Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome.exe problem


  • This topic is locked This topic is locked
2 replies to this topic

#1 madmike34455

madmike34455

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 16 September 2014 - 03:51 PM

Symptoms:

1) Firefox and the computer in general runs slower and slower every day.

2) Get Avast message with URL: Mal infection pop up message on several occasions.

3) A program called "chrome.exe" is taking up a ridiculous amount of memory in my task manager.

 

After reading some other posts, I have already used the FRST scan. Here are my results-

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Michael (administrator) on MICHAEL-PC on 16-09-2014 16:26:29
Running from C:\Users\Michael\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\Runservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Michael\AppData\Local\Idle-#-Crawler\Idle-#-Crawler.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(The Chromium Authors) C:\Users\Michael\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Michael\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Michael\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Michael\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Michael\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Michael\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Michael\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Michael\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Michael\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Michael\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Michael\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Michael\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Michael\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Michael\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Michael\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-10] (TOSHIBA Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-07-30] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3143051783-713228559-3831284264-1001\...\Run: [Google Update] => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-08-22] (Google Inc.)
HKU\S-1-5-21-3143051783-713228559-3831284264-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3143051783-713228559-3831284264-1001\...\MountPoints2: E - E:\autorun.exe
HKU\S-1-5-21-3143051783-713228559-3831284264-1001\...\MountPoints2: {4d3d2a1f-01c4-11e2-9f18-ba8b3e37602f} - E:\autorun.exe
HKU\S-1-5-21-3143051783-713228559-3831284264-1001\...\MountPoints2: {bcd1a3cd-1947-11e2-9c91-aa883ae86e39} - E:\autorun.exe
HKU\S-1-5-21-3143051783-713228559-3831284264-1001\...\MountPoints2: {e9792812-01e8-11e2-9f67-b88f78776b2a} - E:\autorun.exe
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
SearchScopes: HKLM - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKCU - {08F4472D-F3A8-419E-ADBC-1844851FB049} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 71.250.0.12

FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\myxtov1x.default
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: Google
FF Homepage: www.reddit.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Michael\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Michael\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Michael\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Imgur Uploader - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\myxtov1x.default\Extensions\giorgio@gilestro.tk.xpi [2012-08-05]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\myxtov1x.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-03-12]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-03]

