Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware - SavingsBullFilter - cannot be removed [Solved]

Started by mrnoonan , Feb 24 2014 01:10 PM

  • This topic is locked This topic is locked

#16
mrnoonan
Posted 10 March 2014 - 03:56 PM

mrnoonan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
MBAM and then Hijack This

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.10.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Barbara :: BARBARA-PC [administrator]

3/10/2014 2:41:50 PM
mbam-log-2014-03-10 (14-41-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223911
Time elapsed: 6 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:51:22 PM, on 3/10/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Users\Barbara\AppData\Roaming\CBS Interactive\Download App\CBSI.AppStore.Main.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Users\Barbara\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:49189;https=127.0.0.1:49189
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [HP Photosmart 6520 series (NET)] "C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe" -deviceID "TH33L111T905XP:NW" -scfn "HP Photosmart 6520 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
O4 - Startup: Download App.lnk = Barbara\AppData\Roaming\CBS Interactive\Download App\CBSI.AppStore.Main.exe
O4 - Startup: Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk = ?
O4 - Startup: Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\DRIVERS\o2flash.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Seagate Dashboard Services - Seagate Technology LLC - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sound Blaster X-Fi MB Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9529 bytes
  • 0

Advertisements

#17
gringo_pr
Posted 10 March 2014 - 05:26 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
      O4 - Startup: Download App.lnk = Barbara\AppData\Roaming\CBS Interactive\Download App\CBSI.AppStore.Main.exe
      O4 - Startup: Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here

Gringo
  • 0

#18
mrnoonan
Posted 11 March 2014 - 12:01 AM

mrnoonan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I removed all the startup suggestions.

Nothing found on Eset scan.
  • 0

#19
gringo_pr
Posted 11 March 2014 - 06:48 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello mrnoonan

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.

:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image



:Remove the rest of our tools:

Please download DelFix and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click DelFix.exe.
  • select all options avalible
  • Click the Run button.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so



:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:


It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

As Java seems to get exploited on a daily basis I advise to disable java in your web browsers - How to disable java in your web browsers - Disable Java



The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
  • 0

#20
mrnoonan
Posted 11 March 2014 - 12:53 PM

mrnoonan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Gringo,

I haven't done the cleanup yet. Just noted that the SavingBillFilter entry is still in Control Panel/Programs and Features list.

I'm concerned that if I try to uninstall it, that it will reinstall itself. However, I could not find it in a Registry search as I had done before. I also tried a search for DateModified 2/15/2014. didn't see much there but a lot of files related to Skype.

This program, SavingsBullFilter, was part of a Skype download from one of those sites that claim to host an application install file other than the actual file's site (e.g., Skype.com location in this case). These sites, as you know, also load a bunch of crapware to get the ad revenue.

What to you recommend I try to do to remove SavingsBullFilter from Programs and Features?

Thnaks, Mike Noonan
  • 0

#21
gringo_pr
Posted 11 March 2014 - 02:07 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

use revo and uninstall it


gringo
  • 0

#22
mrnoonan
Posted 12 March 2014 - 02:22 PM

mrnoonan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi Gringo,

I tried Revo but no joy. The SavingsBullFilter program name does not show this the Revo listbut it is there in Programs and Features.

I used CCleaner Tools to uninstall - when it can't do it, CC gives you a choice to simply remove the entry. However, in this case CC went through the uninstall process and removed it from the Tools programs list. But I went back to Program and Features cPanel and there it was. Hmmm.

The SavingsBullFilter website looks legit but following the uninstall link at their bottom of the page reported that it appears to be not installed. I've sent a query through their Contact link.

Anyway I've cleaned up all Geek programs and rebooted. I'll take another run at this if mischief appears.

Thank you very much for your help, time and patience. I love this site.

regards, Mke
  • 0

#23
gringo_pr
Posted 13 March 2014 - 07:20 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Mike

I have an idea that might work - I will need the addition.txt file to be selected

Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Gringo
  • 0

#24
mrnoonan
Posted 13 March 2014 - 12:42 PM

mrnoonan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Thanks for taking extra measure. I appreciate it.

