Hello, my sons computer caught something crazy, Its almost almost impossible to use. So bad I am using my computer to post this. I was trying to download farbar 64 but it wont download with this reason given.."Blocked by your security zone policy"" I am lost on where to start.. Please help! Thank you. Robert
Holy Smokes! We got a bad one! Computer freezing, pop ups like
Started by
uFinditEazy!
, May 11 2015 07:48 PM
Freezing Farbar wont download Pop ups Memory usage thru the roof hard to use.
-
This topic is locked
#2
Posted 11 May 2015 - 08:50 PM
pystryker
-
- Malware Removal
-
- 3,912 posts
Trusted Helper
Hello and welcome to Geeks To Go! My nickname is Pystryker 
, and I will be helping you with your issue today.
Before we get started, I have a few things I need to go over with you
Hello, let's get a look at your system and see what's going on.
If you have a USB stick, we have make use of that. What we'll do is use your machine to download some tools to the USB, transfer it to the sick computer, and then we can get some logs.
First, let's get some protection in place for your machine to make sure it doesn't get infected transferring files back and forth with the USB.
Step 1: Download and Install McShield
Download MCShield to your desktop and install
Once the USB has been verified as clean, please proceed to step 2.
Step 2: Scan with Farbars Recovery Scan Tool
Please download Farbar Recovery Scan Tool and save it to your the USB.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Please post each of these logs as a separate reply in this thread.
McShield Log
FRST Log
Addition.txt Log
, and I will be helping you with your issue today.Before we get started, I have a few things I need to go over with you
- If you are receiving help for this issue at another forum, please let me know so I can close this thread.
- Please download to and run all requested tools from your Desktop.
- Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
- At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
- If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
- Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
- This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
- Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
- It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
- If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
- If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
- Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
- Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
- Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way.
Hello, let's get a look at your system and see what's going on.
If you have a USB stick, we have make use of that. What we'll do is use your machine to download some tools to the USB, transfer it to the sick computer, and then we can get some logs.
First, let's get some protection in place for your machine to make sure it doesn't get infected transferring files back and forth with the USB.
Step 1: Download and Install McShield
Download MCShield to your desktop and install
- It will initially run a scan and show the result as a toaster by the system clock.
- Then in the control center select Scanner and tick unhide items on flash drives.
- Plug in the drive and McShield will start a scan
- Then get the log which will be here :
- Start > all programs > MCShield > logs > all scans
Once the USB has been verified as clean, please proceed to step 2.
Step 2: Scan with Farbars Recovery Scan Tool
Please download Farbar Recovery Scan Tool and save it to your the USB.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Plug the USB into the sick computer, and transfer FRST64.exe to the Desktop.
- Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
- Place a check in the box marked Addition.txt
- Press Scan button.
- It will produce two logs: FRST.txt and Addition.txt in the same location the tool is run from.
- Please copy both logs to the USB and then plug it into your machine. McShield will scan the USB to make sure it is clean.
- Please post both logs.
Please post each of these logs as a separate reply in this thread.
McShield Log
FRST Log
Addition.txt Log
#3
Posted 11 May 2015 - 09:29 PM
uFinditEazy!
- Topic Starter
-
- Member
-
- 82 posts
Member
Thank you for the quick response. I dont have a flash drive but can pick one up tomorrow from the store. Ill will be back on tomorrow unless you have another way for me to start. Thank you. Robert
#4
Posted 11 May 2015 - 09:37 PM
pystryker
-
- Malware Removal
-
- 3,912 posts
Trusted Helper
Thank you for the quick response. I dont have a flash drive but can pick one up tomorrow from the store. Ill will be back on tomorrow unless you have another way for me to start. Thank you. Robert
You're quite welcome, and that will be fine. :-)
#5
Posted 12 May 2015 - 01:34 PM
uFinditEazy!
- Topic Starter
-
- Member
-
- 82 posts
Member
>>> MCShield AllScans.txt <<<
-----------------------------
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2015.5.12.1 / Windows 7 <<<
5/12/2015 12:32:08 PM > Drive C: - scan started (no label ~238 GB, NTFS HDD )...
=> The drive is clean.
#6
Posted 12 May 2015 - 01:49 PM
uFinditEazy!
- Topic Starter
-
- Member
-
- 82 posts
Member
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by Owner (administrator) on OWNER-PC on 12-05-2015 13:06:41
Running from E:\
Loaded Profiles: Owner (Available profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Two Pilots) C:\Windows\VPDAgent_x64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(The Neat Company) C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Yontoo LLC) C:\Users\Owner\AppData\Roaming\Yontoo\YontooDesktop.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [365336 2010-11-02] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-06-17] (Google Inc.)
HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-08-01] (Google Inc.)
HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\...\Run: [Yontoo Desktop] => C:\Users\Owner\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-04-30] (Yontoo LLC)
HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\...\Run: [Open Download Manager] => C:\Program Files (x86)\OpenDownloaderManager\odm.exe [6369280 2013-02-20] (OpenDownloadManager.com)
HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\...\Run: [GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] => C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe [846288 2013-07-12] (Google Inc.)
HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\...\Run: [Exetender] => C:\Program Files (x86)\FantastiGames\GPlayer.exe [4973456 2013-03-14] (Exent Technologies Ltd.)
HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\Run: [Exetender] => C:\Program Files (x86)\FantastiGames\GPlayer.exe [4973456 2013-03-14] (Exent Technologies Ltd.)