Chrome: 
=======
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-04] (AVAST Software)
R2 LicCtrlService; C:\windows\runservice.exe [2560 2014-02-03] () [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [75136 2014-05-31] ()
R2 PnkBstrB; C:\windows\SysWOW64\PnkBstrB.exe [189248 2014-05-31] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-04] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-03] (Disc Soft Ltd)
R3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [32512 2014-09-16] ()
S4 LMIRfsClientNP; No ImagePath
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49264 2014-07-28] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35440 2014-05-13] (Visicom Media Inc.)
S3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [X]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 L1C; system32\DRIVERS\L1C62x64.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-16 16:26 - 2014-09-16 16:27 - 00017397 _____ () C:\Users\Michael\Downloads\FRST.txt
2014-09-16 16:26 - 2014-09-16 16:26 - 00000000 ____D () C:\FRST
2014-09-16 16:25 - 2014-09-16 16:26 - 02105856 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2014-09-16 16:10 - 2014-09-16 16:10 - 00003880 _____ () C:\windows\system32\.crusader
2014-09-16 15:55 - 2014-09-16 16:11 - 00032512 _____ () C:\windows\system32\Drivers\hitmanpro37.sys
2014-09-16 15:55 - 2014-09-16 16:10 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-16 15:46 - 2014-09-16 15:50 - 11194928 _____ (SurfRight B.V.) C:\Users\Michael\Downloads\HitmanPro_x64.exe
2014-09-16 15:41 - 2014-09-16 15:41 - 00000314 _____ () C:\windows\PFRO.log
2014-09-16 15:29 - 2014-09-16 16:11 - 00000224 _____ () C:\windows\setupact.log
2014-09-16 15:29 - 2014-09-16 15:29 - 00000000 _____ () C:\windows\setuperr.log
2014-09-14 14:20 - 2014-09-14 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-14 14:18 - 2014-09-14 14:20 - 04901352 _____ (Piriform Ltd) C:\Users\Michael\Downloads\ccsetup417.exe
2014-09-14 12:32 - 2014-09-14 13:48 - 00000000 ____D () C:\Program Files\WinPcap
2014-09-14 04:18 - 2014-09-14 04:18 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\postgresql
2014-09-14 03:31 - 2014-09-14 03:31 - 01373475 _____ () C:\Users\Michael\Downloads\adwcleaner_3.310.exe
2014-09-14 03:14 - 2014-09-14 03:16 - 00000000 ____D () C:\Users\Michael\AppData\Local\Idle-#-Crawler
2014-09-14 03:14 - 2014-09-14 03:14 - 00004594 _____ () C:\windows\System32\Tasks\Idle-#-Crawler Runner
2014-09-14 03:10 - 2014-09-16 16:11 - 00001344 _____ () C:\windows\Tasks\ATRBZ.job
2014-09-14 03:10 - 2014-09-16 16:11 - 00001338 _____ () C:\windows\Tasks\DK.job
2014-09-14 00:04 - 2014-09-14 00:04 - 00000000 ____D () C:\Users\Michael\Downloads\Webcam+Hacker+Pro
2014-09-13 19:11 - 2014-09-13 19:11 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\java
2014-09-12 17:53 - 2014-09-14 16:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-09 16:22 - 2014-08-17 00:00 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-09 16:22 - 2014-08-17 00:00 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-09 16:22 - 2014-08-16 23:59 - 19280384 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-09 16:22 - 2014-08-16 23:59 - 01407488 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-09 16:22 - 2014-08-16 23:59 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-09 16:22 - 2014-08-16 23:59 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-09 16:22 - 2014-08-16 23:59 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-09 16:22 - 2014-08-16 23:58 - 15399424 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-09 16:22 - 2014-08-16 23:58 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-09 16:22 - 2014-08-16 23:58 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-09 16:22 - 2014-08-16 23:58 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-09 16:22 - 2014-08-16 23:58 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-09-09 16:22 - 2014-08-16 23:58 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-09 16:22 - 2014-08-16 23:58 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-09 16:22 - 2014-08-16 23:58 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-09 16:22 - 2014-08-16 23:58 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-09 16:22 - 2014-08-16 23:58 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-09-09 16:22 - 2014-08-16 23:58 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-09 16:22 - 2014-08-16 23:58 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-09 16:22 - 2014-08-16 23:58 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-09 16:22 - 2014-08-16 23:57 - 14369280 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-09 16:22 - 2014-08-16 23:57 - 13757440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-09 16:22 - 2014-08-16 23:57 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-09 16:22 - 2014-08-16 23:57 - 