Something may have fubared here but this is a second try. I inserted the frst.txt file and when I attached to other the screen jumped somewhere; but don't know it was sent. I went back and the insert wasn't there some here we go again.

FRST.txt here
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Barbara (administrator) on BARBARA-PC on 13-03-2014 11:29:14
Running from C:\Users\Barbara\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normala

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(O2Micro International) C:\Windows\system32\DRIVERS\o2flash.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicatorCom.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer GmbH) c:\program files (x86)\teamviewer\version9\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1812776 2009-06-25] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [RunDLLEntry] - C:\Windows\system32\AmbRunE.dll [17920 2009-02-26] (Creative Technology Ltd.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3589208130-2361277435-439100910-1000\...\Run: [HP Photosmart 6520 series (NET)] - C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:49189;https=127.0.0.1:49189
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {821CED5F-C3A0-4CF2-93E0-EF518ECBEE8F} URL =
SearchScopes: HKCU - {F3C38066-176D-4F1E-8E55-0F28F37F3F50} URL =
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR HomePage: https://www.google.com/
CHR DefaultSearchKeyword: ask.com
CHR DefaultSearchProvider: Ask
CHR DefaultSearchURL: http://websearch.ask...q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Wallet) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-23]

==================== Services (Whitelisted) =================

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2013-10-18] (Seagate Technology LLC)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-16] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [61592 2013-12-17] (NetFilterSDK.com)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CtClsFlt; system32\DRIVERS\CtClsFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-13 11:29 - 2014-03-13 11:29 - 00008843 _____ () C:\Users\Barbara\Desktop\FRST.txt
2014-03-13 11:29 - 2014-03-13 11:29 - 00000000 ____D () C:\FRST
2014-03-13 11:28 - 2014-03-13 11:28 - 02157056 _____ (Farbar) C:\Users\Barbara\Desktop\FRST64.exe
2014-03-12 13:05 - 2014-03-12 13:05 - 00001228 _____ () C:\DelFix.txt
2014-03-12 12:38 - 2014-02-28 23:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 12:38 - 2014-02-28 22:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 12:38 - 2014-02-28 22:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 12:38 - 2014-02-28 21:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 12:38 - 2014-02-28 21:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 12:38 - 2014-02-28 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 12:38 - 2014-02-28 21:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 12:38 - 2014-02-28 21:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 12:38 - 2014-02-28 21:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 12:38 - 2014-02-28 21:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 12:38 - 2014-02-28 21:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 12:38 - 2014-02-28 21:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 12:38 - 2014-02-28 21:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 12:38 - 2014-02-28 21:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 12:38 - 2014-02-28 21:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 12:38 - 2014-02-28 21:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 12:38 - 2014-02-28 21:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 12:38 - 2014-02-28 20:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 12:38 - 2014-02-28 20:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 12:38 - 2014-02-28 20:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 12:38 - 2014-02-28 20:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 12:38 - 2014-02-28 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 12:38 - 2014-02-28 20:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 12:38 - 2014-02-28 20:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 12:38 - 2014-02-28 20:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 12:38 - 2014-02-28 20:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 12:38 - 2014-02-28 20:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 12:38 - 2014-02-28 20:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 12:38 - 2014-02-28 20:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 12:38 - 2014-02-28 20:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 12:38 - 2014-02-28 20:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 12:38 - 2014-02-28 20:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 12:38 - 2014-02-28 20:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 12:38 - 2014-02-28 20:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 12:38 - 2014-02-28 19:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 12:38 - 2014-02-28 19:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 12:38 - 2014-02-28 19:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 12:38 - 2014-02-28 19:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 12:38 - 2014-02-28 19:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 12:38 - 2014-02-28 19:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 12:38 - 2014-02-06 18:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 12:38 - 2014-01-28 19:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 12:38 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 12:38 - 2014-01-27 19:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 12:37 - 2014-02-03 19:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 12:37 - 2014-02-03 19:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 12:37 - 2014-02-03 19:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 12:37 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-11 10:01 - 2014-03-13 11:15 - 00000224 _____ () C:\Windows\setupact.log