AppInit_DLLs-x32: c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll => c:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll [2523136 2013-07-08] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-se...A88C417FE843CAE
HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www2.delta-se...A88C417FE843CAE
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2463} URL = http://isearch.fanta...q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2463} URL = http://isearch.fanta...q={searchTerms}
SearchScopes: HKLM-x32 -> {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-21-3306144526-1543565107-3197362354-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-se...A88C417FE843CAE
SearchScopes: HKU\S-1-5-21-3306144526-1543565107-3197362354-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-3306144526-1543565107-3197362354-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-se...A88C417FE843CAE
SearchScopes: HKU\S-1-5-21-3306144526-1543565107-3197362354-1000 -> {8B9AB051-A6E4-49D5-BBD0-761DFEB2C033} URL = http://mp3tubetoolba...s={searchTerms}
SearchScopes: HKU\S-1-5-21-3306144526-1543565107-3197362354-1000 -> {9B97950D-482C-1D79-568F-FC7B9D40C785} URL = http://www.bing.com/...eferrer:source}
SearchScopes: HKU\S-1-5-21-3306144526-1543565107-3197362354-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2463} URL = http://isearch.fanta...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3306144526-1543565107-3197362354-1000 -> {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKU\S-1-5-21-3306144526-1543565107-3197362354-1000 -> {D2D72ABF-DFC7-456C-86D8-69B639002ADB} URL = http://websearch.ask...apn_dtid=OSJ000
BHO: IEVkbdBHO Class -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll [2010-10-05] (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-06-25] (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-07-12] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: FilterBHO Class -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll [2010-10-05] (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: IEVkbdBHO Class -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll [2010-10-05] (Kaspersky Lab ZAO)
BHO-x32: GetSavin 5.0 -> {5BB972CB-156D-4811-9D36-9570AF1E2BB7} -> C:\Users\Owner\AppData\Local\getsavin\ie\getsavin_1362754201.dll No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll [2013-05-30] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL [2013-04-08] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-07-10] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-06-25] (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-07-12] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: delta Helper Object -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> C:\Program Files (x86)\Delta\delta\1.8.16.16\bh\delta.dll [2013-03-13] (Delta-search.com)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-07-10] (Oracle Corporation)
BHO-x32: FilterBHO Class -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll [2010-10-05] (Kaspersky Lab ZAO)
BHO-x32: Yontoo -> {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -> C:\Program Files (x86)\Yontoo\YontooIEClient.dll [2013-04-30] (Yontoo LLC)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-06-25] (Google Inc.)
Toolbar: HKLM-x32 - VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll No File
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dll [2013-03-13] (Delta-search.com)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-06-25] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll [2013-05-30] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3306144526-1543565107-3197362354-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-06-25] (Google Inc.)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-07-12] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-07-12] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default
FF NewTab: hxxp://www2.delta-search.com/?affID=119842&tt=gc_&babsrc=NT_ss&mntrId=CA88C417FE843CAE
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Delta Search
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www2.delta-search.com/?affID=119842&tt=gc_&babsrc=HP_ss&mntrId=CA88C417FE843CAE
FF Keyword.URL:
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll [2013-06-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll [2013-06-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\FantastiGames\npExentCtl.dll [2009-12-27] (Exent Technologies Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-07-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-07-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @TelevisionFanatic.com/Plugin -> C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll [2013-07-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll [2013-07-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\FantastiGames\NPGameTreatPlugin.dll No File
FF Plugin HKU\S-1-5-21-3306144526-1543565107-3197362354-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll [2013-07-12] (Google Inc.)
FF Plugin HKU\S-1-5-21-3306144526-1543565107-3197362354-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll [2013-07-12] (Google Inc.)
FF Plugin HKU\S-1-5-21-3306144526-1543565107-3197362354-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-12-07] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\user.js [2013-05-06]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-01-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-01-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-01-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-01-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-01-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2013-01-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2013-01-16] (Apple Inc.)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\searchplugins\babylon.xml [2013-05-06]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\searchplugins\bing-zugo.xml [2011-08-25]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\searchplugins\BrowserProtect.xml [2013-02-15]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\searchplugins\delta.xml [2013-05-06]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\searchplugins\flv-runner-b-customized-web-search.xml [2013-03-08]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\searchplugins\icqplugin-4.xml [2015-05-11]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\searchplugins\icqplugin-5.xml [2011-10-17]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\searchplugins\icqplugin-6.xml [2012-04-03]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\searchplugins\Mp3Tube.xml [2011-09-05]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearch.xml [2013-03-08]
FF Extension: Delta Toolbar - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\Extensions\[email protected] [2013-05-06]
FF Extension: GetSavin - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\Extensions\getsavin@jetpack [2013-03-08]
FF Extension: Yontoo - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\Extensions\[email protected] [2013-05-06]
FF Extension: ShopToWin15 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\Extensions\{4ac80c6c-0a1b-4b3a-ad7e-8a6d8f5e6928} [2012-11-24]
FF Extension: Yahoo! Toolbar - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-05-10]
FF Extension: GPComponent - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\Extensions\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0} [2013-05-06]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-05-11]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-11]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected]
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] [2011-06-16]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] [2011-06-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin
FF HKLM-x32\...\Firefox\Extensions: [{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}] - C:\Users\Owner\AppData\Roaming\Mozilla\FireFox\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}.xpi
FF Extension: GPComponent - C:\Users\Owner\AppData\Roaming\Mozilla\FireFox\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}.xpi [2013-05-06]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn [2015-05-11]
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.72\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (registryAccess) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapnjeoabhkpdiinmomghdncekhiib\7.13.1.0_0\background/registryAccess.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Delta Toolbar) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-05-20]
CHR Extension: (StartNow) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\incfcgceegpikennjoplhfghaaikdgei [2012-12-02]
CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-12-02]
CHR Extension: (Amazing Coupons) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl [2013-03-08]
CHR Extension: (Norton Identity Protection) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-07-11]
CHR Extension: (Yontoo) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc [2012-12-02]
CHR HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [incfcgceegpikennjoplhfghaaikdgei] - C:\Users\Owner\AppData\Roaming\StartNow Toolbar\CR\zcrx.crx [2012-08-20]
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Owner\AppData\Roaming\BabSolution\CR\delta2.crx [2013-05-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2013-07-06]
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files (x86)\Yontoo\YontooLayers.crx [2013-05-06]
CHR HKLM-x32\...\Chrome\Extension: [pbkdpahkifcigckmhiafindmaflfifgm] - C:\Users\Owner\AppData\Local\Coupon Companion\Chrome\Coupon Companion.crx [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Agent; C:\Windows\VPDAgent_x64.exe [148480 2013-02-04] (Two Pilots) [File not signed]
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [365336 2010-11-02] (Kaspersky Lab ZAO)
S2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [348152 2013-05-17] (Verizon) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [5632 2013-02-23] (The Neat Company) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 SessionLauncher; C:\Users\Owner\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20150501.001\BHDrvx64.sys [1639128 2015-05-01] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-17] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-17] (Symantec Corporation)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2012-09-28] (LeapFrog)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20150510.002\IDSvia64.sys [671448 2015-05-10] (Symantec Corporation)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2010-06-09] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2010-06-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [556120 2011-06-15] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [27736 2010-04-22] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20150510.018\ENG64.SYS [129752 2015-05-10] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20150510.018\EX64.SYS [2137304 2015-05-10] (Symantec Corporation)
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-06] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
R2 X5XSEx_Pr143; C:\Program Files (x86)\FantastiGames\X5XSEx_Pr143.Sys [56136 2012-08-02] (Exent Technologies Ltd.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-12 13:05 - 2015-05-12 13:06 - 00000000 ____D () C:\FRST
2015-05-11 19:11 - 2015-05-11 19:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-12 13:06 - 2012-03-29 23:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-12 13:05 - 2009-07-13 22:13 - 00005168 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-12 13:04 - 2013-03-08 15:04 - 00010464 _____ () C:\Windows\setupact.log
2015-05-12 13:03 - 2013-05-06 20:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Yontoo
2015-05-12 13:03 - 2011-09-07 00:47 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3306144526-1543565107-3197362354-1000UA.job
2015-05-12 13:03 - 2011-09-07 00:47 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3306144526-1543565107-3197362354-1000Core.job
2015-05-12 13:03 - 2011-06-17 22:10 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-12 13:03 - 2011-06-15 20:10 - 01883534 _____ () C:\Windows\WindowsUpdate.log
2015-05-11 20:08 - 2012-06-30 18:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-11 20:01 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\tracing
2015-05-11 18:56 - 2013-07-05 00:19 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2015-05-11 18:56 - 2009-07-13 21:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-11 18:56 - 2009-07-13 21:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-11 18:48 - 2013-07-05 08:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2015-05-11 18:39 - 2011-06-17 22:10 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-11 18:39 - 2011-06-15 22:31 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-11 18:37 - 2011-09-08 02:54 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-05-11 18:35 - 2011-10-20 09:32 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-05-11 18:34 - 2011-06-15 20:09 - 00000000 ____D () C:\Users\Owner
2015-05-11 18:34 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-11 18:32 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-11 18:31 - 2013-07-05 00:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2015-05-11 18:31 - 2013-03-14 07:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-11 18:31 - 2013-02-02 20:52 - 00000000 ____D () C:\ProgramData\Norton
2015-05-11 18:31 - 2012-08-26 14:11 - 00000000 ____D () C:\ProgramData\Skype
2015-05-11 18:31 - 2011-09-07 00:47 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-11 18:31 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\AppCompat
2015-05-11 18:29 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2015-05-11 18:25 - 2011-09-01 00:54 - 00000000 ____D () C:\Program Files (x86)\Verizon
2015-05-11 18:25 - 2011-06-17 22:10 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2015-05-11 18:24 - 2012-08-26 14:11 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-11 18:24 - 2012-04-05 21:55 - 00000000 __RHD () C:\MSOCache
==================== Files in the root of some directories =======
2013-05-08 08:04 - 2013-02-09 14:55 - 0114176 _____ () C:\Users\Owner\AppData\Roaming\BabMaint.exe
2013-09-06 22:30 - 2013-09-06 22:30 - 0000042 _____ () C:\Users\Owner\AppData\Roaming\mbam.context.scan
2012-10-25 21:49 - 2012-11-21 12:20 - 0583306 _____ () C:\Users\Owner\AppData\Roaming\technic-launcher.jar
2012-10-25 21:49 - 2012-11-04 21:42 - 0579274 _____ () C:\Users\Owner\AppData\Roaming\technic-launcher.jar.bak
2011-08-21 20:30 - 2012-08-13 21:28 - 0005120 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-20 10:36 - 2013-05-20 10:36 - 0007605 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
2013-01-19 20:42 - 2013-01-19 20:42 - 0000057 _____ () C:\ProgramData\Ament.ini
Files to move or delete:
====================
C:\ProgramData\C__Users_Owner_AppData_Local_Temp_wz9195_Crack_HideIPEasy.exe
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\5.1.31.16_Full.exe
C:\Users\Owner\AppData\Local\Temp\install_flashplayer11x32ax_aih.exe
C:\Users\Owner\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\JREInstall160_37.exe
C:\Users\Owner\AppData\Local\Temp\mssinstaller.exe
C:\Users\Owner\AppData\Local\Temp\NeatExecAsUser32.exe
C:\Users\Owner\AppData\Local\Temp\nsp6fwj2.dll
C:\Users\Owner\AppData\Local\Temp\SetACL.exe
C:\Users\Owner\AppData\Local\Temp\setup_fsu_cid.exe
C:\Users\Owner\AppData\Local\Temp\VistaTools32.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2013-08-28 21:01
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2015
Ran by Owner at 2015-05-12 13:08:24
Running from E:\
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3306144526-1543565107-3197362354-500 - Administrator - Disabled)
Guest (S-1-5-21-3306144526-1543565107-3197362354-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3306144526-1543565107-3197362354-1003 - Limited - Enabled)
Owner (S-1-5-21-3306144526-1543565107-3197362354-1000 - Administrator - Enabled) => C:\Users\Owner
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Anti-Virus (Disabled - Out of date) {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Anti-Virus (Disabled - Up to date) {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7 Wonders II (HKLM-x32\...\exent_586350) (Version: - )
7-Zip 9.20 (HKLM-x32\...\7-Zip 9.20) (Version: - )
7-Zip File Manager version 9.20 (HKLM-x32\...\{863448D4-F184-4B21-A46B-323C97A2D038}_is1) (Version: 9.20 - Download Freely, LLC)
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BrowserProtect (HKLM-x32\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version: - ) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform)
Chainz 2 Relinked (HKLM-x32\...\exent_663050) (Version: - )
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.33 - Creative Technology Ltd)
Delta Chrome Toolbar (HKLM-x32\...\Delta Chrome Toolbar) (Version: - Delta) <==== ATTENTION
Delta toolbar (HKLM-x32\...\delta) (Version: 1.8.16.16 - Delta) <==== ATTENTION
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
EMC 10 Content (x32 Version: 1.0.035 - Roxo, Inc.) Hidden
EMCGadgets64 (Version: 1.0.302 - Sonic) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Exeba E-Swipe (HKLM-x32\...\{9844B51E-0CA6-40E9-BF73-B01E256F4197}) (Version: - )
Exeba-COMM (HKLM-x32\...\{69FCCDC8-ECE0-480D-A5AD-E068EC29F1AD}) (Version: - )
Fantastigames (HKLM-x32\...\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}) (Version: - Exent Technologies Ltd) <==== ATTENTION
GetSavin (HKLM-x32\...\GetSavin) (Version: 1.1362754218 - Adpeak, Inc.)