02055168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-09 16:22 - 2014-08-16 23:57 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-09 16:22 - 2014-08-16 23:57 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-09 16:22 - 2014-08-16 23:57 - 01180672 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-09 16:22 - 2014-08-16 23:57 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-09-09 16:22 - 2014-08-16 23:57 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-09 16:22 - 2014-08-16 23:57 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-09-09 16:22 - 2014-08-16 23:57 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-09 16:22 - 2014-08-16 23:57 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-09 16:22 - 2014-08-16 23:57 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-09 16:22 - 2014-08-16 23:57 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-09-09 16:22 - 2014-08-16 23:57 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-09-09 16:22 - 2014-08-16 23:57 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-09 16:22 - 2014-08-16 23:57 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-09-09 16:22 - 2014-08-16 23:57 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-09-09 16:22 - 2014-08-16 23:57 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-09-09 16:22 - 2014-08-16 03:25 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-09 16:22 - 2014-08-16 02:43 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-09-09 16:15 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-09-09 16:15 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-09-09 15:29 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-09-09 15:29 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-09-09 15:28 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-09 15:28 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-09 15:28 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-09 15:28 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-09-09 15:28 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-09-09 15:28 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-09-09 15:28 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-09-09 15:28 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-09-09 15:28 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-09-07 01:47 - 2014-09-07 01:47 - 00000000 ____D () C:\Users\Michael\AppData\Local\BBC
2014-09-05 23:01 - 2014-09-05 23:08 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\FEZ
2014-09-05 23:01 - 2014-08-29 23:25 - 00012005 _____ () C:\Users\Michael\AppData\Roaming\alsoft.ini
2014-09-05 22:14 - 2014-09-05 22:14 - 00022016 _____ () C:\Users\Michael\Documents\June July August 2014 - Hanover Area Jr. Sr. High School Key Club.xls
2014-09-01 04:18 - 2014-09-01 04:18 - 00002086 _____ () C:\Users\Michael\AppData\Roaming\DK
2014-09-01 04:18 - 2014-09-01 04:18 - 00001248 _____ () C:\Users\Michael\AppData\Roaming\ATRBZ
2014-08-30 20:13 - 2014-09-07 01:47 - 00001162 _____ () C:\Users\Michael\Desktop\BBC iPlayer Downloads.lnk
2014-08-27 15:56 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-27 15:56 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-27 15:56 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-23 20:11 - 2014-08-23 20:11 - 00001103 _____ () C:\Users\Public\Desktop\Expat Shield Launch.lnk
2014-08-23 20:10 - 2014-09-14 01:29 - 00000000 ____D () C:\Program Files (x86)\Expat Shield
2014-08-23 20:10 - 2014-08-23 20:11 - 00000000 ____D () C:\Expat Shield
2014-08-23 20:10 - 2014-08-23 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Expat Shield
2014-08-23 20:08 - 2014-08-23 20:09 - 06990832 _____ () C:\Users\Michael\Downloads\HSS-2.25-install-anchorfree-232-expatshield.exe
2014-08-23 20:08 - 2014-08-23 20:08 - 00272072 _____ () C:\Users\Michael\Downloads\DM-232.exe
2014-08-21 11:39 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-21 11:39 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-21 11:39 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-21 11:39 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-21 11:39 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-21 11:39 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-21 11:39 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-21 11:39 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-21 11:39 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-21 11:39 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-21 11:38 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-21 11:38 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-21 11:38 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-21 11:38 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-08-20 13:15 - 2014-08-27 20:23 - 00000000 ____D () C:\Users\Michael\Documents\School 11th Grade
2014-08-20 11:29 - 2014-08-20 11:42 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Awesomium

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-16 16:27 - 2014-09-16 16:26 - 00017397 _____ () C:\Users\Michael\Downloads\FRST.txt
2014-09-16 16:26 - 2014-09-16 16:26 - 00000000 ____D () C:\FRST
2014-09-16 16:26 - 2014-09-16 16:25 - 02105856 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2014-09-16 16:25 - 2014-05-08 19:03 - 00000000 ____D () C:\ProgramData\Origin
2014-09-16 16:24 - 2013-08-22 21:21 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3143051783-713228559-3831284264-1001UA.job
2014-09-16 16:23 - 2014-05-08 19:02 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-16 16:21 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-16 16:21 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-16 16:17 - 2012-04-03 12:17 - 01803881 _____ () C:\windows\WindowsUpdate.log
2014-09-16 16:11 - 2014-09-16 15:55 - 00032512 _____ () C:\windows\system32\Drivers\hitmanpro37.sys
2014-09-16 16:11 - 2014-09-16 15:29 - 00000224 _____ () C:\windows\setupact.log
2014-09-16 16:11 - 2014-09-14 03:10 - 00001344 _____ () C:\windows\Tasks\ATRBZ.job
2014-09-16 16:11 - 2014-09-14 03:10 - 00001338 _____ () C:\windows\Tasks\DK.job
2014-09-16 16:11 - 2014-02-03 22:13 - 00000857 ___SH () C:\windows\SysWOW64\mmf.sys
2014-09-16 16:11 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-16 16:10 - 2014-09-16 16:10 - 00003880 _____ () C:\windows\system32\.crusader
2014-09-16 16:10 - 2014-09-16 15:55 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-16 16:04 - 2012-06-19 23:59 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-16 15:50 - 2014-09-16 15:46 - 11194928 _____ (SurfRight B.V.) C:\Users\Michael\Downloads\HitmanPro_x64.exe
2014-09-16 15:42 - 2014-07-07 17:00 - 00000000 ____D () C:\AdwCleaner
2014-09-16 15:41 - 2014-09-16 15:41 - 00000314 _____ () C:\windows\PFRO.log
2014-09-16 15:30 - 2013-06-03 17:02 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-09-16 15:29 - 2014-09-16 15:29 - 00000000 _____ () C:\windows\setuperr.log
2014-09-15 23:05 - 2013-09-21 20:00 - 00000936 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3143051783-713228559-3831284264-1001UA.job
2014-09-15 20:23 - 2013-08-22 21:21 - 00000864 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3143051783-713228559-3831284264-1001Core.job
2014-09-15 20:05 - 2013-09-21 20:00 - 00000914 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3143051783-713228559-3831284264-1001Core.job
2014-09-15 18:40 - 2012-06-13 13:45 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype
2014-09-15 15:48 - 2012-06-13 03:31 - 00000000 ____D () C:\Users\Michael
2014-09-14 19:47 - 2009-07-14 01:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-14 16:10 - 2014-09-12 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-14 14:20 - 2014-09-14 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-14 14:20 - 2014-09-14 14:18 - 04901352 _____ (Piriform Ltd) C:\Users\Michael\Downloads\ccsetup417.exe
2014-09-14 14:20 - 2014-07-28 20:33 - 00000793 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-14 14:20 - 2014-07-28 20:33 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-14 13:48 - 2014-09-14 12:32 - 00000000 ____D () C:\Program Files\WinPcap
2014-09-14 04:18 - 2014-09-14 04:18 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\postgresql
2014-09-14 03:56 - 2013-11-29 14:07 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-14 03:56 - 2011-10-31 14:48 - 00000000 ____D () C:\windows\Panther
2014-09-14 03:51 - 2014-03-19 20:15 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-14 03:51 - 2012-06-13 13:45 - 00000000 ____D () C:\ProgramData\Skype
2014-09-14 03:51 - 2012-04-03 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-14 03:31 - 2014-09-14 03:31 - 01373475 _____ () C:\Users\Michael\Downloads\adwcleaner_3.310.exe
2014-09-14 03:16 - 2014-09-14 03:14 - 00000000 ____D () C:\Users\Michael\AppData\Local\Idle-#-Crawler
2014-09-14 03:14 - 2014-09-14 03:14 - 00004594 _____ () C:\windows\System32\Tasks\Idle-#-Crawler Runner
2014-09-14 03:10 - 2012-04-03 12:51 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-14 01:29 - 2014-08-23 20:10 - 00000000 ____D () C:\Program Files (x86)\Expat Shield
2014-09-14 01:29 - 2014-08-03 22:57 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-09-14 01:29 - 2012-12-05 17:09 - 00000000 ____D () C:\Program Files\WinRAR
2014-09-14 00:04 - 2014-09-14 00:04 - 00000000 ____D () C:\Users\Michael\Downloads\Webcam+Hacker+Pro
2014-09-13 19:18 - 2014-02-16 20:05 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\.minecraft
2014-09-13 19:11 - 2014-09-13 19:11 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\java
2014-09-13 00:42 - 2014-07-22 16:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2014-09-12 20:55 - 2012-06-19 19:43 - 00000000 ____D () C:\Users\Michael\AppData\Local\ManyCam
2014-09-11 23:04 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2014-09-11 21:44 - 2013-06-01 22:27 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-10 17:07 - 2012-06-19 23:59 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 17:07 - 2012-06-19 23:59 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 17:07 - 2011-10-30 22:34 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-09 16:21 - 2014-01-28 22:30 - 00775124 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-09-09 16:19 - 2013-08-14 01:41 - 00000000 ____D () C:\windows\system32\MRT
2014-09-09 16:16 - 2012-06-13 19:01 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-09 16:15 - 2014-05-06 23:04 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-09-08 22:37 - 2014-03-08 14:34 - 00000000 ____D () C:\Users\Michael\Documents\Personal
2014-09-07 01:47 - 2014-09-07 01:47 - 00000000 ____D () C:\Users\Michael\AppData\Local\BBC
2014-09-07 01:47 - 2014-08-30 20:13 - 00001162 _____ () C:\Users\Michael\Desktop\BBC iPlayer Downloads.lnk
2014-09-05 23:19 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF
2014-09-05 23:09 - 2012-09-18 17:38 - 00000000 ____D () C:\Users\Michael\Documents\My Games
2014-09-05 23:08 - 2014-09-05 23:01 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\FEZ
2014-09-05 23:01 - 2014-07-03 14:31 - 00466456 _____ (Creative Labs) C:\windows\system32\wrap_oal.dll
2014-09-05 23:01 - 2014-07-03 14:31 - 00444952 _____ (Creative Labs) C:\windows\SysWOW64\wrap_oal.dll
2014-09-05 23:01 - 2014-07-03 14:31 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\windows\system32\OpenAL32.dll
2014-09-05 23:01 - 2014-07-03 14:31 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\windows\SysWOW64\OpenAL32.dll
2014-09-05 22:14 - 2014-09-05 22:14 - 00022016 _____ () C:\Users\Michael\Documents\June July August 2014 - Hanover Area Jr. Sr. High School Key Club.xls
2014-09-04 22:10 - 2014-09-09 15:28 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-04 22:05 - 2014-09-09 15:28 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-01 04:18 - 2014-09-01 04:18 - 00002086 _____ () C:\Users\Michael\AppData\Roaming\DK
2014-09-01 04:18 - 2014-09-01 04:18 - 00001248 _____ () C:\Users\Michael\AppData\Roaming\ATRBZ
2014-08-29 23:25 - 2014-09-05 23:01 - 00012005 _____ () C:\Users\Michael\AppData\Roaming\alsoft.ini
2014-08-28 22:16 - 2012-06-19 19:43 - 00000000 ____D () C:\ProgramData\ManyCam
2014-08-28 22:11 - 2013-09-24 22:13 - 00000996 _____ () C:\Users\Public\Desktop\ManyCam.lnk
2014-08-28 22:11 - 2012-06-19 19:42 - 00000000 ____D () C:\Program Files (x86)\ManyCam
2014-08-27 20:23 - 2014-08-20 13:15 - 00000000 ____D () C:\Users\Michael\Documents\School 11th Grade
2014-08-27 19:16 - 2009-07-14 00:45 - 00322256 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-25 06:53 - 2010-11-20 23:27 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-08-23 20:11 - 2014-08-23 20:11 - 00001103 _____ () C:\Users\Public\Desktop\Expat Shield Launch.lnk
2014-08-23 20:11 - 2014-08-23 20:10 - 00000000 ____D () C:\Expat Shield
2014-08-23 20:10 - 2014-08-23 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Expat Shield
2014-08-23 20:09 - 2014-08-23 20:08 - 06990832 _____ () C:\Users\Michael\Downloads\HSS-2.25-install-anchorfree-232-expatshield.exe
2014-08-23 20:08 - 2014-08-23 20:08 - 00272072 _____ () C:\Users\Michael\Downloads\DM-232.exe
2014-08-22 22:07 - 2014-08-27 15:56 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-08-27 15:56 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-08-27 15:56 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-22 18:13 - 2014-08-10 13:39 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-22 18:13 - 2013-10-29 15:36 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-22 18:12 - 2011-10-30 22:29 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-21 12:11 - 2012-09-18 15:18 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\DAEMON Tools Lite
2014-08-20 20:35 - 2013-12-12 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-08-20 20:32 - 2011-10-30 22:30 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-20 14:10 - 2014-03-08 14:32 - 00000000 ____D () C:\Users\Michael\Documents\School 10th Grade
2014-08-20 11:42 - 2014-08-20 11:29 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Awesomium
2014-08-20 00:32 - 2013-07-07 18:11 - 00000024 _____ () C:\Users\Michael\random.dat
2014-08-17 00:00 - 2014-09-09 16:22 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-17 00:00 - 2014-09-09 16:22 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

Files to move or delete:
====================
C:\Users\Michael\random.dat


Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 01:38

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Michael at 2014-09-16 16:27:28
Running from C:\Users\Michael\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Skypeâ„¢ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: - )
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3143051783-713228559-3831284264-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3143051783-713228559-3831284264-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

09-09-2014 19:28:23 Windows Update
09-09-2014 20:15:24 Windows Update
14-09-2014 08:25:53 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
14-09-2014 23:51:24 Windows Backup
16-09-2014 19:35:50 Windows Update
16-09-2014 20:09:10 Checkpoint by HitmanPro
16-09-2014 20:09:55 Checkpoint by HitmanPro

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {08913C69-ED9E-42F4-95C8-B9F3ED7D56A9} - \DK No Task File <==== ATTENTION
Task: {0BFE5B7B-8D48-4446-BD9C-2BB525615C9B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3143051783-713228559-3831284264-1001Core => C:\Users\Michael\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {17A4D74F-AB26-4C1D-9165-E1DFB1D0874A} - System32\Tasks\Spybot - Search & Destroy - Scheduled Task => C:\Program Files (x86)\Spybot - Search &amp; Destroy\SpybotSD.exe
Task: {1C2A6B8B-5897-47A0-A312-7689979BD31B} - System32\Tasks\Microsoft\Windows\Maintenance\Idle-#-Crawler Update => %LOCALAPPDATA%\Idle-#-Crawler\Idle-#-Crawler.exe <==== ATTENTION
Task: {1D96F588-3929-4D55-925B-4A2FEEB717F6} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {2214D267-E0A1-4635-9254-19C347AA3EE2} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {50A03A92-4BFF-47E0-880E-D587EC8AD2CC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3143051783-713228559-3831284264-1001Core => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-22] (Google Inc.)
Task: {5631ACF1-62DC-4012-B958-ADAF24B8820A} - System32\Tasks\Idle-#-Crawler Runner => %LOCALAPPDATA%\Idle-#-Crawler\Idle-#-Crawler.exe <==== ATTENTION
Task: {6A4760F2-5653-42BF-8F2C-44E632598451} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {76DCC4ED-EF2B-4791-936D-C0F82A588E51} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {83AC082B-FBE7-4F13-8B3C-E3BCA464DCD9} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {8B99F94B-B4BD-488D-93FE-5B89F7993C57} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {8CBB8444-04C5-45D6-BD2E-D3B564038C35} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3143051783-713228559-3831284264-1001UA => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-22] (Google Inc.)
Task: {8E630224-FA8E-42C6-961D-95DEA809C4C2} - \ATRBZ No Task File <==== ATTENTION
Task: {ADA6C2B8-959D-40B9-BF38-C713C1370E78} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B8B2C619-805E-40B0-A695-765E458F4391} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {BA1B1E21-3324-4774-A0F3-7AC9C5AF47DE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3143051783-713228559-3831284264-1001UA => C:\Users\Michael\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {BB612811-367C-4F18-8658-E03F2E5772EB} - System32\Tasks\{7FC4B4F0-7063-4DB6-9DF7-116950564543} => C:\Users\Michael\AppData\Local\AOL\AIM\aim.exe
Task: {D2483B18-AF2B-4587-91D5-A560CE4C06DD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {DCF25137-0B1A-4EB4-B862-3028994B7826} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3143051783-713228559-3831284264-1001
Task: {FA7C3473-74CE-413E-A227-AD0FB22AED84} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-04] (AVAST Software)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\ATRBZ.job => C:\Users\Michael\AppData\Roaming\ATRBZ.exe
Task: C:\windows\Tasks\DK.job => C:\Users\Michael\AppData\Roaming\DK.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3143051783-713228559-3831284264-1001Core.job => C:\Users\Michael\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3143051783-713228559-3831284264-1001UA.job => C:\Users\Michael\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3143051783-713228559-3831284264-1001Core.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3143051783-713228559-3831284264-1001UA.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe

==================== Loaded Modules (whitelisted) =============

2014-02-03 22:12 - 2014-02-03 22:12 - 00002560 _____ () C:\windows\runservice.exe
2014-05-31 23:37 - 2014-05-31 23:37 - 00075136 _____ () C:\windows\SysWOW64\PnkBstrA.exe
2014-05-31 23:37 - 2014-05-31 23:37 - 00189248 _____ () C:\windows\SysWOW64\PnkBstrB.exe
2011-04-04 22:18 - 2011-04-04 22:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 20:18 - 2010-11-18 20:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2014-09-09 14:45 - 2014-09-09 14:45 - 00133216 _____ () C:\Users\Michael\AppData\Local\Idle-#-Crawler\Idle-#-Crawler.exe
2011-06-10 00:09 - 2011-06-10 00:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-07-04 11:16 - 2014-07-04 11:16 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-16 15:29 - 2014-09-16 15:29 - 02862592 _____ () C:\Program Files\AVAST Software\Avast\defs\14091600\algo.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-03 22:12 - 2014-02-03 22:12 - 00048640 _____ () C:\windows\mmfs.dll
2013-06-01 22:27 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-06-01 22:27 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-06-01 22:27 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-06-01 22:27 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-06-01 22:27 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-07-04 11:16 - 2014-07-04 11:16 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-12 17:53 - 2014-09-12 17:54 - 03716720 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-09-09 14:46 - 2014-09-09 14:46 - 00104032 _____ () C:\Users\Michael\AppData\Local\Idle-#-Crawler\Modules\ManXec.dll
2014-09-09 14:46 - 2014-09-09 14:46 - 00074848 _____ () C:\Users\Michael\AppData\Local\Idle-#-Crawler\Modules\CmdProc.dll
2014-09-09 14:46 - 2014-09-09 14:46 - 00048224 _____ () C:\Users\Michael\AppData\Local\Idle-#-Crawler\Modules\PrfIns.dll
2014-09-09 14:47 - 2014-09-09 14:47 - 00056928 _____ () C:\Users\Michael\AppData\Local\Idle-#-Crawler\Modules\WbSes.dll
2014-09-09 14:47 - 2014-09-09 14:47 - 00146016 _____ () C:\Users\Michael\AppData\Local\Idle-#-Crawler\Modules\WdcMan.dll
2014-09-09 14:47 - 2014-09-09 14:47 - 00121952 _____ () C:\Users\Michael\AppData\Local\Idle-#-Crawler\Modules\WblSupp.dll
2014-09-09 14:46 - 2014-09-09 14:46 - 00111200 _____ () C:\Users\Michael\AppData\Local\Idle-#-Crawler\Modules\CmnUtls.dll
2014-09-10 17:07 - 2014-09-10 17:07 - 16825520 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
2014-09-14 03:16 - 2014-07-21 05:38 - 00393728 _____ () C:\Users\Michael\AppData\Local\Idle-#-Crawler\Chrome-bin\ppGoogleNaClPluginChrome.dll
2014-09-14 03:16 - 2014-07-21 05:38 - 00788480 _____ () C:\Users\Michael\AppData\Local\Idle-#-Crawler\Chrome-bin\ffmpegsumo.dll
2014-09-14 03:16 - 2013-12-03 22:48 - 13586896 _____ () C:\Users\Michael\AppData\Local\Idle-#-Crawler\Chrome-bin\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Facebook Update => "C:\Users\Michael\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

==================== Faulty Device Manager Devices =============

Name: Photosmart Premium C309g-m
Description: Photosmart Premium C309g-m
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart Premium C309g-m
Description: Photosmart Premium C309g-m
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/16/2014 04:11:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2014 04:10:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002c8,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,00000000022CF0E0.72). hr = 0x80070005, Access is denied.
.

Error: (09/16/2014 04:10:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000006ac,(null),0,REG_BINARY,0000000002AAE220.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {f037049b-5cb0-4dec-9c7c-1fafe13327eb}

Error: (09/16/2014 04:10:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000410,(null),0,REG_BINARY,00000000015FDD40.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {4ccc5e63-0710-42d7-b809-1934a8b07176}

Error: (09/16/2014 04:10:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000bf0,(null),0,REG_BINARY,0000000005D2E080.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {a6834662-2b66-47a2-90b4-e3517941a11a}

Error: (09/16/2014 04:10:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001b0,(null),0,REG_BINARY,0000000002E0F2C0.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Writer Name: COM+ REGDB Writer
Writer Instance ID: {8687be70-b4af-43d2-a2b4-ec9d967b2430}

Error: (09/16/2014 04:10:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001a0,(null),0,REG_BINARY,0000000001C9E990.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Writer Name: Registry Writer
Writer Instance ID: {ff49f4b2-63d8-415d-82a0-f00dec8ab081}

Error: (09/16/2014 04:10:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000410,(null),0,REG_BINARY,00000000015FDD40.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {4ccc5e63-0710-42d7-b809-1934a8b07176}

Error: (09/16/2014 04:10:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000006ac,(null),0,REG_BINARY,0000000002AAE220.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {f037049b-5cb0-4dec-9c7c-1fafe13327eb}

Error: (09/16/2014 04:10:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000bf0,(null),0,REG_BINARY,0000000005D2E080.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {a6834662-2b66-47a2-90b4-e3517941a11a}


System errors:
=============
Error: (09/16/2014 04:12:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (09/16/2014 04:11:53 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0.

Error: (09/16/2014 04:11:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (09/16/2014 03:55:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (09/16/2014 03:54:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (09/16/2014 03:43:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (09/16/2014 03:41:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (09/16/2014 03:30:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (09/16/2014 03:29:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (09/16/2014 03:29:09 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:15:07 PM on ‎9/‎15/‎2014 was unexpected.


Microsoft Office Sessions:
=========================
Error: (09/16/2014 04:11:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2014 04:10:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000002c8,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,00000000022CF0E0.72)0x80070005, Access is denied.

Error: (09/16/2014 04:10:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000006ac,(null),0,REG_BINARY,0000000002AAE220.72)0x80070005, Access is denied.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {f037049b-5cb0-4dec-9c7c-1fafe13327eb}

Error: (09/16/2014 04:10:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000410,(null),0,REG_BINARY,00000000015FDD40.72)0x80070005, Access is denied.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {4ccc5e63-0710-42d7-b809-1934a8b07176}

Error: (09/16/2014 04:10:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000bf0,(null),0,REG_BINARY,0000000005D2E080.72)0x80070005, Access is denied.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {a6834662-2b66-47a2-90b4-e3517941a11a}

Error: (09/16/2014 04:10:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001b0,(null),0,REG_BINARY,0000000002E0F2C0.72)0x80070005, Access is denied.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Writer Name: COM+ REGDB Writer
Writer Instance ID: {8687be70-b4af-43d2-a2b4-ec9d967b2430}

Error: (09/16/2014 04:10:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001a0,(null),0,REG_BINARY,0000000001C9E990.72)0x80070005, Access is denied.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Writer Name: Registry Writer
Writer Instance ID: {ff49f4b2-63d8-415d-82a0-f00dec8ab081}

Error: (09/16/2014 04:10:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000410,(null),0,REG_BINARY,00000000015FDD40.72)0x80070005, Access is denied.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {4ccc5e63-0710-42d7-b809-1934a8b07176}

Error: (09/16/2014 04:10:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000006ac,(null),0,REG_BINARY,0000000002AAE220.72)0x80070005, Access is denied.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {f037049b-5cb0-4dec-9c7c-1fafe13327eb}

Error: (09/16/2014 04:10:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000bf0,(null),0,REG_BINARY,0000000005D2E080.72)0x80070005, Access is denied.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {a6834662-2b66-47a2-90b4-e3517941a11a}


==================== Memory info ===========================

Processor: Intel® Pentium® CPU B960 @ 2.20GHz
Percentage of memory in use: 54%
Total physical RAM: 4043.86 MB
Available physical RAM: 1852.43 MB
Total Pagefile: 8085.9 MB
Available Pagefile: 5488.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (TI106321W0B) (Fixed) (Total:282.96 GB) (Free:138.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 010ED62A)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=283 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=17)

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:34 PM

Posted 21 September 2014 - 06:56 AM

() C:\Users\Michael\AppData\Local\Idle-#-Crawler\Idle-#-Crawler.exe


Refer to this page.
http://www.shouldiremoveit.com/The-Idle-Crawler-Updater-118927-program.aspx
p.s.
The Idle-Crawler Updater has been found to be bundled with 3rd party software. If you have not purposefully installed this, you should be safe uninstalling it.

I suggest you remove it as it may just be the cause of your problems with Chrome.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

In Windows 7 and 8.
Press the [Windows Icon + R] and enter "notepad" in the box to open Notepad

start

HKLM\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF SearchEngineOrder.1: Ask Search
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S4 LMIRfsClientNP; No ImagePath
S3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [X]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 L1C; system32\DRIVERS\L1C62x64.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]

end

Save the files as fixlist.txt in to the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

====

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Uncheck the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
====


How is the computer running now?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:34 PM

Posted 26 September 2014 - 08:07 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users