2014-03-11 10:01 - 2014-03-11 10:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-10 20:49 - 2014-03-10 20:49 - 00000000 ____D () C:\Users\Barbara\Downloads\backups
2014-03-10 14:26 - 2014-03-10 14:26 - 00000000 ____D () C:\Windows\Sun
2014-03-10 14:26 - 2014-03-10 14:26 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-10 14:25 - 2014-03-10 14:25 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-03-10 14:25 - 2014-03-10 14:25 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-03-10 14:25 - 2014-03-10 14:25 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-03-10 14:25 - 2014-03-10 14:25 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-10 14:15 - 2014-03-10 14:15 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-06 10:59 - 2014-03-06 10:59 - 00000000 ____D () C:\Program Files\Bonjour
2014-03-06 10:59 - 2014-03-06 10:59 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-03-06 10:57 - 2014-03-06 10:58 - 05330264 _____ (Apple Inc.) C:\Users\Barbara\Downloads\WindowsMigrationAssistantSetup.exe
2014-02-25 04:03 - 2014-02-27 04:01 - 00781318 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-24 21:19 - 2014-02-24 21:19 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\Systweak
2014-02-24 18:45 - 2014-03-12 12:59 - 00000000 ____D () C:\Windows\erdnt
2014-02-24 15:10 - 2014-03-12 13:05 - 00000000 ____D () C:\Windows\ERUNT
2014-02-24 13:17 - 2014-02-24 13:17 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2014-02-22 11:33 - 2014-02-22 11:37 - 00019456 ___SH () C:\Users\Barbara\Thumbs.db
2014-02-19 00:54 - 2014-02-20 12:50 - 00003916 _____ () C:\Windows\System32\Tasks\Barbara1
2014-02-19 00:54 - 2014-02-19 00:54 - 00003746 _____ () C:\Windows\System32\Tasks\Barbara1 Merge
2014-02-18 22:33 - 2013-08-27 21:48 - 00712264 _____ (MindSpark) C:\Program Files (x86)\53Uninstall Daily Fitness Center.dll
2014-02-18 22:33 - 2013-08-27 21:48 - 00194960 _____ () C:\Program Files (x86)\53res.dll
2014-02-18 15:44 - 2014-02-18 15:44 - 00894148 _____ () C:\Users\Barbara\Desktop\Intake-Detailed Assessment Summary Report.mht
2014-02-18 15:38 - 2014-02-18 15:38 - 00645774 _____ () C:\Users\Barbara\Desktop\Intake Assessment Summary Report.mht
2014-02-18 15:35 - 2014-02-18 15:35 - 00517168 _____ () C:\Users\Barbara\Desktop\EasyTech Intake Report.mht
2014-02-18 15:32 - 2014-02-18 15:32 - 00000406 _____ () C:\Windows\system32\ioloBootDefrag.cfg
2014-02-18 15:31 - 2014-02-18 15:31 - 00000000 ____D () C:\ProgramData\iolo
2014-02-18 15:30 - 2014-02-18 15:30 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dat
2014-02-18 15:30 - 2014-02-18 15:30 - 00000000 ____D () C:\Program Files (x86)\iolo
2014-02-18 15:17 - 2014-02-18 15:17 - 00000000 ____D () C:\ProgramData\ETTB
2014-02-15 21:28 - 2014-02-15 21:28 - 00000000 ____D () C:\Users\Barbara\AppData\Local\Skype
2014-02-15 15:40 - 2014-02-18 22:18 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\Skype
2014-02-15 15:38 - 2014-02-18 22:46 - 00000000 ____D () C:\ProgramData\Skype
2014-02-15 15:36 - 2012-07-25 13:03 - 00016896 _____ () C:\Windows\system32\sasnative64.exe
2014-02-15 15:35 - 2014-02-15 15:35 - 00003866 _____ () C:\Windows\System32\Tasks\BrowserSafeguard Update Task
2014-02-15 15:35 - 2014-02-15 15:35 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-02-14 04:01 - 2013-12-21 02:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-14 04:01 - 2013-12-21 01:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 13:45 - 2013-12-31 16:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 13:45 - 2013-12-31 16:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 13:44 - 2013-12-24 16:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 13:44 - 2013-12-24 15:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 13:44 - 2013-12-05 19:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 13:44 - 2013-12-05 19:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 13:44 - 2013-12-05 19:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 13:44 - 2013-12-05 19:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 13:44 - 2013-12-03 19:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 13:44 - 2013-12-03 19:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 13:44 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 13:44 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 13:44 - 2013-12-03 19:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 13:44 - 2013-12-03 19:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 13:44 - 2013-12-03 19:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 13:44 - 2013-12-03 19:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 13:44 - 2013-12-03 19:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 13:44 - 2013-12-03 19:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 13:44 - 2013-12-03 19:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 13:44 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 13:44 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 13:44 - 2013-12-03 19:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 13:44 - 2013-12-03 18:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 13:44 - 2013-12-03 18:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 13:44 - 2013-12-03 18:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 13:44 - 2013-12-03 18:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 13:44 - 2013-11-26 01:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 13:44 - 2013-11-22 15:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