Google Chrome (HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\...\Google Chrome) (Version: 28.0.1500.72 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4209.2358 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.153 - Google Inc.) Hidden
Hide IP Easy (HKLM-x32\...\HideIPEasy) (Version: 5.0.8.2 - )
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{2D5E3D2B-919F-407C-8757-E64827518BB6}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{F792E5B0-11C4-4C68-8A63-FB5F52749180}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IHA_MessageCenter (HKLM-x32\...\{BE2DDF55-4C42-44CC-A56E-C8E4A65CB2FF}) (Version: 1.6.0 - Verizon)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1029 - Intel Corporation)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Kaspersky Anti-Virus 2011 (HKLM-x32\...\InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}) (Version: 11.0.2.556 - Kaspersky Lab)
Kaspersky Anti-Virus 2011 (x32 Version: 11.0.2.556 - Kaspersky Lab) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 4.2.9.15649 - LeapFrog)
LeapFrog Connect (x32 Version: 4.2.9.15649 - LeapFrog) Hidden
LeapFrog MyOwnLeaptop Plugin (x32 Version: 4.2.9.15649 - LeapFrog) Hidden
LeapFrog Tag Plugin (x32 Version: 4.2.9.15649 - LeapFrog) Hidden
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: - )
Lottso Deluxe (HKLM-x32\...\exent_696450) (Version: - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.285.6 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MiniTools (HKLM-x32\...\MiniToolsv2.61) (Version: v2.61 - )
MotoHelper 2.1.32 Driver 5.4.0 (HKLM-x32\...\MotoHelper) (Version: 2.1.32 - Motorola)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0 - Motorola Inc.) Hidden
Mozilla Firefox 23.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 23.0.1 (x86 en-US)) (Version: 23.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)
MSR 5.12.04 (HKLM-x32\...\MSR Modular Signal Recorder_is1) (Version: - )
MSR609HID (HKLM-x32\...\MSR609HIDv1.10) (Version: v1.10 - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Neat (HKLM-x32\...\Neat) (Version: 5.1.31.16 - The Neat Company)
Neat ADF Scanner 2008 Driver (HKLM\...\{8A2BC7D4-A7D3-45D5-B3D2-394718C53C41}) (Version: 2.0.1.2 - The Neat Company)
Neat ADF Scanner Driver (HKLM\...\{A55F1206-BFA7-4027-92B8-CE4EFDBC3CF2}) (Version: 2.0.2.1 - The Neat Company)
Neat Core Files (x32 Version: 5.1.31.16 - The Neat Company) Hidden
Neat Mobile Scanner (Silver) Driver (HKLM\...\{D1108D4B-72F8-419F-88C5-ABB8DC09B3C7}) (Version: 2.0.1.1 - The Neat Company)
Neat Mobile Scanner 2008 Driver (HKLM\...\{DDE25FC9-892D-4D24-9325-3BAA5C15ACA9}) (Version: 2.0.1.1 - The Neat Company)
Neat Mobile Scanner Driver (HKLM\...\{7EA2D88A-C8B7-4102-8644-0A437B6FC143}) (Version: 2.0.1.2 - The Neat Company)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.4.0.40 - Symantec Corporation)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 3.7.5.5 - Symantec Corporation)
Open Downloader Manager (HKLM-x32\...\OpenDownloaderManager) (Version: - )
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: - )
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
Roxio Easy CD and DVD Burning (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio File Backup (Version: 1.3.0 - Roxio) Hidden
SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version: - )
Send To Neat (HKLM\...\{237E305C-B625-466A-88CE-1E121BF4FDB1}) (Version: 1.1.0.0 - The Neat Company)
Settings Alerter (HKLM-x32\...\Settings Alerter) (Version: 4.5.0.5415 - Koyote-Lab, Inc) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.10.13089 - Skype Technologies S.A.)
Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TelevisionFanatic Toolbar (HKLM-x32\...\TelevisionFanaticbar Uninstall) (Version: - Mindspark Interactive Network) <==== ATTENTION
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Uninstall Helper (HKLM-x32\...\Uninstall Helper 2.0.1.0) (Version: 2.0.1.0 - W3i, LLC)
Uninstall Helper (x32 Version: 2.0.1.0 - W3i, LLC) Hidden
Unity Web Player (HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Use the entry named LeapFrog Connect to uninstall (LeapFrog MyOwnLeaptop Plugin) (HKLM-x32\...\LeaptopPlugin) (Version: - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (HKLM-x32\...\TagPlugin) (Version: 4.2.9.15649 - LeapFrog)
Vz In Home Agent (HKLM-x32\...\{40D36ECF-FA05-4077-B836-C439CD0DDEF1}) (Version: 8.03.71 - Verizon)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9) (Version: 10/22/2009 2.06.00 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\88EB56038379B8B7DCFB4D2448A60F52E064B265) (Version: 10/22/2009 2.06.00 - FTDI)
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}) (Version: 15.0.9334 - WinZip Computing, S.L. )
Yontoo 2.053 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 2.053 - Yontoo LLC) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3306144526-1543565107-3197362354-1000_Classes\CLSID\{0C3BA0B1-BC14-4B55-98DC-F1E913C1DA10}\InprocServer32 -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\ActiveX64.ocx (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3306144526-1543565107-3197362354-1000_Classes\CLSID\{6FFA7438-3E00-4176-9717-B3BBE2E704AB}\InprocServer32 -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\ActiveX64.ocx (TODO: <Company name>)
==================== Restore Points =========================
06-08-2013 19:30:55 Windows Update
10-08-2013 19:26:40 Windows Update
11-08-2013 07:54:20 Windows Update
17-08-2013 08:19:31 Windows Update
23-08-2013 20:51:56 Windows Update
28-08-2013 19:43:45 Windows Update
06-09-2013 22:31:38 Windows Update
06-09-2013 23:10:42 Windows Update
06-09-2013 23:52:44 Windows Update
07-09-2013 15:02:26 Windows Modules Installer
07-09-2013 15:15:48 Windows Update
11-05-2015 18:14:56 Restore Operation
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 19:34 - 2013-03-08 12:28 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0893EDC2-E291-473C-A6E4-6548BE1FF194} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {0BEBB509-9B7D-431F-A7BC-9D35815492AD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3306144526-1543565107-3197362354-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-01] (Google Inc.)
Task: {0C057DA2-17DB-4BB2-AC6A-CC093EDC625B} - System32\Tasks\{308E30B1-FEFD-447B-ADA7-0C1898344C1F} => pcalua.exe -a C:\Users\Owner\Downloads\HijackThis.exe -d C:\Users\Owner\Downloads
Task: {12EECD40-99FB-4C17-8524-202623BF6F32} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {1B9B0D14-74C1-4190-AC33-271E84437971} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {1E02C06A-1677-4331-83F4-EFD39B9B551A} - System32\Tasks\EPUpdater => C:\Users\Owner\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-06-06] () <==== ATTENTION
Task: {225139B3-FC3A-491F-9748-6595EECEB145} - System32\Tasks\BrowserProtect => Sc.exe start BrowserProtect <==== ATTENTION
Task: {26B32C1F-F656-4CB7-920F-C5650AB20539} - System32\Tasks\Norton Security Scan for Owner => C:\Program Files (x86)\Norton Security Scan\Engine\3.7.5.5\Nss.exe [2012-10-22] (Symantec Corporation)
Task: {2B1B8B33-FECC-4F45-B7C2-F6D3804EAF0F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3682579F-AFF7-4DF0-BAD8-B9CC5E6A811B} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {3B190A9F-FB58-43D2-8FFF-4BAE5BD4C406} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {4D06C704-6C81-412F-B4A3-C1B988EEDA89} - System32\Tasks\{5CA3271B-0433-4579-8024-9224B472AE75} => pcalua.exe -a C:\Windows\MSR609HID\uninstall.exe -d C:\Windows\MSR609HID
Task: {72378FCE-5788-4C6F-B1BA-D0D6E8F89D9E} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {7D1E9C3D-1E71-40D4-9010-F6A40B305E13} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {89B3ED2A-C22A-4AF9-956B-497090997785} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {94F11D60-3C63-4344-9CBA-CE10616EC673} - System32\Tasks\{3B5CCD45-9BC8-40ED-91FB-60625231AD5F} => pcalua.exe -a C:\Users\Owner\Downloads\RhapsodyVcast.EXE -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {9F0FA91F-9A06-48D3-801D-B9899409DA67} - \Adobe Flash Player Updater No Task File <==== ATTENTION
Task: {A237F078-75A1-4868-95A3-FE46C1795387} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-25] (Piriform Ltd)
Task: {ADAA3CF0-34C0-4226-BC48-D1680A350BB6} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {B1DE67E2-FC1B-49DC-B565-DC5E19D1DEA6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-17] (Google Inc.)
Task: {BB418D19-1708-4399-9B04-0941B10A3D8B} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {C316E194-9395-4E27-8AF9-B81A402EA6CC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3306144526-1543565107-3197362354-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-01] (Google Inc.)
Task: {C44E1079-B147-4429-81CE-ECFFC61BD15D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-17] (Google Inc.)
Task: {D8BA3227-3CD3-4E67-94BC-BE5C85EF14A8} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-03] (Symantec Corporation)
Task: {DF42E2A3-118E-4A24-9AEA-25D78AC480E8} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {E2E0E115-DD1A-4A8B-82FA-0ADB89E8FB69} - System32\Tasks\GorillaPrice => C:\Program <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3306144526-1543565107-3197362354-1000Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3306144526-1543565107-3197362354-1000UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Owner.job => C:\PROGRA~2\NORTON~2\Engine\375~1.5\Nss.exe
==================== Loaded Modules (whitelisted) ==============
2013-04-10 09:59 - 2013-02-04 10:00 - 00054784 _____ () C:\Windows\System32\sdtnpm.dll
2011-12-06 14:00 - 2011-12-06 14:00 - 00214896 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Owner\Downloads\284532_2091072129574_6963947_n.jpg:Roxio EMC Stream
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [{44E4DF5F-19F3-4965-BEFB-B368249FC86B}] => (Allow) LPort=50000
FirewallRules: [{FBD679F0-2DC7-4C1F-BA67-4E88D13EA9B4}] => (Allow) C:\Program Files (x86)\ICQ7.6\ICQ.exe
FirewallRules: [{6D7F01CF-B1FC-4CB6-B300-3A580AF49B30}] => (Allow) C:\Program Files (x86)\ICQ7.6\ICQ.exe
FirewallRules: [{6402DF17-A4C6-46B3-AA44-856FDE48E461}] => (Allow) LPort=50000
FirewallRules: [{1B35B4AE-E69F-4E3B-A55E-A1CBFF9D347D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{81CD796A-6C56-491F-A377-38F6A2DB73DC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C1342AD3-984E-4B8D-AB0B-211532CC9F1B}] => (Allow) C:\Program Files (x86)\V CAST Music with Rhapsody\rhapsody.exe
FirewallRules: [{405BF702-2634-4711-A44A-EA2CA21583A3}] => (Allow) C:\Program Files (x86)\V CAST Music with Rhapsody\rhapsody.exe
FirewallRules: [{A576507A-1403-4540-AAFC-5AC36092B2B2}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{38CBEADC-CEBF-48EE-91AB-283FE6AC8B51}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [TCP Query User{BA6826B7-6558-4801-BD62-ED2764494314}C:\program files (x86)\vuze\azureus.exe] => (Block) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [UDP Query User{1CFFBE4D-FD9B-4138-BA7C-EE1BC12A5F05}C:\program files (x86)\vuze\azureus.exe] => (Block) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [{EBA0490D-7853-4160-B6E0-D1D2060C199C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{75857D67-66FC-4F50-8E44-7B5B7F34E474}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C560576C-DC23-45CC-AC32-95577FBDA864}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{56F03606-5C9D-4FA1-9979-5F523CE61928}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{546754B1-C7BF-4051-BE3D-95323543B46B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{E1D1AD23-BBA1-4637-9DDC-A58DBDD7A0A1}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{6103E9D4-EA9B-4B81-89E1-3D6EB2581B0E}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{4BE096A5-520B-4102-AF14-D4A27894E6F9}C:\program files (x86)\phoenix viewer\slvoice.exe] => (Allow) C:\program files (x86)\phoenix viewer\slvoice.exe
FirewallRules: [UDP Query User{1B46A353-0BF9-471C-A91E-954637FB6A7F}C:\program files (x86)\phoenix viewer\slvoice.exe] => (Allow) C:\program files (x86)\phoenix viewer\slvoice.exe
FirewallRules: [TCP Query User{7889F757-73DA-4145-A6E3-F5EB57118350}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Block) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{A7A4F830-9AE2-4E2F-8600-E5C1547B5418}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Block) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [TCP Query User{A4EB8632-FCAA-48DA-8F50-CD8A14A9580B}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Block) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{9715E611-33B2-4EBA-A139-33405933E7CA}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Block) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [{2DF0720C-AC80-413F-8922-8A147B189313}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C461B663-2196-47E1-8588-18BFCCB0981D}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
FirewallRules: [{AFA26F84-8B2E-4930-AB5A-CB793C7F57BA}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{D0A7F6FF-09A2-495F-A989-F99303F49DEF}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{B5D71669-BA8A-486A-A0A6-53A6EACC6EB7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [TCP Query User{30D1C1B1-2D8D-4976-B857-76647FEFA3DD}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{C0E3F0B5-9E89-4211-A067-75943CF5FF42}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{0D7F1F5D-3D0A-4F06-9BCB-CC48D3D91B54}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{5D5A8D0C-CC0D-479E-862D-9BEAD2E42998}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{220874EF-F9E8-4CC3-84CB-4522BA437531}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{D57F99BA-0865-43C1-B074-AE0B20F072B2}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
==================== Faulty Device Manager Devices =============
Name: Symantec Real Time Storage Protection (PEL) x64
Description: Symantec Real Time Storage Protection (PEL) x64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SRTSPX
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/12/2015 01:05:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (05/12/2015 01:05:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (05/12/2015 01:02:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 60744699
Error: (05/12/2015 01:02:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 60744699
Error: (05/12/2015 01:02:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/12/2015 01:02:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 60743701
Error: (05/12/2015 01:02:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 60743701
Error: (05/12/2015 01:02:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/11/2015 08:10:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7660
Error: (05/11/2015 08:10:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7660
System errors:
=============
Error: (05/12/2015 01:03:03 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (05/11/2015 06:39:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053
Error: (05/11/2015 06:39:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
Error: (05/11/2015 06:38:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
%%1053
Error: (05/11/2015 06:38:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
Error: (05/11/2015 06:37:33 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.
Error: (05/11/2015 06:36:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RxFilter
SRTSP
Error: (05/11/2015 06:36:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (05/11/2015 06:35:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2
Error: (05/11/2015 06:35:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IHA_MessageCenter service failed to start due to the following error:
%%1053
Microsoft Office Sessions:
=========================
Error: (05/12/2015 01:05:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (05/12/2015 01:05:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
Error: (05/12/2015 01:02:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 60744699
Error: (05/12/2015 01:02:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 60744699
Error: (05/12/2015 01:02:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/12/2015 01:02:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 60743701
Error: (05/12/2015 01:02:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 60743701
Error: (05/12/2015 01:02:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/11/2015 08:10:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7660
Error: (05/11/2015 08:10:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7660
CodeIntegrity Errors:
===================================
Date: 2013-03-08 11:24:14.447
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-03-08 11:24:14.260
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 68%
Total physical RAM: 2008.36 MB
Available physical RAM: 640.45 MB
Total Pagefile: 6556.36 MB
Available Pagefile: 4458.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:297.99 GB) (Free:242.26 GB) NTFS
Drive d: (TOM_AND_JERRY_WISKERS_AWAY) (CDROM) (Total:3.5 GB) (Free:0 GB) UDF
Drive e: (USB DISK) (Removable) (Total:14.43 GB) (Free:14.43 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 592C76AD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 14.4 GB) (Disk ID: BA6686F8)
Partition 1: (Not Active) - (Size=14.4 GB) - (Type=0C)
==================== End Of Log ============================
#7
Posted 12 May 2015 - 05:20 PM
pystryker
-
- Malware Removal
-
- 3,912 posts
Trusted Helper
Piracy Warning
Please note that your log shows there is pirated software/material on the infected computer. This is not only illegal, but a source of malware infection.
Here at Geeks to Go we DO NOT support pirated material at all and maintain a zero tolerance policy.
If you wish our help to continue, you need to uninstall the pirated software.
Please note that your log shows there is pirated software/material on the infected computer. This is not only illegal, but a source of malware infection.
Hide IP Easy
C:\ProgramData\C__Users_Owner_AppData_Local_Temp_wz9195_Crack_HideIPEasy.exe
Here at Geeks to Go we DO NOT support pirated material at all and maintain a zero tolerance policy.
If you wish our help to continue, you need to uninstall the pirated software.
#8
Posted 12 May 2015 - 05:28 PM
uFinditEazy!
- Topic Starter
-
- Member
-
- 82 posts
Member
I am a little confused. Pirated like as in movie piracy? I would like to remove everything on this computer as my 15 year old has a new computer and I wanted to pass this one on to my youngest. Can you give me an idea of what this is as I would like to have a talk with my son. Thank you. Robert
#9
Posted 12 May 2015 - 05:37 PM
pystryker
-
- Malware Removal
-
- 3,912 posts
Trusted Helper
I am a little confused. Pirated like as in movie piracy? I would like to remove everything on this computer as my 15 year old has a new computer and I wanted to pass this one on to my youngest. Can you give me an idea of what this is as I would like to have a talk with my son. Thank you. Robert
Certainly, I can explain.
Your son has a program called HideIP Easy on the machine that I've included a link to below.
http://www.easy-hideip.com/
This is a commercial program that requires payment for the full version. However, this file, Crack_HideIPEasy.exe that is on the machine is used to "Crack" open the software and unlock all it's features without paying for them. In effect, this makes the software stolen, as no payment was made to the vendor for unlocking the features. This is software piracy, and is illegal.
#10
Posted 12 May 2015 - 05:39 PM
uFinditEazy!
- Topic Starter
-
- Member
-
- 82 posts
Member
Can you give me an idea of when this was installed?
#11
Posted 12 May 2015 - 05:41 PM
uFinditEazy!
- Topic Starter
-
- Member
-
- 82 posts
Member
The reason is I want to be assured that this was done by my son or maybe prior to us owning this laptop. I have a hard time believing my son did this as he is a very good kid. Straight A student etc..
#12
Posted 12 May 2015 - 06:04 PM
uFinditEazy!
- Topic Starter
-
- Member
-
- 82 posts
Member
Sounds kinda funny.. So, you are saying he hacked a program to hide from hackers? I am really having a hard time believing that when he had this he probably was 13. I dont think he would be in this mindset at this age. Anyways, I will take appropriate action if indeed it was him. Robert
#13
Posted 12 May 2015 - 06:18 PM
pystryker
-
- Malware Removal
-
- 3,912 posts
Trusted Helper
Can you give me an idea of when this was installed?
Hi :-)
The log doesn't show the installation date. However in the list of installed programs, it should show you the date the program was installed.
#14
Posted 12 May 2015 - 06:36 PM
uFinditEazy!
- Topic Starter
-
- Member
-
- 82 posts
Member
Anyways can you guide me thru the removal of this? Also, should I contact the owners of this software?
#15
Posted 12 May 2015 - 08:27 PM
pystryker
-
- Malware Removal
-
- 3,912 posts
Trusted Helper
Anyways can you guide me thru the removal of this? Also, should I contact the owners of this software?
Hello
Yes, I'll go ahead and post the first set of instructions and I'll just add this program to the list of programs to uninstall. No need to contact the vendor as we'll be removing it.
Step 1: Multiple Anti-Virus Warning
Your log indicates you have 2 or more anti-virus programs installed on your machine. They are "Kaspersky Anti-Virus" and "Norton Internet Security".
- Research shows that having multiple anti-virus programs installed is not a good idea. This is a case of more is not better. Even when disabled, they will load the drivers they need in case you enable them, thereby hogging system resources. They will often also conflict with each, provide false positives, and additional problems.
- We need to remove one of these from your system. If you have paid for one, I would recommend you keep that one and uninstall the other.
Please uninstall the following programs from your machine as they are adware/malware related. If one of the programs fails to uninstall, please move on to the next one in the list.
- BrowserProtect
- Delta Chrome Toolbar
- Delta toolbar
- Fantastigames
- HideIP Easy
- GetSavin
- Settings Alerter
- TelevisionFanatic Toolbar
- Yontoo 2.053
There is are extensions in Chrome that need to be removed, please follow the instructions below to remove them.
Start Chrome and type this into the address bar: chrome:extensions
This will display a page of all the installed extensions. Please remove the extensions listed below by clicking the trash can icon.
- Delta Toolbar
- StartNow
- Amazing Coupons
- Yontoo
Step 4: Fix with Farbar's Recovery Scan Tool
Note: Please copy FRST64.exe from the USB to the desktop of the infected machine or this step will not work.
- Using the infected computer, open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
- Right-click in the open notepad and select Paste).
- Save it on the desktop as fixlist.txt
NOTE: It's important that both files, FRST/FRST64.exe and fixlist.txt are in the same location or the fix will not work.
Start
CreateRestorePoint:
CloseProcesses:
(Yontoo LLC) C:\Users\Owner\AppData\Roaming\Yontoo\YontooDesktop.exe
C:\Users\Owner\AppData\Roaming\Yontoo
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\...\Run: [Yontoo Desktop] => C:\Users\Owner\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-04-30] (Yontoo LLC)
HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\...\Run: [Open Download Manager] => C:\Program Files (x86)\OpenDownloaderManager\odm.exe [6369280 2013-02-20] (OpenDownloadManager.com)
C:\Program Files (x86)\OpenDownloaderManager
HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\...\Run: [Exetender] => C:\Program Files (x86)\FantastiGames\GPlayer.exe [4973456 2013-03-14] (Exent Technologies Ltd.)
C:\Program Files (x86)\FantastiGames
HKU\S-1-5-18\...\Run: [Exetender] => C:\Program Files (x86)\FantastiGames\GPlayer.exe [4973456 2013-03-14] (Exent Technologies Ltd.)
AppInit_DLLs-x32: c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll => c:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll [2523136 2013-07-08] ()
c:\progra~3\browse~1
c:\ProgramData\BrowserProtect
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-se...A88C417FE843CAE
HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www2.delta-se...A88C417FE843CAE
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2463} URL = http://isearch.fanta...q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2463} URL = http://isearch.fanta...q={searchTerms}
SearchScopes: HKLM-x32 -> {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-21-3306144526-1543565107-3197362354-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-se...A88C417FE843CAE
SearchScopes: HKU\S-1-5-21-3306144526-1543565107-3197362354-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-3306144526-1543565107-3197362354-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-se...A88C417FE843CAE
SearchScopes: HKU\S-1-5-21-3306144526-1543565107-3197362354-1000 -> {8B9AB051-A6E4-49D5-BBD0-761DFEB2C033} URL = http://mp3tubetoolba...s={searchTerms}
SearchScopes: HKU\S-1-5-21-3306144526-1543565107-3197362354-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2463} URL = http://isearch.fanta...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3306144526-1543565107-3197362354-1000 -> {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKU\S-1-5-21-3306144526-1543565107-3197362354-1000 -> {D2D72ABF-DFC7-456C-86D8-69B639002ADB} URL = http://websearch.ask...apn_dtid=OSJ000
BHO-x32: GetSavin 5.0 -> {5BB972CB-156D-4811-9D36-9570AF1E2BB7} -> C:\Users\Owner\AppData\Local\getsavin\ie\getsavin_1362754201.dll No File
C:\Users\Owner\AppData\Local\getsavin
BHO-x32: delta Helper Object -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> C:\Program Files (x86)\Delta\delta\1.8.16.16\bh\delta.dll [2013-03-13] (Delta-search.com)
C:\Program Files (x86)\Delta
BHO-x32: Yontoo -> {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -> C:\Program Files (x86)\Yontoo\YontooIEClient.dll [2013-04-30] (Yontoo LLC)
C:\Program Files (x86)\Yontoo
Toolbar: HKLM-x32 - VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll No File
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dll [2013-03-13] (Delta-search.com)
FF NewTab: hxxp://www2.delta-search.com/?affID=119842&tt=gc_&babsrc=NT_ss&mntrId=CA88C417FE843CAE
FF SearchEngineOrder.1: Delta Search
FF Homepage: hxxp://www2.delta-search.com/?affID=119842&tt=gc_&babsrc=HP_ss&mntrId=CA88C417FE843CAE
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\FantastiGames\npExentCtl.dll [2009-12-27] (Exent Technologies Ltd.)
FF Plugin-x32: @TelevisionFanatic.com/Plugin -> C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll No File
C:\Program Files (x86)\TelevisionFanatic
FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\FantastiGames\NPGameTreatPlugin.dll No File
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\searchplugins\babylon.xml [2013-05-06]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\searchplugins\BrowserProtect.xml [2013-02-15]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\searchplugins\delta.xml [2013-05-06]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\searchplugins\Mp3Tube.xml [2011-09-05]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearch.xml [2013-03-08]
FF Extension: Delta Toolbar - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\Extensions\[email protected] [2013-05-06]
FF Extension: GetSavin - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\Extensions\getsavin@jetpack [2013-03-08]
FF Extension: Yontoo - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\Extensions\[email protected] [2013-05-06]
FF Extension: ShopToWin15 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\Extensions\{4ac80c6c-0a1b-4b3a-ad7e-8a6d8f5e6928} [2012-11-24]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin
CHR Plugin: (Shockwave Flash) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.72\gcswf32.dll No File
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\incfcgceegpikennjoplhfghaaikdgei
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
CHR HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [incfcgceegpikennjoplhfghaaikdgei] - C:\Users\Owner\AppData\Roaming\StartNow Toolbar\CR\zcrx.crx [2012-08-20]
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Owner\AppData\Roaming\BabSolution\CR\delta2.crx [2013-05-06]
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files (x86)\Yontoo\YontooLayers.crx [2013-05-06]
CHR HKLM-x32\...\Chrome\Extension: [pbkdpahkifcigckmhiafindmaflfifgm] - C:\Users\Owner\AppData\Local\Coupon Companion\Chrome\Coupon Companion.crx [Not Found]
S2 SessionLauncher; C:\Users\Owner\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
R2 X5XSEx_Pr143; C:\Program Files (x86)\FantastiGames\X5XSEx_Pr143.Sys [56136 2012-08-02] (Exent Technologies Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Users\Owner\AppData\Roaming\Yontoo
C:\ProgramData\C__Users_Owner_AppData_Local_Temp_wz9195_Crack_HideIPEasy.exe
Task: {0893EDC2-E291-473C-A6E4-6548BE1FF194} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {12EECD40-99FB-4C17-8524-202623BF6F32} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
C:\Program Files (x86)\Ask.com
Task: {1E02C06A-1677-4331-83F4-EFD39B9B551A} - System32\Tasks\EPUpdater => C:\Users\Owner\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-06-06] () <==== ATTENTION
Task: {225139B3-FC3A-491F-9748-6595EECEB145} - System32\Tasks\BrowserProtect => Sc.exe start BrowserProtect <==== ATTENTION
C:\Users\Owner\AppData\Roaming\BabSolution
Task: {3B190A9F-FB58-43D2-8FFF-4BAE5BD4C406} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {9F0FA91F-9A06-48D3-801D-B9899409DA67} - \Adobe Flash Player Updater No Task File <==== ATTENTION
Task: {E2E0E115-DD1A-4A8B-82FA-0ADB89E8FB69} - System32\Tasks\GorillaPrice => C:\Program <==== ATTENTION
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
Before running the fix, please ensure that FRST64.exe and the fixlist.txt are both on the Desktop of the infected computer.
Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.
Step 5: Scan with AdwCleaner
Note: If the infected machine is still blocking downloading directly to it, please download this program to the USB and then transfer it to the desktop of the infected machine. Do not run it from the USB.
Download ADWcleaner by clicking here. Please save it to your Desktop
- Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
- Close any open windows or browsers.
- Pause your Anti-Virus program if it is running.
- Once it starts, click on the Scan button.
- Let the scan complete itself. This may take a few minutes.
- Once the scan has finished, it will say "Waiting, uncheck elements you don't want to remove.", don't remove anything it finds at this time.
- Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
Please post each of these logs as a separate reply in this thread.
Fixlog.txt Log
AdwCleaner Log
Similar Topics
Also tagged with one or more of these keywords: Freezing, Farbar wont download, Pop ups, Memory usage thru the roof, hard to use.
|
Hardware →
System Building and Upgrading →
Hello gamer friends, I require an assist! XDStarted by camhov , 26 Dec 2020  building, pc, gaming, freezing
|
|
|
|
|
|
Security →
Virus, Spyware, Malware Removal →
clipconverter.cc pop up malwareStarted by forestdave , 01 Oct 2018 clipconverter malware, pop ups and 2 more...
|
|
|
|
|
|
Operating Systems →
Windows 8 and 8.1 →
Windows 8.1 Starts Freezing After UpdateStarted by harrisrobert , 27 Feb 2018 Freezing, Hanging, windows 8.1
|
|
|
|
|
|
Software →
Web Browsers and Email →
Need help with chronic Firefox issueStarted by andythebeagle , 04 Oct 2017 script, hanging, freezing and 4 more...
|
|
|
|
|
|
Security →
Virus, Spyware, Malware Removal →
Freezing, probably a virusStarted by catherine8817 , 13 Sep 2017 Freezing, Laptop Freezing, Acer
|
|
|
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
