Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bad Image Virus


  • This topic is locked This topic is locked
14 replies to this topic

#1 katied2

katied2

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 08 September 2014 - 02:45 PM

I'm so glad I found this site!  No matter what I do on my laptop, I am receiving a "bad image" error.  The file name on the error changes, it's not always the same.  But, it typically references the following location "C:program files (x86)\music toolbar\datamngr\abcrtldr.dll.  I have tried running my Malware Anti-Malware program, but it won't do anything but throw this error.  I ran some of the programs I downloaded from your site and have attempted to post the text to this post (3 times), but I get an error saying your site is not available.  So...this time I will attempt to add them as attachments.

 

I also tried to download DDS.com, but right after it runs a security scan on it, I receive the following "windows library documents  library-ms is no longer working.  this library can be safely deleted from your computer.  Folders that have been included will not be affected"..Then it says that DDS.com might have been removed or deleted and it will not allow me to download it.

 

Any assistance you can give me will be greatly appreciated!  My kids use this laptop for school work, so we have a big problem! :-(Attached File  Addition.txt   32.85KB   2 downloadsAttached File  arkt.txt   2.98KB   3 downloadsAttached File  FRST.txt   53.28KB   5 downloads



BC AdBot (Login to Remove)

 


m

#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 PM

Posted 09 September 2014 - 03:23 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs
 

 

iLivid

Torch

 


Close the window.

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 katied2

katied2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 09 September 2014 - 07:50 PM

Hello and thank you so much for your advice!  I was able to uninstall the first program, iLivid, successfully.  However, when I attempt to uninstall Torch, the screen flashes a few times and then I get a message w/ the title "Program Compatibility Assistant".  The modal text is "This program might not have uninstalled correctly.  If this program did not uninstall correctly, you can try uninstalling the program using compatibility settings".  There were two buttons:  one said something like "program uninstalled correctly" and the other said "uninstall using compatibility".  The first time, I clicked the button that said it uninstalled correctly.  But, when I looked, it was still there.  So, I tried a second time and this time I clicked the "uninstall using compatibility" button.  Torch is still there!  I can't make it uninstall.  I didn't move on from there because I wasn't sure if I should or not.  Please let me know what I should do now.  Thank you!!  Kristen



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 PM

Posted 10 September 2014 - 07:26 AM

We need to remove some programs with Revo Uninstaller Free:


Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:

    Torch
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 katied2

katied2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 10 September 2014 - 08:38 AM

Okay, I followed your instructions and it found and removed more than 3000 files!  I then went back to your original instructions and downloaded the fixlist.text file and then ran frst.exe.  However, I think I may have made an error.  When the program came up, I clicked on Scan and not Fix.  It ran the scan and then threw an error with this title "Fabar Recovery Scan Tool:  FRST64.exe - Bad Image" and this text "C:\Program Files (x86)\Music Toolbar\Datamngr\apcrtdr.dll is either not designed to run on windows or it contains an error.  Try installing the program again using the original installation media or contact your system admin or software vendor for support.  Error status 0xc000012f".  Realizing I was supposed to click "Fix" and not "Scan", I then clicked the "Fix" button and I received this error "documents library-MS is no longer working".  Ugh!  I'm sorry!  It did not appear to create a fixlog.  What now?



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 PM

Posted 11 September 2014 - 07:07 AM

Please download the fixlist.txt again and save it next to FRST64.exe.

Reboot your computer into safe mode, run FRST64 and hit fix.

 

Reboot into normal mode and post the log.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 katied2

katied2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 11 September 2014 - 08:32 PM

After trying for 45 minutes to boot into safe mode, I give up.  I googled, I watched youtube videos.  I can't get it to work. When I search for "advanced startup" nothing returns.  When I search for msconfig....no files found.  :-(



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 PM

Posted 12 September 2014 - 05:36 AM

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.
Please see here for additional details.

Edited by TB-Psychotic, 12 September 2014 - 05:36 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 katied2

katied2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 12 September 2014 - 08:15 PM

Hi.  I read the documentation and have tried F8 and shift F8 (neither did anything) as well as going to the c:\windows\system32\ prompt and typing "bcdedit /set [default} bootmenupolicy legacy" and it gives me this error:  The boot configuration data store could not be opened".  I'm lost :(



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 PM

Posted 14 September 2014 - 05:21 AM

When rebooting your computer, keep hitting F8 before the "windows is loading" screen.

You´ll get the "advanced starup options" displayed, then.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 katied2

katied2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 19 September 2014 - 05:59 PM

Sorry for the delay in responding.  Busy week!  F8 didn't do anything.  After further research, I tried hitting ESC multiple times and that brought me to the Advanced Options menu.  I'm not sure what to do from here.  The options are:

 

System Restore

System Image Recovery

Automatic Repair

Command Prompt

UEFI Firmware Settings



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 PM

Posted 22 September 2014 - 04:01 AM

OK, then we´ll take the other way:

 

Scan with FRST (Recovery Environment)


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.


To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt


  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 katied2

katied2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 24 September 2014 - 06:34 PM

Okay, I think I did everything correctly....at least I hope so.  I have windows 8, but think I did what I was supposed to do even though the instructions weren't exactly the same.  I can tell you that I am still getting a library ms error and my laptop keeps hanging up. :-(

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2014
Ran by Kristen (administrator) on KRISTENS on 24-09-2014 14:29:34
Running from F:\
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\$SysReset\Framework\Stack\SystemResetOSUpdates.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16384_none_622908ad510eb05b\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\DsmUserTask.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-20] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2012-09-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\RunOnce: [SymSilent] => C:\Program Files (x86)\SymSilent\SymSilent.exe [925080 2012-06-19] (Symantec Corporation)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT13/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {D676958A-F8C7-43D5-BEF0-8FEC7788F127} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {D676958A-F8C7-43D5-BEF0-8FEC7788F127} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {D676958A-F8C7-43D5-BEF0-8FEC7788F127} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn [2014-09-24]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2014-09-24]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\Exts\Chrome.crx [2013-03-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-09-18] (Advanced Micro Devices, Inc.) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
S2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe [143928 2012-06-14] (Symantec Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20120615.003\BHDrvx64.sys [1377440 2012-06-11] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1400000.088\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20120611.002\IDSVia64.sys [509088 2012-06-11] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20120616.009\ENG64.SYS [120440 2012-06-15] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20120616.009\EX64.SYS [2068600 2012-06-15] (Symantec Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1400000.088\SRTSP64.SYS [753312 2012-05-24] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1400000.088\SRTSPX64.SYS [37496 2012-01-11] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1400000.088\SYMDS64.SYS [485024 2012-05-24] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1400000.088\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1400000.088\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-03-19] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1400000.088\Ironx64.SYS [222368 2012-05-24] (Symantec Corporation)
R3 SymNetS; C:\Windows\system32\drivers\NISx64\1400000.088\SYMNETS.SYS [431224 2012-05-09] (Symantec Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 16:13 - 2014-09-24 16:13 - 00000000 ____D () C:\Windows.old
2014-09-24 16:12 - 2014-09-24 16:12 - 00262144 _____ () C:\Windows\system32\config\userdiff
2014-09-24 15:34 - 2014-09-24 15:35 - 00000000 ___HD () C:\$SysReset
2014-09-24 14:15 - 2014-09-24 14:15 - 00000000 ____D () C:\Users\Kristen\AppData\Roaming\hpqlog
2014-09-24 14:12 - 2014-09-24 14:23 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1410013759-3323323864-3301412634-1002
2014-09-24 14:01 - 2014-09-24 14:01 - 00000000 ____D () C:\Users\Kristen\AppData\Local\AMD
2014-09-24 14:00 - 2014-09-24 14:00 - 00000000 ____D () C:\Users\Kristen\AppData\Roaming\ATI
2014-09-24 14:00 - 2014-09-24 14:00 - 00000000 ____D () C:\Users\Kristen\AppData\Local\ATI
2014-09-24 13:59 - 2014-09-24 14:15 - 00000000 ____D () C:\Users\Kristen\AppData\Local\Hewlett-Packard
2014-09-24 13:59 - 2014-09-24 13:59 - 00010394 _____ () C:\Users\Kristen\Desktop\Removed Apps.html
2014-09-24 13:59 - 2014-09-24 13:59 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-09-24 13:56 - 2014-09-24 13:56 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9CD3A169-988B-49F5-9A7B-37A0C079A814}
2014-09-24 13:52 - 2014-09-24 13:52 - 00001434 _____ () C:\Users\Kristen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-24 13:52 - 2014-09-24 13:52 - 00000000 ____D () C:\Users\Kristen\AppData\Roaming\Adobe
2014-09-24 13:51 - 2014-09-24 13:51 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2014-09-24 13:49 - 2014-09-24 13:49 - 00004028 _____ () C:\Windows\System32\Tasks\HPGenoobeReminder
2014-09-24 13:49 - 2014-09-24 13:49 - 00000000 ___HD () C:\Windows\system32\CanonIJ Uninstaller Information
2014-09-24 13:49 - 2014-09-24 13:49 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-09-24 13:49 - 2014-09-24 13:49 - 00000000 ____D () C:\Users\Kristen\AppData\Roaming\Hewlett-Packard
2014-09-24 13:49 - 2014-09-24 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX410 series
2014-09-24 13:48 - 2010-09-20 05:00 - 00374784 _____ (CANON INC.) C:\Windows\system32\CNMLMAL.DLL
2014-09-24 13:44 - 2014-09-24 13:44 - 00000000 ____D () C:\Users\Kristen\AppData\Local\Power2Go8
2014-09-24 13:43 - 2014-09-24 13:43 - 00000000 ____D () C:\Users\Kristen\AppData\Roaming\Synaptics
2014-09-24 13:42 - 2014-09-24 13:42 - 00000020 ___SH () C:\Users\Kristen\ntuser.ini
2014-09-24 13:42 - 2014-09-24 13:42 - 00000000 ____D () C:\Users\Kristen\AppData\Local\VirtualStore
2014-09-24 13:39 - 2014-09-24 13:39 - 00000000 ___HD () C:\ProgramData\CanonIJFAX
2014-09-24 13:39 - 2010-10-21 05:00 - 00302080 _____ (CANON INC.) C:\Windows\system32\CNCALAL.DLL
2014-09-24 13:27 - 2014-09-24 13:27 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-09-24 13:24 - 2014-09-24 14:17 - 00231281 _____ () C:\Windows\WindowsUpdate.log
2014-09-24 13:23 - 2014-09-24 13:23 - 00001707 _____ () C:\Users\Administrator\AppData\Local\Application.xml
2014-09-24 13:20 - 2012-10-20 16:08 - 00002100 _____ () C:\Users\Kristen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-09-24 13:19 - 2014-09-24 13:57 - 00000000 ____D () C:\Users\Kristen
2014-09-24 13:19 - 2014-09-24 13:22 - 00017148 _____ () C:\Windows\diagwrn.xml
2014-09-24 13:19 - 2014-09-24 13:22 - 00017148 _____ () C:\Windows\diagerr.xml
2014-09-24 13:19 - 2014-09-24 13:22 - 00000000 ___HD () C:\Users\Kristen\Documents\hp.system.package.metadata
2014-09-24 13:19 - 2012-07-26 03:13 - 00000000 ___RD () C:\Users\Kristen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-09-24 13:19 - 2012-07-26 03:13 - 00000000 ___RD () C:\Users\Kristen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-24 13:19 - 2012-07-26 03:13 - 00000000 ___RD () C:\Users\Kristen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-24 13:19 - 2012-07-26 03:13 - 00000000 ____D () C:\Users\Kristen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-24 13:15 - 2014-09-24 13:15 - 00002310 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1410013759-3323323864-3301412634-500
2014-09-11 19:52 - 2014-09-11 19:52 - 02105856 _____ (Farbar) C:\Users\Kristen\Desktop\FRST64.exe
2014-09-11 19:50 - 2014-09-11 19:50 - 00003583 _____ () C:\Users\Kristen\Desktop\fixlist.txt
2014-09-08 12:27 - 2014-09-08 12:27 - 00054555 _____ () C:\Users\Kristen\Desktop\FRST.txt
2014-09-08 12:26 - 2014-09-08 12:26 - 00033643 _____ () C:\Users\Kristen\Desktop\Addition.txt
2014-09-08 12:22 - 2014-09-24 14:29 - 00000000 ____D () C:\FRST
2014-09-08 11:42 - 2014-09-08 11:42 - 00003056 _____ () C:\Users\Kristen\Desktop\arkt.txt
2014-09-08 11:25 - 2014-09-08 11:25 - 00000000 ___RD () C:\Users\Kristen\Documents\Notes

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 16:13 - 2014-09-24 16:13 - 00000000 ____D () C:\Windows.old
2014-09-24 16:13 - 2012-07-26 03:13 - 00262144 _____ () C:\Windows\system32\config\BCD-Template
2014-09-24 16:12 - 2014-09-24 16:12 - 00262144 _____ () C:\Windows\system32\config\userdiff
2014-09-24 15:35 - 2014-09-24 15:34 - 00000000 ___HD () C:\$SysReset
2014-09-24 14:31 - 2012-07-26 02:28 - 00941050 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-24 14:29 - 2014-09-08 12:22 - 00000000 ____D () C:\FRST
2014-09-24 14:28 - 2012-07-26 02:21 - 00038991 _____ () C:\Windows\setupact.log
2014-09-24 14:23 - 2014-09-24 14:12 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1410013759-3323323864-3301412634-1002
2014-09-24 14:18 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\restore
2014-09-24 14:17 - 2014-09-24 13:24 - 00231281 _____ () C:\Windows\WindowsUpdate.log
2014-09-24 14:15 - 2014-09-24 14:15 - 00000000 ____D () C:\Users\Kristen\AppData\Roaming\hpqlog
2014-09-24 14:15 - 2014-09-24 13:59 - 00000000 ____D () C:\Users\Kristen\AppData\Local\Hewlett-Packard
2014-09-24 14:11 - 2012-07-26 02:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-24 14:06 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-24 14:04 - 2012-10-20 15:43 - 00291288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-24 14:01 - 2014-09-24 14:01 - 00000000 ____D () C:\Users\Kristen\AppData\Local\AMD
2014-09-24 14:00 - 2014-09-24 14:00 - 00000000 ____D () C:\Users\Kristen\AppData\Roaming\ATI
2014-09-24 14:00 - 2014-09-24 14:00 - 00000000 ____D () C:\Users\Kristen\AppData\Local\ATI
2014-09-24 14:00 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru
2014-09-24 13:59 - 2014-09-24 13:59 - 00010394 _____ () C:\Users\Kristen\Desktop\Removed Apps.html
2014-09-24 13:59 - 2014-09-24 13:59 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-09-24 13:59 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-09-24 13:57 - 2014-09-24 13:19 - 00000000 ____D () C:\Users\Kristen
2014-09-24 13:56 - 2014-09-24 13:56 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9CD3A169-988B-49F5-9A7B-37A0C079A814}
2014-09-24 13:52 - 2014-09-24 13:52 - 00001434 _____ () C:\Users\Kristen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-24 13:52 - 2014-09-24 13:52 - 00000000 ____D () C:\Users\Kristen\AppData\Roaming\Adobe
2014-09-24 13:52 - 2013-06-23 15:15 - 00000000 ____D () C:\Users\Kristen\AppData\Local\Packages
2014-09-24 13:52 - 2013-03-19 12:44 - 00000000 ___RD () C:\Program Files\Online Services
2014-09-24 13:52 - 2012-10-20 16:12 - 00000000 ___RD () C:\Program Files (x86)\Online Services
2014-09-24 13:51 - 2014-09-24 13:51 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2014-09-24 13:51 - 2013-03-19 12:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2014-09-24 13:51 - 2013-03-19 12:41 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2014-09-24 13:51 - 2012-10-20 16:15 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-09-24 13:51 - 2012-10-20 16:03 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2014-09-24 13:50 - 2012-08-03 19:02 - 00000000 ___HD () C:\SYSTEM.SAV
2014-09-24 13:49 - 2014-09-24 13:49 - 00004028 _____ () C:\Windows\System32\Tasks\HPGenoobeReminder
2014-09-24 13:49 - 2014-09-24 13:49 - 00000000 ___HD () C:\Windows\system32\CanonIJ Uninstaller Information
2014-09-24 13:49 - 2014-09-24 13:49 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-09-24 13:49 - 2014-09-24 13:49 - 00000000 ____D () C:\Users\Kristen\AppData\Roaming\Hewlett-Packard
2014-09-24 13:49 - 2014-09-24 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX410 series
2014-09-24 13:44 - 2014-09-24 13:44 - 00000000 ____D () C:\Users\Kristen\AppData\Local\Power2Go8
2014-09-24 13:43 - 2014-09-24 13:43 - 00000000 ____D () C:\Users\Kristen\AppData\Roaming\Synaptics
2014-09-24 13:42 - 2014-09-24 13:42 - 00000020 ___SH () C:\Users\Kristen\ntuser.ini
2014-09-24 13:42 - 2014-09-24 13:42 - 00000000 ____D () C:\Users\Kristen\AppData\Local\VirtualStore
2014-09-24 13:39 - 2014-09-24 13:39 - 00000000 ___HD () C:\ProgramData\CanonIJFAX
2014-09-24 13:27 - 2014-09-24 13:27 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-09-24 13:26 - 2013-03-19 13:08 - 00000000 ____D () C:\ProgramData\Norton
2014-09-24 13:26 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-09-24 13:24 - 2012-08-03 18:21 - 00000000 ____D () C:\Windows\Panther
2014-09-24 13:24 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\Recovery
2014-09-24 13:23 - 2014-09-24 13:23 - 00001707 _____ () C:\Users\Administrator\AppData\Local\Application.xml
2014-09-24 13:23 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\rescache
2014-09-24 13:23 - 2012-07-26 00:37 - 00000000 __RHD () C:\Users\Default
2014-09-24 13:22 - 2014-09-24 13:19 - 00017148 _____ () C:\Windows\diagwrn.xml
2014-09-24 13:22 - 2014-09-24 13:19 - 00017148 _____ () C:\Windows\diagerr.xml
2014-09-24 13:22 - 2014-09-24 13:19 - 00000000 ___HD () C:\Users\Kristen\Documents\hp.system.package.metadata
2014-09-24 13:22 - 2012-10-20 16:12 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-09-24 13:22 - 2012-07-26 03:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-09-24 13:16 - 2012-08-03 17:40 - 00010171 _____ () C:\Windows\iis.log
2014-09-24 13:16 - 2012-07-26 03:13 - 00004552 _____ () C:\Windows\DtcInstall.log
2014-09-24 13:15 - 2014-09-24 13:15 - 00002310 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1410013759-3323323864-3301412634-500
2014-09-24 13:14 - 2012-08-03 17:23 - 00004082 _____ () C:\Windows\PFRO.log
2014-09-24 12:25 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-19 17:34 - 2014-03-18 06:47 - 00000000 ___HD () C:\$Windows.~BT
2014-09-11 19:52 - 2014-09-11 19:52 - 02105856 _____ (Farbar) C:\Users\Kristen\Desktop\FRST64.exe
2014-09-11 19:50 - 2014-09-11 19:50 - 00003583 _____ () C:\Users\Kristen\Desktop\fixlist.txt
2014-09-10 08:55 - 2013-07-18 22:39 - 00114176 ___SH () C:\Users\Kristen\Desktop\Thumbs.db
2014-09-08 12:27 - 2014-09-08 12:27 - 00054555 _____ () C:\Users\Kristen\Desktop\FRST.txt
2014-09-08 12:26 - 2014-09-08 12:26 - 00033643 _____ () C:\Users\Kristen\Desktop\Addition.txt
2014-09-08 11:42 - 2014-09-08 11:42 - 00003056 _____ () C:\Users\Kristen\Desktop\arkt.txt
2014-09-08 11:25 - 2014-09-08 11:25 - 00000000 ___RD () C:\Users\Kristen\Documents\Notes
2014-09-07 17:15 - 2013-07-07 23:21 - 00000000 ____D () C:\Users\Kristen\Documents\Youcam

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2012-08-03 17:23



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 PM

Posted 25 September 2014 - 07:22 AM

While signed in to Windows 8:
  • Open the Charms Bar, click/tap on Settings.
  • Click/tap on the Power button at the bottom right corner, press and hold the Shift key, and click/tap on Restart.
  • Your computer will restart and boot into Advanced Startup Options
  • Click on Troubleshoot
  • Select Command Prompt
  • In the command window:
  • Type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 PM

Posted 13 October 2014 - 08:08 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users