==================== One Month Modified Files and Folders =======

2014-03-13 11:29 - 2014-03-13 11:29 - 00008843 _____ () C:\Users\Barbara\Desktop\FRST.txt
2014-03-13 11:29 - 2014-03-13 11:29 - 00000000 ____D () C:\FRST
2014-03-13 11:28 - 2014-03-13 11:28 - 02157056 _____ (Farbar) C:\Users\Barbara\Desktop\FRST64.exe
2014-03-13 11:23 - 2009-07-13 21:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-13 11:23 - 2009-07-13 21:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-13 11:20 - 2009-07-13 22:13 - 00788704 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-13 11:20 - 2009-07-13 22:10 - 01492751 _____ () C:\Windows\WindowsUpdate.log
2014-03-13 11:16 - 2011-08-15 20:09 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-13 11:15 - 2014-03-11 10:01 - 00000224 _____ () C:\Windows\setupact.log
2014-03-13 11:15 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-13 11:12 - 2009-07-13 21:45 - 00385344 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 11:10 - 2013-03-13 14:58 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 11:09 - 2013-03-13 14:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 03:00 - 2012-10-30 21:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-13 03:00 - 2011-08-15 20:09 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-12 13:25 - 2009-07-13 22:08 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-12 13:05 - 2014-03-12 13:05 - 00001228 _____ () C:\DelFix.txt
2014-03-12 13:05 - 2014-02-24 15:10 - 00000000 ____D () C:\Windows\ERUNT
2014-03-12 12:59 - 2014-02-24 18:45 - 00000000 ____D () C:\Windows\erdnt
2014-03-11 11:17 - 2010-02-26 19:32 - 00000000 ____D () C:\Palm
2014-03-11 10:45 - 2012-10-30 21:26 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 10:45 - 2012-10-30 21:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 10:45 - 2012-10-30 21:26 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 10:01 - 2014-03-11 10:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-10 20:49 - 2014-03-10 20:49 - 00000000 ____D () C:\Users\Barbara\Downloads\backups
2014-03-10 20:49 - 2010-01-22 19:13 - 00000000 ___RD () C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-10 14:39 - 2011-11-16 23:47 - 00000000 ____D () C:\Users\Barbara\AppData\Local\CrashDumps
2014-03-10 14:39 - 2011-01-17 19:15 - 00000000 ____D () C:\Users\Barbara\Documents\CCleaner Backups
2014-03-10 14:38 - 2013-03-04 14:04 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-10 14:26 - 2014-03-10 14:26 - 00000000 ____D () C:\Windows\Sun
2014-03-10 14:26 - 2014-03-10 14:26 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-10 14:25 - 2014-03-10 14:25 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-03-10 14:25 - 2014-03-10 14:25 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-03-10 14:25 - 2014-03-10 14:25 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-03-10 14:25 - 2014-03-10 14:25 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-10 14:25 - 2010-01-05 18:02 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-10 14:15 - 2014-03-10 14:15 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-06 10:59 - 2014-03-06 10:59 - 00000000 ____D () C:\Program Files\Bonjour
2014-03-06 10:59 - 2014-03-06 10:59 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-03-06 10:58 - 2014-03-06 10:57 - 05330264 _____ (Apple Inc.) C:\Users\Barbara\Downloads\WindowsMigrationAssistantSetup.exe
2014-03-05 15:55 - 2010-05-10 15:07 - 00000000 ____D () C:\Users\Barbara\Documents\Rebecca
2014-03-01 15:32 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-28 23:05 - 2014-03-12 12:38 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-28 22:17 - 2014-03-12 12:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-28 22:16 - 2014-03-12 12:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-28 21:58 - 2014-03-12 12:38 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-28 21:52 - 2014-03-12 12:38 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-28 21:51 - 2014-03-12 12:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-28 21:42 - 2014-03-12 12:38 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-28 21:40 - 2014-03-12 12:38 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-28 21:37 - 2014-03-12 12:38 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-28 21:33 - 2014-03-12 12:38 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-28 21:33 - 2014-03-12 12:38 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-28 21:32 - 2014-03-12 12:38 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-28 21:30 - 2014-03-12 12:38 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-28 21:23 - 2014-03-12 12:38 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-28 21:17 - 2014-03-12 12:38 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-28 21:11 - 2014-03-12 12:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-28 21:02 - 2014-03-12 12:38 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 20:54 - 2014-03-12 12:38 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 20:52 - 2014-03-12 12:38 