45CC-90CC-6135A3466137} 2013-06-16 21:35 - 2013-06-16 21:35 - 00000000 ____D C:\Users\Eddie\AppData\Local\{B71AADD1-F978-41A6-8695-EF374B52A29C} 2013-06-16 20:51 - 2013-06-16 20:58 - 00000000 ___RD C:\Users\Eddie\Documents\West- Bilderberg group 2013-06-16 09:35 - 2013-06-16 09:35 - 00000000 ____D C:\Users\Eddie\AppData\Local\{54CD1500-3967-468A-BAEA-84102759F446} 2013-06-15 16:00 - 2013-06-15 16:01 - 63961895 _____ C:\Users\Eddie\Downloads\BGuru_sintel_cycles_starter.blend 2013-06-15 09:24 - 2013-06-15 09:24 - 00000000 ____D C:\Users\Eddie\AppData\Local\{1E3FA71E-2431-4ECE-A90A-92F7126F4465} ==================== One Month Modified Files and Folders ======= 2013-07-15 10:05 - 2013-07-15 10:05 - 00000000 ____D C:\FRST 2013-07-15 10:04 - 2013-07-15 10:03 - 01777839 _____ (Farbar) C:\Users\Eddie\Downloads\FRST64 (1).exe 2013-07-15 10:02 - 2013-07-15 10:00 - 01777839 _____ (Farbar) C:\Users\Eddie\Downloads\FRST64.exe 2013-07-15 09:57 - 2009-07-14 05:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-15 09:57 - 2009-07-14 05:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-15 09:53 - 2011-10-24 17:07 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A8DCE1B2-E8F1-46B8-BABB-2C9EA28F3950} 2013-07-15 09:52 - 2013-07-15 09:52 - 00000000 ____D C:\Users\Eddie\AppData\Local\{14D63556-E4B8-4D38-AFAA-5A31CC9212E6} 2013-07-15 09:50 - 2013-07-15 09:50 - 00000056 _____ C:\Windows\setupact.log 2013-07-15 09:50 - 2013-07-15 09:50 - 00000000 _____ C:\Windows\setuperr.log 2013-07-15 09:50 - 2013-06-08 15:37 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job 2013-07-15 09:50 - 2013-05-31 20:43 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2013-07-15 09:50 - 2011-07-09 10:01 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-15 09:50 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-07-15 00:11 - 2011-03-16 20:07 - 01224410 _____ C:\Windows\WindowsUpdate.log 2013-07-15 00:10 - 2011-07-08 17:14 - 00000248 _____ C:\Windows\Brownie.ini 2013-07-15 00:08 - 2011-07-08 21:23 - 00000000 ____D C:\Users\Eddie\AppData\Local\CrashDumps 2013-07-15 00:08 - 2009-07-24 20:22 - 00000000 ____D C:\Windows\Panther 2013-07-14 23:50 - 2012-03-30 09:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-14 23:47 - 2013-07-02 09:09 - 00000000 ____D C:\Users\Eddie\Desktop\1-mix 2013-07-14 23:27 - 2011-07-09 10:01 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-14 22:04 - 2011-07-08 12:21 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\vlc 2013-07-14 21:17 - 2013-02-04 11:05 - 00000000 ___RD C:\Users\Eddie\Desktop\INDIA CRITICALS 2013-07-14 18:27 - 2012-05-27 11:28 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\Skype 2013-07-14 17:25 - 2013-06-11 16:12 - 00000000 ___RD C:\Users\Eddie\Desktop\US-UK SPY Culture (Snowden etc) 2013-07-14 12:06 - 2013-04-29 15:51 - 00000000 ___RD C:\Users\Eddie\Desktop\Australia 2013-07-14 11:49 - 2012-10-09 18:32 - 00000000 ___RD C:\Users\Eddie\Desktop\Piano lessons 2013-07-14 11:48 - 2013-07-14 11:48 - 00023775 _____ C:\Users\Eddie\Desktop\Jul13- Play piano today What keybd to buy.eml 2013-07-14 11:46 - 2013-07-14 11:46 - 00000000 ____D C:\Users\Eddie\AppData\Local\{A489745A-40A8-4A00-A64C-80AEEFF44CD3} 2013-07-13 17:47 - 2011-10-29 15:36 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2013-07-13 17:47 - 2011-07-08 10:13 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log 2013-07-13 17:46 - 2011-07-08 10:11 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\HpUpdate 2013-07-13 17:46 - 2011-07-08 10:11 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\HP Support Assistant 2013-07-13 17:28 - 2011-07-29 22:12 - 00002104 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-07-13 16:38 - 2013-07-13 16:38 - 00000000 ____D C:\Users\Eddie\AppData\Local\{71CD9CC5-E12B-4ED9-AFC7-85AB0A9BA2F9} 2013-07-13 16:37 - 2013-01-13 12:27 - 00000000 ____D C:\ProgramData\UAB 2013-07-12 22:22 - 2011-07-09 10:01 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-07-12 22:22 - 2011-07-09 10:01 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-07-12 22:14 - 2013-07-12 22:13 - 00000000 ____D C:\Users\Eddie\AppData\Local\{8E9C702F-D023-483F-A5C3-AC55E37AE583} 2013-07-12 18:29 - 2013-06-23 16:38 - 00001388 _____ C:\Users\Eddie\Desktop\VITCHEK - Shortcut.lnk 2013-07-12 18:29 - 2013-03-13 12:01 - 00001860 _____ C:\Users\Eddie\Desktop\# PROJECT LIST.lnk 2013-07-12 18:29 - 2013-01-10 23:01 - 00002307 _____ C:\Users\Eddie\Desktop\COMPOS.lnk 2013-07-12 16:55 - 2013-02-17 18:23 - 00000000 ___RD C:\Users\Eddie\Desktop\Finance & TAX dodging 2013-07-12 11:12 - 2011-03-16 20:18 - 00000000 ____D C:\ProgramData\PDFC 2013-07-12 10:13 - 2013-07-12 10:13 - 00000000 ____D C:\Users\Eddie\AppData\Local\{ABBEB59E-B704-4E16-95BA-C4352C270703} 2013-07-11 22:08 - 2013-07-11 22:08 - 00000000 ____D C:\Users\Eddie\AppData\Local\{0E8074E6-EA46-48A3-B3CD-4920F08EF03B} 2013-07-11 19:00 - 2013-07-04 10:57 - 00009264 _____ C:\Users\Eddie\Desktop\test.eml 2013-07-11 11:32 - 2013-07-11 11:32 - 00068965 _____ C:\Users\Eddie\Desktop\Xavier COMMON FALLACIES IN REASONING.eml 2013-07-11 10:28 - 2013-07-11 10:28 - 00090839 _____ C:\Users\Eddie\Desktop\Jul13- India's Parliament is awash with criminal MPs.eml 2013-07-11 10:07 - 2013-07-11 10:07 - 00000000 ____D C:\Users\Eddie\AppData\Local\{233D227A-388A-4220-A969-ED4527CEFDA1} 2013-07-11 10:05 - 2009-07-14 05:45 - 00432992 _____ C:\Windows\system32\FNTCACHE.DAT 2013-07-11 10:03 - 2013-03-14 23:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-11 10:03 - 2013-03-14 23:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-07-11 10:03 - 2009-07-14 08:45 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-11 10:03 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-11 10:03 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-07-10 22:36 - 2009-07-14 06:13 - 00791122 _____ C:\Windows\system32\PerfStringBackup.INI 2013-07-10 22:32 - 2011-07-07 19:39 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-07-10 22:27 - 2011-07-23 11:39 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-07-10 21:30 - 2013-07-10 21:30 - 00000000 ____D C:\Users\Eddie\AppData\Local\{1D93CD4B-0D65-4E9B-A2EA-0F36EE16B3BF} 2013-07-10 10:03 - 2013-03-31 18:22 - 00000000 ___RD C:\Users\Eddie\Desktop\KOREA- US Crimes 2013-07-10 09:29 - 2013-07-10 09:29 - 00000000 ____D C:\Users\Eddie\AppData\Local\{337DE0E6-28FB-4F81-848F-85C38D5F128E} 2013-07-10 09:27 - 2013-07-10 09:27 - 00000000 ____D C:\Users\Eddie\AppData\Local\Adobe 2013-07-10 09:27 - 2012-03-30 09:22 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-07-10 09:27 - 2012-03-30 09:22 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-07-10 09:27 - 2011-07-15 19:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-07-09 16:33 - 2011-07-29 16:39 - 00000000 ____D C:\Users\Eddie\India folders 2013-07-09 11:00 - 2013-07-09 10:45 - 02749856 _____ (Microsoft Corporation) C:\Users\Eddie\Downloads\EIE10_EN-US_MCM_Win764L.EXE 2013-07-09 10:46 - 2011-07-07 20:57 - 00000000 ___HD C:\Windows\msdownld.tmp 2013-07-09 09:49 - 2013-07-09 09:49 - 00000000 ____D C:\Users\Eddie\AppData\Local\{88181B4D-F7CB-4569-A61D-124B451AFB36} 2013-07-08 22:38 - 2011-07-07 20:23 - 00770968 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-07-08 21:49 - 2013-07-08 21:49 - 00000000 ____D C:\Users\Eddie\AppData\Local\{57FC5215-D3D3-4671-B593-84D9E62DE510} 2013-07-08 10:47 - 2013-07-05 10:07 - 00000000 ___RD C:\Users\Eddie\Desktop\SPECIAL pieces (UN shame on Snowden) 2013-07-08 09:49 - 2013-07-08 09:48 - 00000000 ____D C:\Users\Eddie\AppData\Local\{644CD492-6BDE-437E-82BD-AD1327BD3867} 2013-07-07 14:59 - 2013-07-07 14:59 - 00000000 ____D C:\Users\Eddie\AppData\Local\{51169B30-1722-4937-B28A-5114B97E04D9} 2013-07-07 14:57 - 2012-12-09 11:40 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForEddie.job 2013-07-06 20:45 - 2013-07-06 20:45 - 00000000 ____D C:\Users\Eddie\AppData\Local\{53115A6A-455B-4475-86AD-C3458A282534} 2013-07-06 17:15 - 2011-07-23 16:58 - 00000000 ____D C:\tmp 2013-07-06 17:02 - 2013-07-06 17:02 - 00000000 ____D C:\Hewlett-Packard 2013-07-06 17:02 - 2012-12-09 11:40 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForEddie 2013-07-06 17:02 - 2011-07-07 14:05 - 00000000 ____D C:\Users\Eddie 2013-07-06 17:02 - 2011-03-16 20:05 - 00000000 ____D C:\ProgramData\Hewlett-Packard 2013-07-06 16:43 - 2011-10-06 15:48 - 00003218 _____ C:\Windows\System32\Tasks\HPCeeScheduleForEDDIE-HP$ 2013-07-06 16:43 - 2011-10-06 15:48 - 00000342 _____ C:\Windows\Tasks\HPCeeScheduleForEDDIE-HP$.job 2013-07-06 08:26 - 2013-07-06 08:26 - 00000000 ____D C:\Users\Eddie\AppData\Local\{22F6936A-307D-4CF9-97D1-016E2B965E33} 2013-07-05 10:03 - 2013-07-05 10:02 - 00000000 ____D C:\Users\Eddie\AppData\Local\{ACDB2DCA-49FF-4441-B809-3D030BD1E134} 2013-07-04 21:45 - 2013-07-04 21:44 - 00000000 ____D C:\Users\Eddie\AppData\Local\{08DDA3FF-7F1A-4549-8349-C29E311F05C1} 2013-07-04 10:56 - 2013-07-03 22:03 - 00000000 ___RD C:\Users\Eddie\Desktop\CG orgs 2013-07-04 09:44 - 2013-07-04 09:44 - 00001847 _____ C:\Users\Public\Desktop\QuickTime Player V7.7.4.lnk 2013-07-04 09:44 - 2012-11-08 11:12 - 00000000 ____D C:\Program Files (x86)\QuickTime 2013-07-04 09:16 - 2013-07-04 09:16 - 00000000 ____D C:\Users\Eddie\AppData\Local\{E2C6E8C2-6B9E-43BA-8763-1A3F082089A7} 2013-07-03 18:10 - 2013-06-18 09:55 - 00000000 ___RD C:\Users\Eddie\Desktop\RAVINDER Ramblings 2013-07-03 16:27 - 2013-07-03 16:27 - 00000000 ____D C:\Users\Eddie\AppData\Local\{74D12FBC-40F9-4664-BFED-6A113AB27A82} 2013-07-02 21:11 - 2013-07-02 21:11 - 00000000 ____D C:\Users\Eddie\AppData\Local\{3E14F56B-F819-47A9-88F4-A3B18011B525} 2013-07-02 09:11 - 2013-07-02 09:11 - 00000000 ____D C:\Users\Eddie\AppData\Local\{42C668B2-4B23-41CC-9C64-309FD15C26B6} 2013-07-01 16:47 - 2013-07-01 16:46 - 00000000 ___RD C:\Users\Eddie\Desktop\IE10 installed 09Jul13 2013-07-01 16:43 - 2012-08-06 09:52 - 00000000 ___RD C:\Users\Eddie\Desktop\Japan 2013-07-01 16:41 - 2012-03-24 10:47 - 00000000 ___RD C:\Users\Eddie\Desktop\CHINA issues 2013-07-01 16:08 - 2012-04-25 11:20 - 00000000 ____D C:\Users\Eddie\Documents\- BT BILLs 2013-07-01 15:50 - 2013-07-01 15:50 - 00000000 ____D C:\Users\Eddie\AppData\Local\{92E64A13-EF3A-4A7C-9AA8-DCBC8F9FDE22} 2013-06-30 10:37 - 2013-06-30 10:37 - 00000000 ____D C:\Users\Eddie\AppData\Local\{50BE0455-DAD7-4F6E-806E-F60E43771659} 2013-06-29 21:39 - 2013-06-29 21:39 - 01116584 _____ (AirInstaller Inc.) C:\Users\Eddie\Downloads\Setup (1).exe 2013-06-29 15:12 - 2013-06-29 15:12 - 00000000 ____D C:\Users\Eddie\AppData\Local\{201A8CEF-69A1-4593-B104-96A9351B3308} 2013-06-28 23:07 - 2011-07-07 14:14 - 00000000 ___RD C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-06-28 23:00 - 2013-06-28 23:00 - 00000000 ____D C:\Users\Eddie\AppData\Local\{EC6CB20F-D76D-42B8-8B19-B061583EC193} 2013-06-28 09:15 - 2013-06-28 09:14 - 00000000 ____D C:\Users\Eddie\AppData\Local\{A817B7AF-9289-4D50-87BF-0FCE626E359D} 2013-06-28 09:08 - 2011-07-07 14:14 - 00000000 ____D C:\Users\Eddie\AppData\Local\VirtualStore 2013-06-27 19:03 - 2013-06-27 19:03 - 00000000 ____D C:\Users\Eddie\AppData\Local\{B9A79EBF-D16A-45F1-956E-FDFAC63C8E46} 2013-06-27 05:45 - 2013-06-27 05:45 - 00000000 ____D C:\Users\Eddie\AppData\Local\{B2E7FF49-B3E6-4102-B202-DEA3B560BB3A} 2013-06-26 22:34 - 2013-06-26 22:34 - 00000997 _____ C:\Users\Eddie\Desktop\CT WebD - Shortcut.lnk 2013-06-26 22:00 - 2013-06-26 21:59 - 13691806 _____ C:\Users\Eddie\Downloads\videodownloader (2).zip 2013-06-26 21:46 - 2013-06-26 21:46 - 00000000 ____D C:\Windows\SysWOW64\cache 2013-06-26 21:46 - 2012-08-30 18:51 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys 2013-06-26 21:46 - 2012-07-12 21:05 - 00000000 ____D C:\ProgramData\AVG Secure Search 2013-06-26 21:46 - 2012-07-12 21:05 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search 2013-06-26 20:57 - 2011-08-26 17:03 - 00000000 ____D C:\Program Files (x86)\Sothink Web Video Downloader Stand-alone 2013-06-26 19:01 - 2013-06-26 19:01 - 00513024 _____ C:\Users\Eddie\Downloads\web_downldr.zip 2013-06-26 18:18 - 2013-06-26 17:49 - 00000000 ___HD C:\Windows\AxInstSV 2013-06-26 18:15 - 2013-06-26 18:15 - 00008973 _____ C:\Users\Eddie\Desktop\Jul13- BGuru Trailer for Architecture Academy.eml 2013-06-26 12:26 - 2013-06-26 12:25 - 00003388 _____ C:\Windows\System32\Tasks\EPUpdater 2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Windows\SysWOW64\searchplugins 2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Windows\SysWOW64\Extensions 2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\PlusWinks 2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\Mozilla 2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter 2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender 2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\File Scout 2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\Delta 2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\Babylon 2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\BabSolution 2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\ProgramData\BrowserDefender 2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\ProgramData\Babylon 2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Program Files (x86)\Haali 2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Program Files (x86)\ffdshow 2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Program Files (x86)\Delta 2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Program Files (x86)\Cool Smiley Bar for Facebook 2013-06-26 12:23 - 2013-06-26 12:23 - 00692544 _____ () C:\Users\Eddie\Downloads\CodecPerformerSetup.exe 2013-06-26 10:02 - 2013-06-26 10:02 - 00000000 ____D C:\Users\Eddie\AppData\Local\{9C3FF6C6-34E5-4635-B22C-ED07D7994764} 2013-06-25 20:27 - 2013-06-25 20:27 - 00000000 ____D C:\Users\Eddie\AppData\Local\{78D4AC00-9668-4B58-8B76-9395546EC1D7} 2013-06-25 08:22 - 2013-06-25 08:22 - 00000000 ____D C:\Users\Eddie\AppData\Local\{5D803B5E-ADE8-41C9-82D7-C184EFFE9B8C} 2013-06-24 16:01 - 2013-06-24 16:01 - 00000000 ____D C:\Users\Eddie\AppData\Local\{5507CC77-1C7E-4E5E-9E88-1A6F7BF3CD4A} 2013-06-24 16:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2013-06-23 21:45 - 2013-06-23 21:44 - 00000000 ____D C:\Users\Eddie\AppData\Local\{3390D848-80D5-40F4-9422-23569D5F7ABA} 2013-06-23 16:38 - 2011-09-08 19:46 - 00000000 ____D C:\Users\Eddie\Documents\- CRITICS & COMMENTATORS (West) 2013-06-23 09:44 - 2013-06-23 09:44 - 00000000 ____D C:\Users\Eddie\AppData\Local\{4EEE99C9-C2CB-4454-9D59-52E7FD33F2E9} 2013-06-22 22:09 - 2011-07-09 10:01 - 00000000 ____D C:\Users\Eddie\AppData\Local\Google 2013-06-22 21:41 - 2013-06-22 21:40 - 00000000 ____D C:\Users\Eddie\AppData\Local\{9AC5EDB5-A47A-4246-866D-7D77E435A7D3} 2013-06-22 09:40 - 2013-06-22 09:40 - 00000000 ____D C:\Users\Eddie\AppData\Local\{99FCC76B-1D6F-43F8-A34B-DB53848913F0} 2013-06-21 21:40 - 2013-06-21 21:40 - 00000000 ____D C:\Users\Eddie\AppData\Local\{9DB0956D-B876-4BB3-8F3C-BAAA79683687} 2013-06-21 17:04 - 2013-06-20 16:25 - 00001595 _____ C:\Users\Eddie\Desktop\TEXTURES (selected).lnk 2013-06-21 16:56 - 2013-06-21 16:56 - 01825632 _____ ( ) C:\Users\Eddie\Downloads\setup.exe 2013-06-21 09:55 - 2012-03-09 17:50 - 00000000 ___RD C:\Users\Eddie\Desktop\ISRAEL Seminals 2013-06-21 09:47 - 2013-02-15 10:59 - 00000000 ___RD C:\Users\Eddie\Desktop\SYRIA + India 2013-06-21 09:39 - 2013-06-21 09:39 - 00000000 ____D C:\Users\Eddie\AppData\Local\{A5382006-242B-41FD-96AF-F4ACE8F91C00} 2013-06-20 21:19 - 2013-06-20 21:19 - 00000000 ____D C:\Users\Eddie\AppData\Local\{4DB8EA57-E2D7-4F7E-865F-CFE3827E5DCC} 2013-06-20 20:50 - 2011-07-08 10:46 - 00000000 ____D C:\Users\Eddie\AppData\Local\Windows Live 2013-06-20 09:19 - 2013-06-20 09:19 - 00000000 ____D C:\Users\Eddie\AppData\Local\{C2DA2A62-378C-47CC-91ED-49AF858DB18E} 2013-06-19 21:18 - 2013-06-19 21:18 - 00000000 ____D C:\Users\Eddie\AppData\Local\{58E25D9A-1D6E-4EC3-8941-7B2D7B9E6656} 2013-06-19 19:10 - 2012-08-13 08:42 - 00001342 _____ C:\Users\Public\Desktop\BT Desktop Help.lnk 2013-06-19 09:47 - 2013-06-19 09:43 - 91386504 _____ C:\Users\Eddie\Downloads\BlenderGuru+-+Cobblestone+Street+Final.blend 2013-06-19 09:17 - 2013-06-19 09:17 - 00000000 ____D C:\Users\Eddie\AppData\Local\{8B606858-8A41-40EC-B961-C5971CEA0311} 2013-06-18 21:08 - 2013-06-18 21:08 - 00000000 ____D C:\Users\Eddie\AppData\Local\{B2B76254-8CAC-4D69-94F2-91C3C1CA4BF1} 2013-06-18 21:01 - 2013-06-10 20:36 - 00001179 _____ C:\Users\Eddie\Desktop\WILLs - Shortcut.lnk 2013-06-18 21:01 - 2013-04-24 21:11 - 00002566 _____ C:\Users\Eddie\Desktop\- PHONEMES & mouth shapes - Shortcut.lnk 2013-06-18 21:01 - 2012-12-27 10:35 - 00002361 _____ C:\Users\Eddie\Desktop\CYCLES.lnk 2013-06-18 19:22 - 2013-07-11 17:44 - 00009264 _____ C:\Users\Eddie\Downloads\A story - and some advice for Blender users._._eml 2013-06-18 19:22 - 2013-06-18 21:03 - 00009264 _____ C:\Users\Eddie\Desktop\BGuru advice and top art samples._eml 2013-06-18 19:22 - 2013-06-18 21:02 - 00009264 _____ C:\Users\Eddie\Desktop\Jun13 A story, advice for Blender users+ lots of top art._eml 2013-06-18 09:08 - 2013-06-18 09:08 - 00000000 ____D C:\Users\Eddie\AppData\Local\{AD12FFD5-06C9-4BCE-9FF0-8C7A06ED85F8} 2013-06-17 16:02 - 2011-09-02 12:06 - 00000000 ___RD C:\Users\Eddie\Desktop\UK seminals 2013-06-17 11:28 - 2013-06-17 11:28 - 00048900 _____ C:\Users\Eddie\Desktop\RE_ Foreign impressions of India today - Sean Kelley.eml 2013-06-17 10:40 - 2013-06-17 10:40 - 00009872 _____ C:\Users\Eddie\Desktop\[Goanet-News] 10 Useful Goa Websites (GoaStreets.com).eml 2013-06-17 10:38 - 2013-06-17 10:38 - 00000000 ____D C:\Users\Eddie\AppData\Local\{DB19CEF9-0195-45CC-90CC-6135A3466137} 2013-06-16 21:35 - 2013-06-16 21:35 - 00000000 ____D C:\Users\Eddie\AppData\Local\{B71AADD1-F978-41A6-8695-EF374B52A29C} 2013-06-16 21:29 - 2011-08-31 21:02 - 00000000 ____D C:\Users\Eddie\Documents\- Country- U K & EU 2013-06-16 21:21 - 2011-07-25 09:36 - 00000000 ___RD C:\Users\Eddie\Documents\WILLs 2013-06-16 20:58 - 2013-06-16 20:51 - 00000000 ___RD C:\Users\Eddie\Documents\West- Bilderberg group 2013-06-16 10:13 - 2013-04-19 21:08 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software 2013-06-16 09:35 - 2013-06-16 09:35 - 00000000 ____D C:\Users\Eddie\AppData\Local\{54CD1500-3967-468A-BAEA-84102759F446} 2013-06-15 16:01 - 2013-06-15 16:00 - 63961895 _____ C:\Users\Eddie\Downloads\BGuru_sintel_cycles_starter.blend 2013-06-15 09:24 - 2013-06-15 09:24 - 00000000 ____D C:\Users\Eddie\AppData\Local\{1E3FA71E-2431-4ECE-A90A-92F7126F4465} ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-09 12:24 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
edsa Posted July 18, 2013 Author ID:704407 Share Posted July 18, 2013 Hi Catbyte, I am trying to attach the text file again. EddieFRST.txtFRST.txt Link to post Share on other sites More sharing options...
Staff CatByte Posted July 18, 2013 Staff ID:704413 Share Posted July 18, 2013 Hello Eddie, Please do the following: From the log it shows you have FRST running from your downloads folder: "Running from C:\Users\Eddie\Downloads" so the FixLst.txt must also be saved to the downloads folder for the fix to work: Download attached fixlist.txt file and save it to the downloads folder FixList.txt NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST64 and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply. NEXT Refer to the ComboFix User's GuideDownload ComboFix from the following location: Link * IMPORTANT !!! Place ComboFix.exe on your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix. You can get help on disabling your protection programs hereDouble click on ComboFix.exe & follow the prompts.Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. ---------------------------------------------------------------------------------------------Ensure your AntiVirus and AntiSpyware applications are re-enabled. ---------------------------------------------------------------------------------------------NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error. Link to post Share on other sites More sharing options...
edsa Posted July 18, 2013 Author ID:704517 Share Posted July 18, 2013 I ran the FRST64 application and then pressed FIX button.A text file was produced, as you said. I am attaching this to this reply. I have not used the COMBOFIX yet.You asked me to delete my anti-virus [Microsoft Security Essentials] and antispyware - this is Malwarebytes. So do I disable Malwarebytes too? I'll await your reply before proceeding to CVOMBOFIX.Fixlog.txt Link to post Share on other sites More sharing options...
Staff CatByte Posted July 18, 2013 Staff ID:704563 Share Posted July 18, 2013 Hello, The antivirus doesn't need to be deleted, just disable while ComboFix runs to disable MSE - open up the user interface > go to settings > realtime protection > uncheck the "turn on real time protection (recommended)" box. For Malwarebytes > right click the icon in the system tray and click exit now you should be good to run comboFix regards ~CB Link to post Share on other sites More sharing options...
edsa Posted July 19, 2013 Author ID:704878 Share Posted July 19, 2013 Dear Catbyte, Good news! My Malware (adware) was removed from the use of FRST scan followed by FIX.I had sent you the text file FIXlog.txt. You can see from it that the values in the registry keys HKLM, HKCU were deleted successfully or restored. Whereas keys of type HKCR were not found. Certain sub-directories were also moved.Whatever the operations mean, the adware has disappeared and with it the irritating reminders to upgrade Flash Player etc, shrinking of a downloaded webpage to a tiny size at the top left corner of the Desktop, constant slow or zero Internet response. In short, I seem to be back to normal - what relief !So there was no need for the more invasive ComboFix. Thanks a lot and warm regardsEddie Link to post Share on other sites More sharing options...
Staff CatByte Posted July 19, 2013 Staff ID:704891 Share Posted July 19, 2013 Hello Eddie, If you could please run the following scans, just to make sure there are no leftovers: Please download Junkware Removal Tool to your desktop.Shutdown your antivirus to avoid any conflicts.Right-mouse click JRT.exe and select Run as administratorThe tool will open and start scanning your system.Please be patient as this can take a while to complete.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message NEXT Download AdwCleaner from here and save it to your desktop.Run AdwCleaner and select DeleteOnce done it will ask to reboot, allow the rebootOn reboot a log will be produced, please attach the content of the log to your next replyNEXTPlease open your MalwareBytes AntiMalware ProgramClick the Update Tab and search for updatesIf an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish, so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected. <-- very importantWhen disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. NEXT Go here to run an online scanner from ESET.Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activeX control to installClick StartMake sure that the option Remove found threats is unticked and the Scan Archives option is ticked.Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.Click ScanWait for the scan to finishWhen the scan completes, press the LIST OF THREATS FOUND buttonPress EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktopInclude the contents of this report in your next reply.Press the BACK button.Press Finish Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 19, 2013 Root Admin ID:704969 Share Posted July 19, 2013 This is the wrong forum to do malware detection and removal. I will move it to the correct forum. Link to post Share on other sites More sharing options...
edsa Posted July 22, 2013 Author ID:705840 Share Posted July 22, 2013 Your suggestions were detailed - I got to hear of new anti-malware tools.I proceeded as you said: 1. I downloaded JRT.exe and ran it as administrator.The resulting log is attached. 2. I downloaded Adwcleaner and ran it. I did see the log and unfortunately couldn't save it. Lost it?I But I do know the last line said: Registry is clean.3. I did a quick scan with MBAM. There were no infections, so no 'show results' slot. The logs are attached. 4. I next ran ESET. This is an elaborate tool and took 2 hours 22 min to scan through. It found 23 infections (mostly adware). The log ESETSCAN.txt is attached. I await your judgement. The exercise was a complete education id malware removal. EddieJRT.txtmbam-log-2013-07-22 (10-06-50).txtprotection-log-2013-07-22.txtESETSCAN.txt Link to post Share on other sites More sharing options...
Staff CatByte Posted July 22, 2013 Staff ID:705860 Share Posted July 22, 2013 Hello Eddie, Some of the detections are in quarantine already (which will be removed when we do the housekeeping to clean up the tools) the other detections are installer files that are bundled with adware (the type that will sneak an unwanted nuisance toolbar onto the system while installing the other program) C:\Program Files (x86)\Cool Smiley Bar for Facebook\BackgroundHostPS.dll C:\Users\Eddie\Blender\- BLENDER STUFF (32-bit)\- TEXTURES (selected)\CrazyBump 1.2 x86.exe C:\Users\Eddie\Desktop\WInZip Utilities\WinZipRegistryOptimizer.exe C:\Users\Eddie\Downloads\CodecPerformerSetup.exe C:\Users\Eddie\Downloads\CrazyBump 1.2 x86.exe C:\Users\Eddie\Downloads\flvplayer (1).zip C:\Users\Eddie\Downloads\flvplayer.zip C:\Users\Eddie\Downloads\FreeMp3WmaConverterSetup-r100-w (1).exe C:\Users\Eddie\Downloads\FreeMp3WmaConverterSetup-r100-w (2).exe C:\Users\Eddie\Downloads\FreeMp3WmaConverterSetup-r100-w (3).exe C:\Users\Eddie\Downloads\FreeMp3WmaConverterSetup-r100-w.exe C:\Users\Eddie\Downloads\Setup (1).exe C:\Users\Eddie\Downloads\winzip155.exe C:\Users\Eddie\Downloads\winzip160.exe so if you don't need those installer files any more > navigate to your downloads folder > right click and delete those files. The rest of the logs look fine (JRT removed a lot of garbage) the adwCleaner log will be at the root of your C:\ drive, but I don't need to see it. If there are no outstanding issues then we can clean up the tools: You can delete the FRST Folder and JRT logs and programs from your desktop. NEXTDouble click on adwcleaner.exe to run the tool.Click on Uninstall.Confirm with yes.If there are any logs/tools remaining on your desktop > right click and delete them. NEXT Below I have included a number of recommendations for how to protect your computer against malware infections.It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.Keep Windows updated by regularly checking their website at : http://windowsupdate.microsoft.com/ This will ensure your computer has always the latest security updates available installed on your computer.Make Internet Explorer more secureClick Start > RunType Inetcpl.cpl & click OKClick on the Security tabClick Reset all zones to default levelMake sure the Internet Zone is selected & Click Custom levelIn the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".Next Click OK, then Apply button and then OK to exit the Internet Properties page.Download TFC to your desktopClose any open windows.Double click the TFC icon to run the programTFC will close all open programs itself in order to run,Click the Start button to begin the process.Allow TFC to run uninterrupted.The program should not take long to finish it's jobOnce its finished it should automatically reboot your machine,if it doesn't, manually reboot to ensure a complete cleanIt's normal after running TFC cleaner that the PC will be slower to boot the first time. WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:Green to goYellow for cautionRed to stopWOT has an addon available for both Firefox and IEKeep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles: PC Safety and Security--What Do I Need?.Simple and easy ways to keep your computer safe and secure on the InternetThank you for your patience, and performing all of the procedures requested. Please respond one last time so we can consider the thread resolved and close it, thank-you. Link to post Share on other sites More sharing options...
edsa Posted July 22, 2013 Author ID:706011 Share Posted July 22, 2013 Thanks a million, Catbyte. You have been so patient and generous with your advice.I have carried out most of your instructions above. 1. Deleted the files you had listed - I don't need the installers etc. 2, I reset the Internet zone as suggested by you. In particular, I set the "unsigned ActiveX controls" to PROMPT (though Disable was recommended) 3. Downloaded TFC and ran it . It removed 341 MB of Temp Internet files. ( I do use the CC Cleaner regularly - that too removes these temp files.) 4. Downloaded WOT, ran it and enabled it. Good to be reassured by the colour icon at the top of the page. 5. I will make it point to carry out your other suggestions - password change, password keeper, backup, MS updates (which I receive regularly) and read the articles you recommend.---------------------------------------------- A couple of questions:a. How does one arrive at a particular point in the Malware Forum? I notice you pointed me to http://forums.malwarebytes.org/index.php?showtopic=129664#entry704891Where are these topic and entry numbers to be found? b. If I have similar malware problems in future, can I proceed to use those tools in succession? Should one start with FRST? I didn't use COMBOFIX this time - it's a scary tool and in any case one is advised not to use it or FRST without the go ahead from an expert like you.But are JRT, AdwCleaner, and ESET safe to use casually? [i suspect ESET is allowed free just once?] --------------------------------------------It's been a grand experience working with a wizard like you in malware removal.I never even suspected there were so many tools available and am much wiser now.I am most grateful to you for your clear instructions and generous advice. Link to post Share on other sites More sharing options...
Staff CatByte Posted July 22, 2013 Staff ID:706014 Share Posted July 22, 2013 I notice you pointed me to http://forums.malwarebytes.org/index.php?showtopic=129664#entry704891Where are these topic and entry numbers to be found?up in the top right corner you will see a number sign and number, that is the post link > right click it "copy link location" > then paste it into your reply.b. If I have similar malware problems in future, can I proceed to use those tools in succession?Should one start with FRST? I didn't use COMBOFIX this time - it's a scary tool and in any case one is advised not to use it or FRST without the go ahead from an expert like you.But are JRT, AdwCleaner, and ESET safe to use casually? [i suspect ESET is allowed free just once?]ESET can be run any number of times, I don't advise using FRST as it has to be analyzed and a customized script given, nor do I recommend using any of the specialized malware removal tools without the assistance of a helper, tools are generally used for specific infections as they are designed to do different things, so it depends on what is infecting your machine, plus the tools are updated frequently that they quickly become out of date. Of course, MBAM can be used as often as you like. If you ever find yourself infected again, it's best to start a new topic here in our malware removal forum as we have many fine helpers who volunteer their time to help out and they are all properly trained, or you can reach me at the helpdesk. It has been a pleasure working with you Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 27, 2013 Root Admin ID:707646 Share Posted July 27, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts