Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop as slow as molasses - could I have malware?


  • This topic is locked This topic is locked
28 replies to this topic

#1 tyl604

tyl604

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:04:09 AM

Posted 12 June 2015 - 04:53 PM

I recently installed another 2G of ram so I have 4G.  But the laptop is running so slowly that I am wondering what is going on.  After extensive help and tests via the "Could I have a Virus" section, no virus was found.  So Broni suggested that I post a new thread in the Windows forum.  After extensive work there Aura suggested that I go to the malware section and ask if I have malware, a trojan, etc. - then he wants me to come back to his Windows section.  Does anyone have an idea what could be causing my laptop to run so slowly?    

 

Appreciate your help.

 

Emachines laptop E627

4G Ram

160 G Hard drive with 53 G free

AMD Athlon 64 TF20 cpu

Running Windows 7

 

Here is the Frst.txt.  I did not get the addition.txt.  Also when I downloaded it, I only received a Run option; no option to save and then put the icon on the desktop.  

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Bleepingcomputer (administrator) on TYL604-PC on 12-06-2015 17:32:59
Running from C:\Users\Bleepingcomputer\Downloads
Loaded Profiles: Bleepingcomputer (Available Profiles: tyl604 & Bleepingcomputer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\n360.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Acer) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe
(RealVNC Ltd.) C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\HPLamp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\MdRes.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-04-14] (CANON INC.)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [HP Lamp] => C:\Program Files (x86)\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe [53248 2001-04-27] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-214847889-3071151494-2151588813-1003\...\Run: [zwohbrl] => regsvr32.exe /s "C:\Users\Bleepingcomputer\AppData\Local\Windows Live\zwohbrl.dll" <===== ATTENTION
HKU\S-1-5-21-214847889-3071151494-2151588813-1003\...\Run: [GoogleChromeAutoLaunch_A1F35B68CE3412899874ED07FE9322EB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-05] (Google Inc.)
HKU\S-1-5-21-214847889-3071151494-2151588813-1003\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [1905032 2015-04-28] (TomTom)
HKU\S-1-5-21-214847889-3071151494-2151588813-1003\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-214847889-3071151494-2151588813-1003\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-214847889-3071151494-2151588813-1003\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-214847889-3071151494-2151588813-1003\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-214847889-3071151494-2151588813-1003\...\MountPoints2: F - F:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-214847889-3071151494-2151588813-1003\...\MountPoints2: {77302512-90d2-11e1-b456-002622864709} - E:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-214847889-3071151494-2151588813-1003\...\MountPoints2: {77302557-90d2-11e1-b456-002622864709} - F:\VZAccess_Manager.exe /z detect
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2011-05-05] ()
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.7.0.11\buShell.dll [2015-03-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.7.0.11\buShell.dll [2015-03-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.7.0.11\buShell.dll [2015-03-06] (Symantec Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-214847889-3071151494-2151588813-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.1.0.18
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
HKU\S-1-5-21-214847889-3071151494-2151588813-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
HKU\S-1-5-21-214847889-3071151494-2151588813-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-214847889-3071151494-2151588813-1003 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-214847889-3071151494-2151588813-1003 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-214847889-3071151494-2151588813-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-05] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-05] (Oracle Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-02-17] (RealPlayer)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gateway.com/support/serialharvest/gwCID.CAB
DPF: HKLM-x32 {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} https://www.mesh.com/0.9.4014.21/TSWeb.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler: ipp - No CLSID Value
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-05] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-09-22] (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.2.72 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2012-02-17] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.2.72 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll [2012-02-17] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-02-17] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-02-17] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.2.72 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll [2012-02-17] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-01-23] (Zeon Corporation)
FF HKLM-x32\...\Firefox\Extensions: [i0ffxtbr@IObitBar.com] - C:\Program Files (x86)\IObitBar\toolbar\1.bin
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-02-17]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-06-09]
 
Chrome: 
=======
CHR Profile: C:\Users\Bleepingcomputer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Bleepingcomputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-23]
CHR Extension: (Google Docs) - C:\Users\Bleepingcomputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-23]
CHR Extension: (Google Drive) - C:\Users\Bleepingcomputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-23]
CHR Extension: (Rapport) - C:\Users\Bleepingcomputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2015-05-11]
CHR Extension: (YouTube) - C:\Users\Bleepingcomputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-23]
CHR Extension: (Google Cast) - C:\Users\Bleepingcomputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-05-27]
CHR Extension: (Google Search) - C:\Users\Bleepingcomputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-23]
CHR Extension: (Google Sheets) - C:\Users\Bleepingcomputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-23]
CHR Extension: (Bookmark Manager) - C:\Users\Bleepingcomputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-27]
CHR Extension: (Norton Identity Safe) - C:\Users\Bleepingcomputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-03-23]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Bleepingcomputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2015-03-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Bleepingcomputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-23]
CHR Extension: (Norton Safe) - C:\Users\Bleepingcomputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2015-03-23]
CHR Extension: (Google Wallet) - C:\Users\Bleepingcomputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-23]
CHR Extension: (Gmail) - C:\Users\Bleepingcomputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-23]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\Exts\Chrome.crx [2015-04-07]
CHR HKU\S-1-5-21-214847889-3071151494-2151588813-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-02-17]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\Exts\Chrome.crx [2015-04-07]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 DCMessages; C:\Windows\System32\DCMessages.exe [124808 2009-11-24] (Global Graphics Software Ltd)
R2 ePowerSvc; C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [844320 2009-09-30] (Acer Incorporated)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\N360.exe [265000 2015-03-26] (Symantec Corporation)
R2 NitroReaderDriverReadSpool; C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [341296 2010-06-07] (Nitro PDF Software)
R2 NWVZHelper; C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [270848 2010-06-14] (Novatel Wireless Inc.) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2222360 2015-05-28] (IBM Corp.)
R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [240160 2009-07-03] (Acer)
R2 VZWConfigService; C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe [218160 2012-04-16] (Novatel Wireless Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WinVNC4; C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe [439632 2008-10-15] (RealVNC Ltd.)
S2 IObitBarService; C:\PROGRA~2\IObitBar\toolbar\1.bin\i0barsvc.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl564.sys [2957312 2009-08-25] (Broadcom Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150602.001\BHDrvx64.sys [1640152 2015-05-21] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1507000.00B\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-05-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-05-27] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150612.001\IDSvia64.sys [684248 2015-05-29] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150612.004\ENG64.SYS [129752 2015-06-09] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150612.004\EX64.SYS [2137304 2015-06-09] (Symantec Corporation)
S3 NWUSBModem_001; C:\Windows\System32\DRIVERS\nwusbmdm_001.sys [217856 2012-05-03] (Novatel Wireless Inc.)
S3 NWUSBPort2_001; C:\Windows\System32\DRIVERS\nwusbser2_001.sys [217856 2012-05-03] (Novatel Wireless Inc.)
S3 NWUSBPort_001; C:\Windows\System32\DRIVERS\nwusbser_001.sys [217856 2012-05-03] (Novatel Wireless Inc.)
S3 nwvzwmbnet_001; C:\Windows\System32\DRIVERS\nwvzwmbnet_001.sys [334848 2012-05-03] (Novatel Wireless Inc.)
S3 OV550I; C:\Windows\System32\Drivers\ov550ivx.sys [196992 2008-02-22] (Omnivision Technologies, Inc.)
R1 RapportCerberus_1412108; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1412108.sys [910872 2015-06-03] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [484088 2015-05-28] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [121208 2015-05-28] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [375128 2015-05-28] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [479320 2015-05-28] (IBM Corp.)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-20] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-12 17:26 - 2015-06-12 17:26 - 02108928 _____ (Farbar) C:\Users\Bleepingcomputer\Downloads\FRST64.exe
2015-06-12 12:12 - 2015-06-12 12:12 - 07095656 _____ C:\Users\Bleepingcomputer\Desktop\TYL604-PC.arn
2015-06-12 12:04 - 2015-06-12 12:04 - 00593693 _____ C:\Users\Bleepingcomputer\Downloads\Autoruns (1).zip
2015-06-11 21:14 - 2015-06-11 21:14 - 00403456 _____ (Farbar) C:\Users\Bleepingcomputer\Downloads\MiniToolBox (4).exe
2015-06-10 22:21 - 2015-06-10 22:30 - 00000000 ____D C:\Users\Bleepingcomputer\Downloads\regscanner
2015-06-10 22:21 - 2015-06-10 22:21 - 00061714 _____ C:\Users\Bleepingcomputer\Downloads\regscanner.zip
2015-06-09 21:42 - 2015-06-09 22:42 - 00000000 ____D C:\ProgramData\BSD
2015-06-09 21:36 - 2015-06-12 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit
2015-06-09 21:36 - 2015-06-12 17:14 - 00000000 ____D C:\Program Files (x86)\TweakBit
2015-06-09 21:36 - 2015-06-09 21:40 - 00000000 ____D C:\ProgramData\TweakBit
2015-06-09 21:34 - 2015-06-09 21:34 - 00151240 _____ (TweakBit) C:\Users\Bleepingcomputer\Downloads\pc-speed-up-setup.exe
2015-06-09 19:34 - 2015-06-09 19:34 - 00000000 ____D C:\Users\Bleepingcomputer\AppData\Local\SecTaskMan
2015-06-09 19:34 - 2015-06-09 19:34 - 00000000 ____D C:\ProgramData\SecTaskMan
2015-06-09 15:42 - 2015-06-09 15:43 - 23308160 _____ (TomTom International B.V.) C:\Users\Bleepingcomputer\Downloads\InstallMyDriveConnect (1).exe
2015-06-09 14:12 - 2015-05-25 13:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-09 14:12 - 2015-05-08 23:27 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-09 14:12 - 2015-05-08 23:27 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-09 14:12 - 2015-05-08 23:27 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-09 14:12 - 2015-05-08 23:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-09 14:12 - 2015-05-08 23:26 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-09 14:12 - 2015-05-08 23:26 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-09 14:12 - 2015-05-08 23:26 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-09 14:12 - 2015-05-08 23:25 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-09 14:12 - 2015-05-08 23:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-09 14:12 - 2015-05-08 23:13 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-09 14:12 - 2015-05-08 23:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-09 14:12 - 2015-05-08 23:12 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-09 14:12 - 2015-05-08 23:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-09 14:12 - 2015-05-08 23:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 22:01 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-09 14:12 - 2015-05-08 22:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-09 14:12 - 2015-05-08 21:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 21:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-09 14:12 - 2015-05-08 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-09 14:12 - 2015-04-29 14:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-09 14:12 - 2015-04-29 14:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-09 14:12 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-09 14:12 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-09 14:12 - 2015-04-29 14:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-09 14:12 - 2015-04-29 14:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-09 14:12 - 2015-04-29 14:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-09 14:12 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-09 14:12 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-09 14:12 - 2015-04-29 14:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-09 14:12 - 2015-04-24 14:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-09 14:12 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-09 13:32 - 2015-06-09 13:32 - 00347816 _____ (Microsoft Corporation) C:\Users\Bleepingcomputer\Downloads\MicrosoftFixit.wu.Run.exe
2015-06-09 13:31 - 2015-06-09 13:31 - 02288520 _____ (Seven Servos Software Pvt Ltd. ) C:\Users\Bleepingcomputer\Downloads\TechUtilities (2).exe
2015-06-09 13:29 - 2015-06-09 13:29 - 02288520 _____ (Seven Servos Software Pvt Ltd. ) C:\Users\Bleepingcomputer\Downloads\TechUtilities (1).exe
2015-06-09 11:45 - 2015-06-11 08:40 - 00000454 _____ C:\Windows\Tasks\TechUtilities.job
2015-06-09 11:45 - 2015-06-09 11:45 - 00003208 _____ C:\Windows\System32\Tasks\TechUtilities
2015-06-09 11:45 - 2015-06-09 11:45 - 00000000 ____D C:\ProgramData\TechUtilities64
2015-06-09 11:43 - 2015-06-09 11:43 - 02288520 _____ (Seven Servos Software Pvt Ltd. ) C:\Users\Bleepingcomputer\Downloads\TechUtilities.exe
2015-06-09 11:21 - 2015-06-09 11:21 - 00302011 _____ C:\Users\Bleepingcomputer\Downloads\WindowsUpdateDiagnostic (2).diagcab
2015-06-09 11:20 - 2015-06-09 11:20 - 00302011 _____ C:\Users\Bleepingcomputer\Downloads\WindowsUpdateDiagnostic (1).diagcab
2015-06-09 11:11 - 2015-06-09 11:12 - 02442957 _____ C:\Users\Bleepingcomputer\Downloads\Windows6.1-KB3004394-v2-x64.msu
2015-06-08 19:05 - 2015-06-08 19:05 - 00002101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2015-06-08 19:05 - 2015-06-08 19:05 - 00000000 ____D C:\Program Files (x86)\Belarc
2015-06-08 19:03 - 2015-06-08 19:03 - 03946096 _____ C:\Users\Bleepingcomputer\Downloads\advisorinstaller (1).exe
2015-06-08 19:02 - 2015-06-08 19:03 - 03946096 _____ C:\Users\Bleepingcomputer\Downloads\advisorinstaller.exe
2015-06-08 18:47 - 2015-06-08 18:47 - 00302011 _____ C:\Users\Bleepingcomputer\Downloads\WindowsUpdateDiagnostic.diagcab
2015-06-07 09:35 - 2015-06-07 09:35 - 00403456 _____ (Farbar) C:\Users\Bleepingcomputer\Downloads\MiniToolBox (3).exe
2015-06-07 09:34 - 2015-06-12 12:06 - 00000000 ____D C:\Users\Bleepingcomputer\Desktop\Bleeping June 7 15
2015-06-05 20:10 - 2015-06-05 20:05 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-06-05 20:01 - 2015-06-05 20:01 - 43189344 _____ (Oracle Corporation) C:\Users\Bleepingcomputer\Downloads\jre-8u45-windows-x64.exe
2015-06-05 20:00 - 2015-06-05 20:00 - 37328992 _____ (Oracle Corporation) C:\Users\Bleepingcomputer\Downloads\jre-8u45-windows-i586.exe
2015-06-04 22:59 - 2015-06-04 22:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-06-04 22:59 - 2015-06-04 22:59 - 00000000 ____D C:\Program Files (x86)\Sophos
2015-06-04 22:55 - 2015-06-04 22:57 - 122080920 _____ (Sophos Limited) C:\Users\Bleepingcomputer\Downloads\Sophos Virus Removal Tool (2).exe
2015-06-04 22:42 - 2015-06-04 22:44 - 122080920 _____ (Sophos Limited) C:\Users\Bleepingcomputer\Downloads\Sophos Virus Removal Tool (1).exe
2015-06-04 22:36 - 2015-06-04 22:38 - 122080920 _____ (Sophos Limited) C:\Users\Bleepingcomputer\Downloads\Sophos Virus Removal Tool.exe
2015-06-04 22:09 - 2015-06-04 22:09 - 00000207 _____ C:\Windows\tweaking.com-regbackup-TYL604-PC-Windows-7-Home-Premium-(64-bit).dat
2015-06-04 22:05 - 2015-06-04 22:06 - 02942610 _____ (Thisisu) C:\Users\Bleepingcomputer\Downloads\JRT (1).exe
2015-06-04 21:20 - 2015-06-04 21:21 - 02231296 _____ C:\Users\Bleepingcomputer\Downloads\adwcleaner_4.206.exe
2015-06-04 21:09 - 2015-06-04 21:09 - 00448512 _____ (OldTimer Tools) C:\Users\Bleepingcomputer\Downloads\TFC (1).exe
2015-06-04 15:18 - 2015-06-09 14:52 - 00000224 _____ C:\Windows\setupact.log
2015-06-04 15:18 - 2015-06-04 15:18 - 00000000 _____ C:\Windows\setuperr.log
2015-06-04 09:59 - 2015-06-04 09:59 - 00403456 _____ (Farbar) C:\Users\Bleepingcomputer\Downloads\MiniToolBox (2).exe
2015-06-04 09:24 - 2015-06-04 09:24 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Bleepingcomputer\Downloads\rkill (1).exe
2015-06-03 23:50 - 2015-06-03 23:50 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Bleepingcomputer\Downloads\mbar-1.09.1.1004 (1).exe
2015-06-03 23:48 - 2015-06-03 23:48 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Bleepingcomputer\Downloads\mbar-1.09.1.1004.exe
2015-06-03 23:45 - 2015-05-28 15:16 - 00121208 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys
2015-06-03 22:33 - 2015-06-03 22:33 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Bleepingcomputer\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-03 22:29 - 2015-06-03 22:29 - 00403456 _____ (Farbar) C:\Users\Bleepingcomputer\Downloads\MiniToolBox (1).exe
2015-06-03 22:27 - 2015-06-03 22:27 - 00415232 _____ (Farbar) C:\Users\Bleepingcomputer\Downloads\FSS (1).exe
2015-06-03 22:17 - 2015-06-03 22:18 - 00852639 _____ C:\Users\Bleepingcomputer\Downloads\SecurityCheck (1).exe
2015-06-03 22:12 - 2015-06-05 12:35 - 00000000 ____D C:\Users\Bleepingcomputer\Desktop\Bleeping Jun 3 15
2015-05-26 19:06 - 2015-05-26 19:07 - 23308160 _____ (TomTom International B.V.) C:\Users\Bleepingcomputer\Downloads\InstallMyDriveConnect.exe
2015-05-14 09:06 - 2015-05-14 09:07 - 00000000 ____D C:\1bea764760c0f4de6904d10b
2015-05-14 08:42 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 08:42 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 14:24 - 2015-05-04 21:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 14:24 - 2015-05-04 21:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 14:24 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 14:24 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 14:24 - 2015-04-03 23:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 14:24 - 2015-04-03 23:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 14:24 - 2015-04-03 23:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 14:24 - 2015-04-03 23:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 14:24 - 2015-04-03 23:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 14:24 - 2015-04-03 23:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 14:24 - 2015-04-03 23:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 14:24 - 2015-04-03 23:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 14:24 - 2015-04-03 23:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 14:24 - 2015-04-03 23:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 14:24 - 2015-04-03 23:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 14:24 - 2015-04-03 23:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 14:24 - 2015-04-03 23:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 14:24 - 2015-04-03 23:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 14:24 - 2015-04-03 23:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 14:24 - 2015-04-03 23:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 14:24 - 2015-04-03 23:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 14:24 - 2015-04-03 23:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 14:24 - 2015-04-03 23:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 14:24 - 2015-04-03 23:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 14:24 - 2015-04-03 23:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 14:24 - 2015-04-03 23:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 14:24 - 2015-04-03 23:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 14:24 - 2015-04-03 23:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 14:24 - 2015-04-03 23:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 14:24 - 2015-04-03 23:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 14:24 - 2015-04-03 23:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 14:24 - 2015-04-03 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 14:24 - 2015-04-03 22:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 14:23 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 14:23 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 14:23 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 14:23 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 14:23 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 14:23 - 2015-04-07 23:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 14:23 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 14:22 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 14:22 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-12 17:33 - 2014-07-30 19:53 - 00000000 ____D C:\FRST
2015-06-12 17:32 - 2014-08-05 11:19 - 00026236 _____ C:\Users\Bleepingcomputer\Downloads\FRST.txt
2015-06-12 17:13 - 2015-03-23 12:58 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-12 17:06 - 2012-04-03 22:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-12 17:06 - 2009-07-14 01:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-12 12:11 - 2015-03-23 12:57 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-11 21:15 - 2014-01-09 22:36 - 00013575 _____ C:\Users\Bleepingcomputer\Downloads\Result.txt
2015-06-11 08:55 - 2013-12-16 07:51 - 00336684 _____ C:\Windows\IE11_main.log
2015-06-11 08:55 - 2009-12-08 15:52 - 01681406 _____ C:\Windows\WindowsUpdate.log
2015-06-11 08:49 - 2009-07-13 22:34 - 00000598 _____ C:\Windows\win.ini
2015-06-09 19:27 - 2015-03-05 17:27 - 00000000 ____D C:\Users\Bleepingcomputer\Desktop\T&T
2015-06-09 19:07 - 2012-04-03 22:58 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-09 19:06 - 2012-04-03 22:58 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-09 19:06 - 2011-05-16 10:30 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-09 15:44 - 2013-12-30 11:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2015-06-09 15:44 - 2013-12-30 11:10 - 00000000 ____D C:\Program Files (x86)\MyDrive Connect
2015-06-09 15:18 - 2011-06-02 16:50 - 00000000 ____D C:\Users\Bleepingcomputer\AppData\Roaming\Nitro PDF
2015-06-09 15:01 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-09 15:01 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-09 15:00 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-09 14:52 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-09 14:52 - 2009-07-14 00:45 - 00336312 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-09 14:44 - 2009-11-05 14:31 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-09 14:14 - 2013-08-02 07:25 - 00000000 ____D C:\Windows\system32\MRT
2015-06-09 14:14 - 2009-12-26 23:03 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-09 13:20 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-06-09 09:24 - 2015-05-12 19:59 - 00000000 ____D C:\Program Files (x86)\SlimCleaner
2015-06-09 09:21 - 2010-11-23 10:08 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-09 09:03 - 2009-11-05 14:48 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-07 19:53 - 2013-01-04 23:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2015-06-07 15:16 - 2011-06-27 15:02 - 00000000 ____D C:\Users\Bleepingcomputer\AppData\Local\CrashDumps
2015-06-06 17:48 - 2011-07-04 13:19 - 00773494 _____ C:\Windows\PFRO.log
2015-06-05 20:11 - 2010-12-27 00:24 - 00000000 ____D C:\Program Files\Java
2015-06-05 20:04 - 2014-01-12 17:42 - 00000000 ____D C:\ProgramData\Oracle
2015-06-04 23:01 - 2014-08-05 11:36 - 00000000 ____D C:\ProgramData\Sophos
2015-06-04 21:31 - 2014-01-05 13:09 - 00000000 ____D C:\AdwCleaner
2015-06-04 15:20 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-04 09:18 - 2014-01-10 08:02 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-04 08:52 - 2014-01-10 08:09 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-03 23:54 - 2014-05-15 15:17 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-03 22:34 - 2014-05-15 15:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-03 22:28 - 2014-06-24 15:31 - 00002648 _____ C:\Users\Bleepingcomputer\Downloads\FSS.txt
2015-05-28 15:16 - 2014-03-09 08:17 - 00375128 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
2015-05-19 08:56 - 2009-07-14 03:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-15 09:08 - 2015-03-23 12:58 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-15 09:08 - 2015-03-23 12:57 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-15 09:00 - 2013-03-18 07:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-15 09:00 - 2013-03-18 07:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 08:40 - 2013-03-18 07:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 22:04 - 2011-05-17 10:01 - 00000000 ____D C:\Users\Bleepingcomputer\Desktop\Resumes
 
==================== Files in the root of some directories =======
 
2011-12-26 12:22 - 2014-12-03 10:58 - 14147584 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe
2012-05-24 20:16 - 2012-05-24 20:16 - 0000194 _____ () C:\Users\Bleepingcomputer\AppData\Roaming\wklnhst.dat
2013-01-13 23:58 - 2013-01-14 00:25 - 0130903 _____ () C:\Users\Bleepingcomputer\AppData\Local\ars.cache
2013-01-14 00:00 - 2013-01-14 00:25 - 0965127 _____ () C:\Users\Bleepingcomputer\AppData\Local\census.cache
2013-01-13 23:44 - 2013-01-13 23:44 - 0000036 _____ () C:\Users\Bleepingcomputer\AppData\Local\housecall.guid.cache
2013-02-06 10:22 - 2014-01-17 20:08 - 0007605 _____ () C:\Users\Bleepingcomputer\AppData\Local\Resmon.ResmonCfg
2011-09-17 17:41 - 2011-09-17 17:41 - 0000000 _____ () C:\Users\Bleepingcomputer\AppData\Local\{2F563359-B601-45C0-B5CB-BEF85FE791D2}
2012-11-01 21:26 - 2012-11-26 22:58 - 0001940 _____ () C:\Users\Bleepingcomputer\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2011-09-18 20:21 - 2011-09-18 20:21 - 0000000 _____ () C:\Users\Bleepingcomputer\AppData\Local\{E9E5E002-29D3-465F-BDFC-3F7DB3F75D26}
 
Some files in TEMP:
====================
C:\Users\Bleepingcomputer\AppData\Local\Temp\driver-updater-setup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-24 14:24
 
==================== End of log ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:09 AM

Posted 16 June 2015 - 08:00 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-214847889-3071151494-2151588813-1003\...\Run: [zwohbrl] => regsvr32.exe /s "C:\Users\Bleepingcomputer\AppData\Local\Windows Live\zwohbrl.dll" <===== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-214847889-3071151494-2151588813-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-214847889-3071151494-2151588813-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll No File
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll No File
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF HKLM-x32\...\Firefox\Extensions: [i0ffxtbr@IObitBar.com] - C:\Program Files (x86)\IObitBar\toolbar\1.bin
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-214847889-3071151494-2151588813-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
S2 IObitBarService; C:\PROGRA~2\IObitBar\toolbar\1.bin\i0barsvc.exe [X]
C:\Users\Bleepingcomputer\AppData\Local\Windows Live\zwohbrl.dll
C:\Users\Bleepingcomputer\AppData\Local\Temp\driver-updater-setup.exe

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#3 tyl604

tyl604
  • Topic Starter

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:04:09 AM

Posted 17 June 2015 - 10:00 AM

It is below.  I will try out the computer for speed tonight.  Thanks for the help.  Also the other section suggested that I uninstall Rapport.exe.  I did that and now I see that it is back when I look at use of resources in Task Manager; however, I cannot find it to uninstall again in the Windows uninstall program.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Bleepingcomputer at 2015-06-17 10:50:09 Run:2
Running from C:\Users\Bleepingcomputer\Downloads
Loaded Profiles: Bleepingcomputer (Available Profiles: tyl604 & Bleepingcomputer)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
EmptyTemp:
CloseProcesses:
 
HKU\S-1-5-21-214847889-3071151494-2151588813-1003\...\Run: [zwohbrl] => regsvr32.exe /s "C:\Users\Bleepingcomputer\AppData\Local\Windows Live\zwohbrl.dll" <===== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-214847889-3071151494-2151588813-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-214847889-3071151494-2151588813-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll No File
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll No File
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF HKLM-x32\...\Firefox\Extensions: [i0ffxtbr@IObitBar.com] - C:\Program Files (x86)\IObitBar\toolbar\1.bin
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-214847889-3071151494-2151588813-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
S2 IObitBarService; C:\PROGRA~2\IObitBar\toolbar\1.bin\i0barsvc.exe [X]
C:\Users\Bleepingcomputer\AppData\Local\Windows Live\zwohbrl.dll
C:\Users\Bleepingcomputer\AppData\Local\Temp\driver-updater-setup.exe
 
End
*****************
 
Processes closed successfully.
HKU\S-1-5-21-214847889-3071151494-2151588813-1003\Software\Microsoft\Windows\CurrentVersion\Run\\zwohbrl => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-214847889-3071151494-2151588813-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-214847889-3071151494-2151588813-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95D9ECF5-2A4D-4550-BE49-70D42F71296E}" => key removed successfully
"HKCR\CLSID\{95D9ECF5-2A4D-4550-BE49-70D42F71296E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} => value removed successfully
"HKCR\CLSID\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5}" => key removed successfully
"HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.45.2" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@lastpass.com/NPLastPass" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\i0ffxtbr@IObitBar.com => value removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
"HKU\S-1-5-21-214847889-3071151494-2151588813-1003\SOFTWARE\Google\Chrome\Extensions\bbjllphbppobebmjpjcijfbakobcheof" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
IObitBarService => Service removed successfully
"C:\Users\Bleepingcomputer\AppData\Local\Windows Live\zwohbrl.dll" => File/Folder not found.
C:\Users\Bleepingcomputer\AppData\Local\Temp\driver-updater-setup.exe => moved successfully.
EmptyTemp: => 675.2 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 10:50:46 ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:09 AM

Posted 17 June 2015 - 01:17 PM

Also the other section suggested that I uninstall Rapport.exe. I did that and now I see that it is back when I look at use of resources in Task Manager; however, I cannot find it to uninstall again in the Windows uninstall program.


I do not see any references to Rapport.exe on your topic.

Please post the addition.txt file that was created when you have executed the Farbar tool.

Will take it from there.

#5 tyl604

tyl604
  • Topic Starter

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:04:09 AM

Posted 17 June 2015 - 03:27 PM

The addition.txt file never appeared.  I had some problem downloading the program and finally got it to run but never received the addition.txt file.

 

The Rapport.exe reference was in the Do I have a virus section.  They suggested I delete it and see if the laptop ran any quicker.  I deleted it but it still shows up taking CPU space per Task Manager.  I tried to delete it again with the Windows uninstall program but it does not appear there.

 

Just checked - I was working with the Windows 7 section - not the virus section -  when they made the suggestion to remove Rapport.  Cannot find Trusteer or Rapport but Rapport is still working per Task manager.  Seems like it is making me run slower.


Edited by tyl604, 17 June 2015 - 06:11 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:09 AM

Posted 18 June 2015 - 06:54 AM

How did you remove theTrusteer Rapport?

I still see these registry entries on your log.
 

R1 RapportCerberus_1412108; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1412108.sys [910872 2015-06-03] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [484088 2015-05-28] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [121208 2015-05-28] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [375128 2015-05-28] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [479320 2015-05-28] (IBM Corp.)


===

Your default browser is Chrome let set the default settings.

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.

====

If the problem persists run this tool.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

How is the computer running now?

#7 tyl604

tyl604
  • Topic Starter

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:04:09 AM

Posted 18 June 2015 - 11:37 AM

I have been using the laptop most of the night and I do believe that it is running a bit faster now.  Need some more time to be sure.

 

Results:

 

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Bleepingcomputer on Thu 06/18/2015 at 10:04:21.38.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Bleepingcomputer\Downloads\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
6/18/2015 10:08:39 AM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\Amazon deleted successfully
C:\PROGRA~2\Global Graphics deleted successfully
C:\PROGRA~2\Java deleted successfully
C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\TweakBit deleted successfully
C:\PROGRA~2\Yahoo! deleted successfully
C:\Program Files\Google deleted successfully
C:\Program Files\Symantec deleted successfully
C:\PROGRA~3\Canon IJ Network Tool deleted successfully
C:\PROGRA~3\CanonEPP deleted successfully
C:\PROGRA~3\CanonIJEPPEX2 deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\Users\Bleepingcomputer\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\tyl604\AppData\Roaming\AdobeUM deleted successfully
C:\Users\tyl604\AppData\Roaming\Astroburn Lite deleted successfully
C:\Users\tyl604\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1 deleted successfully
C:\Users\tyl604\AppData\Roaming\Secunia CSI deleted successfully
C:\Users\Bleepingcomputer\AppData\Local\SecTaskMan deleted successfully
C:\Users\tyl604\AppData\Local\Safe mirror deleted successfully
C:\Users\tyl604\AppData\Local\Secunia PSI deleted successfully
C:\Users\tyl604\AppData\Local\{5E9270C5-8180-4309-A32D-36146E902C80} deleted successfully
C:\Users\tyl604\AppData\Local\{AD1CC380-80D7-400C-AE21-3844DE589487} deleted successfully
C:\Users\tyl604\AppData\Local\{CFE3977F-E385-4715-8857-005F99498358} deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\Amazon not found
C:\PROGRA~2\Global Graphics not found
C:\PROGRA~2\Java not found
C:\PROGRA~2\TweakBit not found
C:\PROGRA~2\Yahoo! not found
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\Users\tyl604\AppData\Roaming\Yahoo! deleted
C:\PROGRA~3\BSD deleted
C:\Users\tyl604\AppData\Local\Price Check by AOL deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScreenSavers deleted
C:\Users\tyl604\AppData\LocalLow\IObitBar deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
"C:\Users\Bleepingcomputer\AppData\Local\{2F563359-B601-45C0-B5CB-BEF85FE791D2}" deleted
"C:\Users\Bleepingcomputer\AppData\Local\{E9E5E002-29D3-465F-BDFC-3F7DB3F75D26}" deleted
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn" [06/17/2015 10:53 AM]
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\BLEEPI~1\AppData\Roaming\TomTom\HOME\Profiles\us4p4en0.default
- Undetermined - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- Undetermined - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com
 
==== Firefox Plugins ======================
 
 
==== Chromium Look ======================
 
Google Chrome Version: 43.0.2357.124
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
iikflkcanblccfahdhdonehdalibjnif - No path found[]
jfmjfhklogoienhpfnppmbcbjfjnkonk - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx[02/17/2012 10:06 PM]
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\Exts\Chrome.crx[03/05/2015 04:45 AM]
 
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
bbjllphbppobebmjpjcijfbakobcheof - No path found[]
 
Google Cast - Bleepingcomputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd
Norton Identity Safe - Bleepingcomputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif
RealPlayer HTML5Video Downloader Extension - Bleepingcomputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk
Chrome Hotword Shared Module - Bleepingcomputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Norton Safe Search as default for Chrome - Bleepingcomputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl
 
==== Chromium Startpages ======================
 
C:\Users\Bleepingcomputer\AppData\Local\Google\Chrome\User Data\Default\Preferences
25651172084","lastpingday":"13079084406579000","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast, searchable email with less spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"google":{"services":{"last_username":"tyl604@aol.com","username":"tyl604@aol.com"}},"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"61094353A3D94D8A1EA601B65333649FFF68BD5616264A68CE2737C29DD66B55"},"default_search_provider":{"keyword":"DE41F0DA2A5D9459B24D30C7F3219C69597244F0B50F571C8CCE81B078CBDCE9","name":"B6007DA1F361691EEA07F137B9FA53CEEFAB25637F9DA3D88D4A7D64570851AD","search_url":"4CA4CDB5EC222699D71C6E1FDBFE3380FEC61C420C6C66093ECACB61E8C2FCD2"},"default_search_provider_data":{"template_url_data":"6308C0771D5B38AB19BFBD2A17A56AD954ED8A7E8A3545684ADFD60454692915"},"extensions":{"settings":{"aapocclcgogkmnckokdopfmhonfmgoek":"B5613AEC73135F3450B14D601A9EFA0962E6801E7CF5AA46204C909F6C394296","ahfgeienlihckogmohjhadlkjgocpleb":"82F9E96AE3B140BA8B6DB110DC9DCC05B92AA1873CB56029FCF93FAB0C60029C","aohghmighlieiainnegkcijnfilokake":"28B06DFC8B49B4B22CE1D6A2FCC5E647C1551CDD37A9F8D1851BA168B955D42A","apdfllckaahabafndbhieahigkjlhalf":"B216CC2D57177BBA67F4D4A7F110FA14840648D6A887017B8D2DF37CB01C1996","bepbmhgboaologfdajaanbcjmnhjmhfn":"A94FC0F1D4E50BD6F1FEDCCC52489CE01F2EB17F724EBFE74D85C6EE5D3061D0","blpcfgokakmgnkcojhhkbfbldkacnbeo":"FAC3620D384B821F3C2C9FFC8C5DAD3D8B0CF1C3E03D5D7A8BB9EBE4F928C439","boadgeojelhgndaghljhdicfkmllpafd":"9B4936AE546FF812EB64FB76702891633273AD3DC36138C6061DFC832528EEB5","coobgpohoikkiipiblmjeljniedjpjpf":"D8D11F30D8F2100961D8DB580A0DF3DC3B3E1FFBB21EFCC13602318DAE284D2E","eemcgdkfndhakfknompkggombfjjjeno":"1DE0D6CCFD27D806FADFC8F7CD6FE302D554EA95BC7B5F6F1646B8AEF9DA6C88","ennkphjdgehloodpbhlhldgbnhmacadg":"105A66C1CAF381C65530F0A9D4A5B38D92230022B02BD598B5840FA65AADBCD3","felcaaldnbdncclmgdcncolpebgiejap":"14A9E2F7010E327C27EC7188A6B5E632360D9DD90C5A23E1C506679E05BBA395","gfdkimpbcpahaombhbimeihdjnejgicl":"271E8F875D9FFF3457158C47BEA4D4C0450BDB32A2686987BCB41ACF39FC04C8","iikflkcanblccfahdhdonehdalibjnif":"71831D73BEDAC367511A29BCA01517D5094EFAEB0B54785D468D95DD408ABE73","jfmjfhklogoienhpfnppmbcbjfjnkonk":"D961740F2F193168D22DE344BFEC38E25FD8808430E09FD2A61EA2BE49855EEC","kmendfapggjehodndflmmgagdbamhnfd":"9E0773BE337354FA60ED93CBB0813220F7CE74FC9E8C1E0D52CDD5BE73788892","lccekmodgklaepjeofjdjpbminllajkg":"CF6309BA8F8B76C433B54174EE04ABF7928948F73963146828DCCA1D04E134E4","mfehgcgbbipciphmccgaenjidiccnmng":"480C07858D3C23F46D8F11315216A01D66C6E6380D8A70BBA23021BDE9FF4A93","mfffpogegjflfpflabcdkioaeobkgjik":"5CC9530948D0E0D8E1C57889529F7857FD9C455D4E9337771D8505F672EC2230","mgndgikekgjfcpckkfioiadnlibdjbkf":"DC0077C19250F46EBCE0548B3F9582C58DFE5ECA9299DA31A4C215D71667B565","mhjfbmdgcfjbbpaeojofohoefgiehjai":"95F02302F7FBD379E630D364DADF232BB82B77A485EC6A0190BB0EC6589FD071","mkfokfffehpeedafpekjeddnmnjhmcmk":"660D69F917BE79DD62C7166E120DCD65858FFF3D21DD1D3F424A48DE62A02249","mmgkbcihahpocjmclehpjejmgjmijcib":"C889D12A5396B737CD79C95A9D860FEA133284172C99AFA799E3304B764596B8","nbpagnldghgfoolbancepceaanlmhfmd":"6FFBC551662B1AD1390327A16E7E163BA4D35B48EA8C12AC4B769DADAA7ED4F9","neajdppkdcdipfabeoofebfddakdcjhd":"A695E629DF7D0380CD2E34D7CF4A5C68BDC27CF60C0956DEBAEAAAC5945DC4DA","nkeimhogjdpnpccoofpliimaahmaaome":"945A6C5256F0805C0DBD6AE5ABD0C6E2C16FE73B886C2BFDD65A44913960F4F2","nmgcfemagnogdodbambjhdcmfcpicngl":"846E7516CA420C36307F53886101B1DB2C5CDCEDE71F023E81192CD8B17A264F","nmmhkkegccagdldgiimedpiccmgmieda":"82DEE6AE0338AFC9CB8DA6BCC4E59F8133EAB2F345153033C6A1D352D11D5FA0","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"58F27A24A6BCDF858F68C5EBEE0582A2898CCCF8B0C31021871295E0422453E9","pjkljhegncpnkpknbcohdijeoejaedia":"5D83F0972A981DC3E55585E12E2BE6B5BE2892632362FDCC43D9E24A952A8267"}},"google":{"services":{"last_username":"9B4750E0A6BC58A28BD9715A15A0FCE52A8156E7699A08CCFB4DD746444CB780","username":"04BC9F996E307084B08BFF533DE8894EB04D19969B4E8E8E2BCD8A5710F208DE"}},"homepage":"F54F7F9DBB6113C39DE7CEABD5CBAA1B810A5EF557A4FE4F6DA254B8C80FB180","homepage_is_newtabpage":"AC86A5CF24127BB31D066B3A9C41377581431A0B0B592C1CF3FD649E40324085","pinned_tabs":"88C45B6E07005DCC87421F8C50BE8DEB98807DCE24A61B8F2691C9F251962221","prefs":{"preference_reset_time":"FF0ECC12CBFB096967EA6486D1E6382892B877AE6CE0BD5BA1BE2DAF90B7F1F2"},"profile":{"reset_prompt_memento":"900D50D56D9FB94306FB30B1AB50E2C8D8784660FA956DE66B928100EAA13457"},"safebrowsing":{"incidents_sent":"48D1E0C35A349279B2D42254B6F912305C063B72EE15715D588FCB564A7CF7A4"},"search_provider_overrides":"A3D38162DEA56CAF93451E13BEB5AA13116920698780CB10F9F8F25F30F84168","session":{"restore_on_startup":"B6290228F519B3C8EBA9B2271EEF708F042D962A7BB6041601E7F7E338201EAC","startup_urls":"B4CD5BC6C5BBA5EF8118AF5F51420DDFE4125C57FAA50F7CFF83CE94A894A820"},"software_reporter":{"prompt_reason":"87E39FE8BDD74593F18A290C4117DE679304D144ECD5882ABB6C29950D999EED","prompt_seed":"A3DAED86EAD4BF2CD3A5EA29E6CA6C80402B1521BBE8684B57757BDACB0B488B","prompt_version":"75794ACB190968A6AB1BB4D8790D7C7C3C46256A18948846AAA9B2463CCD7F23"},"sync":{"remaining_rollback_tries":"CB326A88F263449DF0177D0BE7EB6CEE9CC487A6F946B930A94D93378C0E0E44"}},"super_mac":"5F01103E81F1DFE401386A5D073FAD06F68134527A8E773ACEE1C43AA5F19190"},"sync":{"remaining_rollback_tries":0}}
 
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.aol.com/"
"Old Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.aol.com/"
"Old Start Page"="http://www.aol.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{67A2568C-7A0A-4EED-AECC-B5405DE63B64}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google  Url="https://www.google.com/search?q={searchTerms}"
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-214847889-3071151494-2151588813-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE} deleted successfully
HKEY_USERS\S-1-5-21-214847889-3071151494-2151588813-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Policies\Chromium deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Bleepingcomputer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Bleepingcomputer\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=35 folders=15 130245 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Bleepingcomputer\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\tyl604\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\BLEEPI~1\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Thu 06/18/2015 at 12:30:30.64 ======================

Edited by tyl604, 18 June 2015 - 08:48 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:09 AM

Posted 19 June 2015 - 07:46 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 tyl604

tyl604
  • Topic Starter

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:04:09 AM

Posted 21 June 2015 - 08:46 AM

Well, it still is extremely slow.  I am not seeing Rapport anymore (not sure why) but it just took three minutes for AOL to open in Chrome.  Not sure what to do now.  For example should I change the Start settings so that Adobe does not open up and run all the time in the background?  Could things like that make this laptop so slow?   



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:09 AM

Posted 21 June 2015 - 11:04 AM

Try this.

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/


<<<>>>

#11 tyl604

tyl604
  • Topic Starter

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:04:09 AM

Posted 21 June 2015 - 05:51 PM

Well, I saved the bookmarks.  But unable to uninstall because it keeps thinking I have a Chrome window open.   Have tried several times and it tells me to "close all Chrome windows and try again"  but I cannot see that I have anything open at all - verified by looking at Task Manager which shows no applications open.   Not sure what to do.  I will try Revouninstaller and see if it can remove Chrome.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:09 AM

Posted 22 June 2015 - 07:08 AM

Download and run this tool from Chrome.
Software removal tool
https://www.google.com/chrome/srt/

===

If that fails try this download and run the tool.

http://www.bleepingcomputer.com/download/revo-uninstaller/

See if you can remove Chrome completely.

#13 tyl604

tyl604
  • Topic Starter

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:04:09 AM

Posted 22 June 2015 - 08:11 AM

I downloaded first program and ran it; it did not find any program that interfered with Chrome.  Then I downloaded Revouninstaller and removed Chrome.  It looks like Chrome is gone although I still have a Chromecast icon on the desktop.  I looked in the Windows uninstall program for Chrome and it is no longer there.  And I restarted the laptop per Revouninstaller so all the remaining Chrome items would be deleted.

 

So it looks like Chrome is gone.  I had earlier downloaded a program to install 64bit Chrome so I will find it and install Chrome again.  When I (perhaps imperfectly) uninstalled Chrome a day or so ago and then reinstalled it, I found that all my bookmarks were still there.  So I am not sure that Chrome was completely uninstalled that time.  This time I will be interested to see if the bookmarks appear again magically when I reinstall Chrome.  I  saved the bookmarks as suggested as a HTML file but I would assume that it is necessary to access this file and send it back to Chrome for the bookmarks to come back.   If the bookmarks are still there today with nothing done with the HTML file, I will question again whether I properly uninstalled Chrome this time.

 

Trying now.



#14 tyl604

tyl604
  • Topic Starter

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:04:09 AM

Posted 22 June 2015 - 08:15 AM

Well, I dunno.  I reinstalled Chrome and it magically remembered all the places I had visited and the bookmarks were there.  Not sure whether I did it correctly but I will try the laptop later to see if it runs any faster.



#15 tyl604

tyl604
  • Topic Starter

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:04:09 AM

Posted 24 June 2015 - 09:45 AM

Does not seem to be running faster.  Any suggestions about what to do now?

 

Thanks for your help.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users