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 20:51 - 2014-03-12 12:38 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-28 20:47 - 2014-03-12 12:38 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 20:43 - 2014-03-12 12:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 20:43 - 2014-03-12 12:38 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 20:42 - 2014-03-12 12:38 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 20:40 - 2014-03-12 12:38 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-28 20:38 - 2014-03-12 12:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-28 20:37 - 2014-03-12 12:38 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-28 20:35 - 2014-03-12 12:38 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 20:18 - 2014-03-12 12:38 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 20:16 - 2014-03-12 12:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 20:14 - 2014-03-12 12:38 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 20:10 - 2014-03-12 12:38 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 20:03 - 2014-03-12 12:38 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 20:00 - 2014-03-12 12:38 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 19:57 - 2014-03-12 12:38 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 19:38 - 2014-03-12 12:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 19:32 - 2014-03-12 12:38 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 19:27 - 2014-03-12 12:38 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 19:25 - 2014-03-12 12:38 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 19:25 - 2014-03-12 12:38 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-27 04:01 - 2014-02-25 04:03 - 00781318 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-24 21:19 - 2014-02-24 21:19 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\Systweak
2014-02-24 21:18 - 2010-01-22 19:13 - 00000000 ____D () C:\Users\Barbara
2014-02-24 19:08 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2014-02-24 15:03 - 2010-01-22 19:13 - 00082408 _____ () C:\Users\Barbara\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-24 14:38 - 2010-01-29 17:05 - 00000000 ____D () C:\Users\Barbara\AppData\Local\Adobe
2014-02-24 13:19 - 2012-12-01 21:39 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-02-24 13:17 - 2014-02-24 13:17 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2014-02-24 13:16 - 2013-04-08 13:07 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\Foxit Software
2014-02-22 11:37 - 2014-02-22 11:33 - 00019456 ___SH () C:\Users\Barbara\Thumbs.db
2014-02-20 12:50 - 2014-02-19 00:54 - 00003916 _____ () C:\Windows\System32\Tasks\Barbara1
2014-02-19 00:54 - 2014-02-19 00:54 - 00003746 _____ () C:\Windows\System32\Tasks\Barbara1 Merge
2014-02-18 23:05 - 2011-08-15 20:09 - 00000000 ____D () C:\Users\Barbara\AppData\Local\Google
2014-02-18 23:02 - 2010-01-05 18:03 - 00000000 ____D () C:\Program Files\Dell
2014-02-18 22:50 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-18 22:46 - 2014-02-15 15:38 - 00000000 ____D () C:\ProgramData\Skype
2014-02-18 22:46 - 2013-03-04 16:36 - 00000000 ____D () C:\Program Files (x86)\Nitro PDF
2014-02-18 22:18 - 2014-02-15 15:40 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\Skype
2014-02-18 21:59 - 2013-06-15 12:28 - 00000000 ____D () C:\Windows\Minidump
2014-02-18 21:59 - 2010-01-05 19:34 - 00000000 ____D () C:\Windows\Panther
2014-02-18 16:51 - 2013-08-07 10:53 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-02-18 16:40 - 2010-11-07 17:27 - 00082408 _____ () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-18 16:40 - 2010-11-07 17:27 - 00082408 _____ () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-18 15:44 - 2014-02-18 15:44 - 00894148 _____ () C:\Users\Barbara\Desktop\Intake-Detailed Assessment Summary Report.mht
2014-02-18 15:38 - 2014-02-18 15:38 - 00645774 _____ () C:\Users\Barbara\Desktop\Intake Assessment Summary Report.mht
2014-02-18 15:35 - 2014-02-18 15:35 - 00517168 _____ () C:\Users\Barbara\Desktop\EasyTech Intake Report.mht
2014-02-18 15:32 - 2014-02-18 15:32 - 00000406 _____ () C:\Windows\system32\ioloBootDefrag.cfg
2014-02-18 15:31 - 2014-02-18 15:31 - 00000000 ____D () C:\ProgramData\iolo
2014-02-18 15:30 - 2014-02-18 15:30 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dat
2014-02-18 15:30 - 2014-02-18 15:30 - 00000000 ____D () C:\Program Files (x86)\iolo
2014-02-18 15:17 - 2014-02-18 15:17 - 00000000 ____D () C:\ProgramData\ETTB
2014-02-16 04:04 - 2013-08-14 10:20 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 04:01 - 2010-01-30 15:14 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-15 21:28 - 2014-02-15 21:28 - 00000000 ____D () C:\Users\Barbara\AppData\Local\Skype
2014-02-15 15:35 - 2014-02-15 15:35 - 00003866 _____ () C:\Windows\System32\Tasks\BrowserSafeguard Update Task
2014-02-15 15:35 - 2014-02-15 15:35 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-02-14 05:21 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-10 15:27

==================== End Of Log ============================

Attached Files


  • 0

#25
gringo_pr
Posted 13 March 2014 - 07:40 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello



I need you to download this script I have made for you --> Attached File  fixlist.txt   125bytes   122 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
  • 0

Advertisements

#26
mrnoonan
Posted 14 March 2014 - 01:43 PM

mrnoonan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Here's the fixlog.tst file (FYI I looked at Programs and Features and SBF still there but maybe premature at this time.) thx Mike

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Barbara at 2014-03-14 12:39:51 Run:1
Running from C:\Users\Barbara\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SavingsbullFilter (HKLM\...\{813BA625-B0FA-48D8-9B75-59759C88C219}) (Version: 1.0.0.0 - SavingsBull Filter) <==== ATTENTION

*****************


==== End of Fixlog ====
  • 0

#27
gringo_pr
Posted 16 March 2014 - 08:00 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello


I do not know any other safe way to remove it from there - it is only a listing in the registry and I believe it would be safer just to leave alone at this point.

Gringo
  • 0

#28
mrnoonan
Posted 16 March 2014 - 08:10 PM

mrnoonan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
well, you get extra points for trying again.

Thanks for your time and effort.

We appreciate it. Mike Noonan
  • 0

#29
gringo_pr
Posted 17 March 2014 - 07:17 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
you are more than welcome


gringo
  • 0

#30
gringo_pr
Posted 24 March 2014 - 09:39 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP