Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer crashing frequently, internet intermittent, programs sometimes fail


  • This topic is locked This topic is locked
13 replies to this topic

#1 morning_wonder

morning_wonder

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 07 August 2015 - 09:22 PM

my computer has been crashing frequently for some time (weeks; months?). whenever i do a virus scan, it almost inevitably crashes. i get the "blue screen" sometimes with various virus-sounding attributions. after a recent crash, a new screen appeared saying one of my discs was corrupted, but i started windows normally. today, there has been a yellow triangle with a (!) symbol in my system tray that says such-and-such.exe is not working and to run a dskchk on "volume C:". please help!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-08-2015
Ran by Miranda (administrator) on MIRANDA-PC (07-08-2015 19:10:07)
Running from C:\Users\Miranda\Downloads
Loaded Profiles: Miranda (Available Profiles: Miranda)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Realtek Semiconductor) C:\Windows\RTKAUDIOSERVICE.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Giraffic) C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Sony Corporation) C:\Program Files\Sony\ISB Utility\ISBMgr.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
(Visicom Media Inc.) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Veoh Networks) C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Crossrider) C:\Program Files\CrossriderWebApps\Crossrider.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\Miranda\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Google Inc.) C:\Users\Miranda\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Miranda\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Miranda\AppData\Local\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe
(Google Inc.) C:\Users\Miranda\AppData\Local\Google\Chrome\Application\chrome.exe
(Giraffic) C:\Program Files\Giraffic\Veoh_Giraffic.exe
(Google Inc.) C:\Users\Miranda\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Miranda\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Miranda\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Miranda\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Miranda\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Miranda\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [VAIOSurvey] => C:\Program Files\Sony\VAIO Survey\VAIO Sat Survey.exe [385024 2008-07-25] ()
HKLM\...\Run: [VAIOMyMemCenter] => C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe [679936 2008-02-29] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [835584 2007-03-09] (Synaptics, Inc.)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2008-07-02] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6295552 2008-07-02] (Realtek Semiconductor)
HKLM\...\Run: [ISBMgr.exe] => C:\Program Files\Sony\ISB Utility\ISBMgr.exe [317280 2008-04-03] (Sony Corporation)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263512 2012-11-29] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [40184 2015-02-26] (Panda Security, S.L.)
HKLM\...\Run: [Panda Security URL Filtering] => C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe [304952 2014-09-19] (Visicom Media Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus DirectShow Filters\DirectShowDemuxFilter.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus DirectShow Filters\DirectShowDemuxFilter.dll",DllRegisterServer
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll [2008-07-15] (Sony Corporation)
HKU\S-1-5-21-1478632700-464051546-2103095695-1000\...\Run: [VeohPlugin] => C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [4686848 2013-03-24] (Veoh Networks)
HKU\S-1-5-21-1478632700-464051546-2103095695-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation)
HKU\S-1-5-21-1478632700-464051546-2103095695-1000\...\Run: [Google Update] => C:\Users\Miranda\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-23] (Google Inc.)
HKU\S-1-5-21-1478632700-464051546-2103095695-1000\...\Run: [CrossRiderPlugin] => C:\Program Files\CrossriderWebApps\Crossrider.exe [478720 2011-05-15] (Crossrider)
HKU\S-1-5-21-1478632700-464051546-2103095695-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1478632700-464051546-2103095695-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-09-26] (Google Inc.)
HKU\S-1-5-21-1478632700-464051546-2103095695-1000\...\Run: [uTorrent] => C:\Users\Miranda\AppData\Roaming\uTorrent\uTorrent.exe [1693024 2015-08-03] (BitTorrent Inc.)
HKU\S-1-5-21-1478632700-464051546-2103095695-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [2895552 2015-07-23] (Valve Corporation)
HKU\S-1-5-21-1478632700-464051546-2103095695-1000\...\Run: [Dropbox Update] => C:\Users\Miranda\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-20] (Dropbox, Inc.)
HKU\S-1-5-21-1478632700-464051546-2103095695-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-18\...\RunOnce: [panda2_0dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f
HKU\S-1-5-18\...\RunOnce: [panda2_0dn_XP] => reg.exe delete "HKCU\Software\panda2_0dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_0dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_0dn_XP] => reg.exe delete "HKCU\Software\panda4_0dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_1dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_1dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_1dn_XP] => reg.exe delete "HKCU\Software\panda4_1dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_1dn_DATA_FOLDER] => cmd.exe /c rmdir "C:\ProgramData\Panda Security URL Filtering" /s /q
HKU\S-1-5-18\...\RunOnce: [panda4_1dn_INSTALL_FOLDER] => cmd.exe /c rmdir "C:\Windows\system32\config\systemprofile\AppData\Local\panda4_1dn" /s /q
HKU\S-1-5-18\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
HKU\S-1-5-18\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AOLDDI.LNK [2011-03-06]
ShortcutTarget: AOLDDI.LNK -> C:\DDI\AOLICON.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-03-06]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Miranda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-31]
ShortcutTarget: Dropbox.lnk -> C:\Users\Miranda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Miranda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk [2015-07-02]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Miranda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2012-04-15]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Miranda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2011-03-15]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Miranda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Miranda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Miranda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [Panda Malware Icon] -> {F5D1CF73-C196-48F8-AAAC-B9181E22B4E6} => C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL No File
ShellIconOverlayIdentifiers: [Panda Suspect Icon] -> {9AE343CB-BA45-4618-AF6A-0230EE6FC793} => C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL No File
GroupPolicyScripts: Group Policy detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sonystyle.ca/vaio
HKU\S-1-5-21-1478632700-464051546-2103095695-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2653012&UP=SPFCDD0007-394E-484B-9D34-ABA86AAE8983
HKU\S-1-5-21-1478632700-464051546-2103095695-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sonystyle.ca/vaio
HKU\S-1-5-21-1478632700-464051546-2103095695-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/webhp?rlz=1W1SNYX&ie=UTF-8&oe=UTF-8
HKU\S-1-5-21-1478632700-464051546-2103095695-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com/webhp?rlz=1W1SNYX&ie=UTF-8&oe=UTF-8
URLSearchHook: HKU\S-1-5-21-1478632700-464051546-2103095695-1000 - (No Name) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} -  No File
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012
SearchScopes: HKU\S-1-5-21-1478632700-464051546-2103095695-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPFCDD0007-394E-484B-9D34-ABA86AAE8983&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1478632700-464051546-2103095695-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPFCDD0007-394E-484B-9D34-ABA86AAE8983&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1478632700-464051546-2103095695-1000 -> {1A26BD34-FEF6-44CF-8C9F-B935A8447CF1} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012
SearchScopes: HKU\S-1-5-21-1478632700-464051546-2103095695-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=616163&p={searchTerms}
BHO: 2YourFace Addon -> {1185823F-F22F-4027-80E5-4F68ACD5DE5E} -> C:\Program Files\2YourFace\bho.dll No File
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-08] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: CrossRider -> {A876E312-7D08-401a-B7A6-FAFC5DC2F292} -> C:\Program Files\CrossriderWebApps\Crossrider.dll [2011-05-15] ()
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-14] (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files\pandasecuritytb\pandasecurityDx.dll [2015-02-10] ()
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-08] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06] (Hewlett-Packard Co.)
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll [2015-02-10] ()
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-14] (Google Inc.)
Toolbar: HKU\S-1-5-21-1478632700-464051546-2103095695-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-14] (Google Inc.)
Toolbar: HKU\S-1-5-21-1478632700-464051546-2103095695-1000 -> No Name - {CD90BF73-20F6-44EF-993D-BB920303BD2E} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{11E1DB5D-DE42-45C8-8357-8BD25100C0C0}: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\Profiles\6ofjn9uw.default
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2535290&SearchSource=3&q={searchTerms}
FF SelectedSearchEngine: Messenger Plus Live CA-EN Customized Web Search
FF Homepage: hxxp://search.conduit.com/?ctid=CT2535290&SearchSource=13
FF Keyword.URL: hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=616163&ilc=12&p=
FF Keyword.URL: hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=616163&ilc=12&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-12] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1478632700-464051546-2103095695-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Miranda\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-1478632700-464051546-2103095695-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Miranda\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF user.js: detected! => C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\Profiles\6ofjn9uw.default\user.js [2009-01-24]
FF SearchPlugin: C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\Profiles\6ofjn9uw.default\searchplugins\conduit.xml [2010-04-01]
FF Extension: No Name - C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2011-08-13]
FF Extension: 2YourFace - C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\profiles\extensions\support@2yourface.com [2011-08-13]
FF Extension: ActiveGS - C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\Profiles\6ofjn9uw.default\Extensions\activegs@freetoolsassociation.com [2010-09-26]
FF Extension: Conduit Engine  - C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\Profiles\6ofjn9uw.default\Extensions\engine@conduit.com [2010-12-30]
FF Extension: Veoh Video Compass - C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\Profiles\6ofjn9uw.default\Extensions\searchrecs@veoh.com [2010-09-26]
FF Extension: 2YourFace - C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\Profiles\6ofjn9uw.default\Extensions\support@2yourface.com [2011-08-13]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\Profiles\6ofjn9uw.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-09-26]
FF Extension: Messenger Plus Live CA-EN Toolbar - C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\Profiles\6ofjn9uw.default\Extensions\{437c4386-9237-441f-a940-009430030ee0} [2010-09-26]
FF Extension: No Name - C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\Profiles\6ofjn9uw.default\Extensions\{4D6A6C8E-1EB2-46e1-8CAA-40DAFDE3ED93} [2014-10-19]
FF Extension: uTorrentBar Community Toolbar - C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\Profiles\6ofjn9uw.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [2010-12-30]
FF Extension: Adblock Plus - C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\Profiles\6ofjn9uw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-09-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-09-28]
FF HKLM\...\Firefox\Extensions: [ShopperReports@ShopperReports.com] - C:\Program Files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions
FF Extension: ShopperReports - C:\Program Files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions [2010-11-15]
FF HKLM\...\Firefox\Extensions: [crossriderapp435@crossrider.com] - C:\ProgramData\CodecCheck\firefox
FF Extension: Premiumplay Codec-C - C:\ProgramData\CodecCheck\firefox [2011-08-13]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-12-10]
FF Extension: No Name - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [not found]
FF Extension: No Name - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
 
Chrome: 
=======
CHR Profile: C:\Users\Miranda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Miranda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-21]
CHR Extension: (Veoh Web Player) - C:\Users\Miranda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fealnpfjifonchkodiffbdkfaipmpkhe [2015-08-05]
CHR Extension: (Premiumplay Codec-C) - C:\Users\Miranda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho [2011-08-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Miranda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Miranda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-11]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Miranda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2010-12-15]
CHR HKLM\...\Chrome\Extension: [fealnpfjifonchkodiffbdkfaipmpkhe] - C:\Users\Miranda\AppData\Local\CRE\fealnpfjifonchkodiffbdkfaipmpkhe.crx [2012-06-11]
CHR HKLM\...\Chrome\Extension: [jpnbdefcbnoefmmcpelplabbkfmfhlho] - C:\ProgramData\CodecCheck\chrome\codec_check.crx [2011-08-13]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx <not found>
CHR HKLM\...\Chrome\Extension: [lmblfngognklgemafekefcdjcnkdhmdm] - <no Path\update_url>
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKU\S-1-5-21-1478632700-464051546-2103095695-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fealnpfjifonchkodiffbdkfaipmpkhe] - C:\Users\Miranda\AppData\Local\CRE\fealnpfjifonchkodiffbdkfaipmpkhe.crx [2012-06-11]
StartMenuInternet: Google Chrome - C:\Users\Miranda\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [815104 2008-04-30] (Intel® Corporation) [File not signed]
R2 Giraffic; C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe [2245232 2013-05-13] (Giraffic)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [142584 2015-02-26] (Panda Security, S.L.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [38136 2015-02-26] (Panda Security, S.L.)
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-04-30] (Intel® Corporation) [File not signed]
S3 SOHCImp; C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe [103712 2008-05-20] (Sony Corporation)
S3 SOHDms; C:\Program Files\Sony\VAIO Media plus\SOHDms.exe [353568 2008-05-20] (Sony Corporation)
S3 SOHDs; C:\Program Files\Sony\VAIO Media plus\SOHDs.exe [62752 2008-05-20] (Sony Corporation)
S3 SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2008-05-20] (Sony Corporation) [File not signed]
S3 SSScsiSV; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)
R2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [104960 2008-03-25] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2008-05-22] (Sony Corporation) [File not signed]
R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182112 2008-07-15] (Sony Corporation)
R2 VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [411488 2008-06-19] (Sony Corporation)
R2 VCFw; C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [415744 2008-06-20] (Sony Corporation) [File not signed]
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [337184 2008-06-11] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [279848 2008-06-19] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2008-05-22] (Sony Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17408 2008-01-30] (ArcSoft, Inc.)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [86800 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202128 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [109584 2015-02-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [126480 2015-02-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [41744 2014-12-31] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99856 2015-02-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [61712 2015-02-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [120592 2015-02-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [281232 2015-02-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [205456 2015-02-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [108432 2015-02-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [239888 2015-02-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [94864 2015-02-09] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [140048 2015-02-25] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [105232 2015-02-25] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [168208 2015-02-25] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [113936 2015-02-25] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [124688 2015-02-25] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [100624 2015-02-25] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-07 19:10 - 2015-08-07 19:11 - 00036059 _____ C:\Users\Miranda\Downloads\FRST.txt
2015-08-07 19:09 - 2015-08-07 19:10 - 00000000 ____D C:\FRST
2015-08-07 19:08 - 2015-08-07 19:09 - 01673728 _____ (Farbar) C:\Users\Miranda\Downloads\FRST.exe
2015-08-06 18:23 - 2015-08-06 18:26 - 00000000 ____D C:\Users\Miranda\Downloads\Orange.Is.The.New.Black.S03.Season.3.720p.5.1Ch.WebRip.ReEnc-DeeJayAhmed
2015-08-06 07:15 - 2015-08-06 07:15 - 00146512 _____ C:\Windows\Minidump\Mini080615-01.dmp
2015-08-05 20:52 - 2015-08-05 20:52 - 00000000 ____D C:\Users\Miranda\AppData\Local\CEF
2015-08-05 20:45 - 2015-01-29 10:21 - 00050320 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-08-05 20:16 - 2015-08-05 20:16 - 00146512 _____ C:\Windows\Minidump\Mini080515-01.dmp
2015-07-31 13:11 - 2015-07-31 13:11 - 00142400 _____ C:\Windows\Minidump\Mini073115-01.dmp
2015-07-31 11:50 - 2015-07-31 11:50 - 00000000 ____D C:\Users\Miranda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-31 11:50 - 2015-07-31 11:50 - 00000000 ____D C:\Users\Miranda\AppData\Local\{78D7476F-05B5-4F48-ABA4-24759CBA9082}
2015-07-24 16:35 - 2015-07-24 16:35 - 01268224 _____ C:\Users\Miranda\Documents\stanley july 2015.pub
2015-07-24 16:05 - 2015-07-24 16:05 - 00020902 _____ C:\Users\Miranda\Downloads\greeting_card.ott
2015-07-24 15:21 - 2015-07-31 12:04 - 00000000 ____D C:\Users\Miranda\Documents\TCS
2015-07-08 20:07 - 2015-07-08 20:22 - 285494305 _____ C:\Users\Miranda\Downloads\WedPics.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-07 19:08 - 2006-11-02 05:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-07 19:08 - 2006-11-02 05:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-07 18:58 - 2011-07-05 09:48 - 00000000 ____D C:\Program Files\Giraffic
2015-08-07 18:29 - 2015-06-20 06:51 - 00000926 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1478632700-464051546-2103095695-1000UA.job
2015-08-07 18:21 - 2010-11-30 23:20 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-07 18:21 - 2010-09-26 15:39 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1478632700-464051546-2103095695-1000UA.job
2015-08-07 18:17 - 2012-12-17 03:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-07 17:08 - 2010-09-26 14:20 - 01692430 _____ C:\Windows\WindowsUpdate.log
2015-08-07 17:05 - 2015-06-20 06:51 - 00000874 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1478632700-464051546-2103095695-1000Core.job
2015-08-07 16:58 - 2011-07-05 09:48 - 00000000 ____D C:\ProgramData\Giraffic
2015-08-07 06:42 - 2010-11-30 23:19 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-07 06:37 - 2010-09-26 15:39 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1478632700-464051546-2103095695-1000Core.job
2015-08-07 06:33 - 2010-10-16 18:19 - 00000000 ____D C:\Users\Miranda\AppData\Roaming\vlc
2015-08-06 20:09 - 2014-01-31 08:51 - 00000000 ____D C:\Users\Miranda\AppData\Local\panda4_1dn
2015-08-06 19:16 - 2010-09-26 17:31 - 00000000 ____D C:\Users\Miranda\AppData\Roaming\uTorrent
2015-08-06 18:20 - 2015-01-08 19:59 - 00000000 ____D C:\Program Files\Steam
2015-08-06 07:22 - 2011-02-15 09:30 - 00000000 ___RD C:\Users\Miranda\Dropbox
2015-08-06 07:22 - 2011-02-15 09:17 - 00000000 ____D C:\Users\Miranda\AppData\Roaming\Dropbox
2015-08-06 07:15 - 2010-10-07 07:57 - 00000000 ____D C:\Windows\Minidump
2015-08-06 07:15 - 2006-11-02 06:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-06 07:14 - 2010-10-07 07:57 - 313927331 _____ C:\Windows\MEMORY.DMP
2015-08-06 06:47 - 2010-09-26 15:40 - 00002052 _____ C:\Users\Miranda\Desktop\Google Chrome.lnk
2015-08-05 21:08 - 2015-01-08 20:00 - 00000000 ____D C:\Program Files\Common Files\Steam
2015-08-04 18:48 - 2006-11-02 06:01 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-14 19:29 - 2008-01-20 19:47 - 00211724 _____ C:\Windows\PFRO.log
2015-07-14 17:33 - 2012-12-17 03:20 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-14 17:33 - 2011-05-15 15:16 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-08 17:00 - 2010-09-26 17:30 - 00000000 ____D C:\Users\Miranda\AppData\Roaming\HpUpdate
 
==================== Files in the root of some directories =======
 
2010-09-26 17:30 - 2010-07-26 18:37 - 0017105 _____ () C:\Users\Miranda\AppData\Roaming\UserTile.png
2010-09-26 17:30 - 2013-01-19 13:38 - 0020168 _____ () C:\Users\Miranda\AppData\Roaming\wklnhst.dat
2010-09-26 18:17 - 2009-08-17 13:15 - 0000552 _____ () C:\Users\Miranda\AppData\Local\d3d8caps.dat
2010-09-26 18:17 - 2014-02-17 04:21 - 0000680 _____ () C:\Users\Miranda\AppData\Local\d3d9caps.dat
2010-09-26 17:44 - 2015-04-13 17:54 - 0151552 _____ () C:\Users\Miranda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-02 19:49 - 2015-07-02 19:49 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-10-15 17:20 - 2014-12-14 12:43 - 0001288 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\Miranda\AppData\Local\Temp\cci.exe
C:\Users\Miranda\AppData\Local\Temp\CloudAntivirus.exe
C:\Users\Miranda\AppData\Local\Temp\DivXSetup.exe
C:\Users\Miranda\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsfsahv.dll
C:\Users\Miranda\AppData\Local\Temp\DWPUpgradeInstaller.exe
C:\Users\Miranda\AppData\Local\Temp\ffunzip.exe
C:\Users\Miranda\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\Miranda\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Miranda\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Miranda\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Miranda\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Miranda\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Miranda\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Miranda\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Miranda\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Miranda\AppData\Local\Temp\stub.exe
C:\Users\Miranda\AppData\Local\Temp\utt5EC5.tmp.exe
C:\Users\Miranda\AppData\Local\Temp\uttB2BB.tmp.exe
C:\Users\Miranda\AppData\Local\Temp\uttBC2F.tmp.exe
C:\Users\Miranda\AppData\Local\Temp\uttBE7D.tmp.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-06 19:30
 
==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,261 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:33 AM

Posted 09 August 2015 - 08:40 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these process in bold using the Add/Remove Programs appler.

Crossrider Web Apps (HKLM\...\Crossrider) (Version: - ) <==== ATTENTION
uTorrentBar Toolbar (HKLM\...\uTorrentBar Toolbar) (Version: 6.2.7.3 - uTorrentBar) <==== ATTENTION

===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AOLDDI.LNK [2011-03-06]
ShortcutTarget: AOLDDI.LNK -> C:\DDI\AOLICON.exe (No File)
ShellIconOverlayIdentifiers: [Panda Malware Icon] -> {F5D1CF73-C196-48F8-AAAC-B9181E22B4E6} => C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL No File
ShellIconOverlayIdentifiers: [Panda Suspect Icon] -> {9AE343CB-BA45-4618-AF6A-0230EE6FC793} => C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL No File
GroupPolicyScripts: Group Policy detected <======= ATTENTION
HKU\S-1-5-21-1478632700-464051546-2103095695-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2653012&UP=SPFCDD0007-394E-484B-9D34-ABA86AAE8983
HKU\S-1-5-21-1478632700-464051546-2103095695-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/webhp?rlz=1W1SNYX&ie=UTF-8&oe=UTF-8
HKU\S-1-5-21-1478632700-464051546-2103095695-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com/webhp?rlz=1W1SNYX&ie=UTF-8&oe=UTF-8
URLSearchHook: HKU\S-1-5-21-1478632700-464051546-2103095695-1000 - (No Name) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} -  No File
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012
SearchScopes: HKU\S-1-5-21-1478632700-464051546-2103095695-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPFCDD0007-394E-484B-9D34-ABA86AAE8983&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1478632700-464051546-2103095695-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPFCDD0007-394E-484B-9D34-ABA86AAE8983&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1478632700-464051546-2103095695-1000 -> {1A26BD34-FEF6-44CF-8C9F-B935A8447CF1} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012
SearchScopes: HKU\S-1-5-21-1478632700-464051546-2103095695-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=616163&p={searchTerms}
BHO: 2YourFace Addon -> {1185823F-F22F-4027-80E5-4F68ACD5DE5E} -> C:\Program Files\2YourFace\bho.dll No File
BHO: CrossRider -> {A876E312-7D08-401a-B7A6-FAFC5DC2F292} -> C:\Program Files\CrossriderWebApps\Crossrider.dll [2011-05-15] ()
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
Toolbar: HKU\S-1-5-21-1478632700-464051546-2103095695-1000 -> No Name - {CD90BF73-20F6-44EF-993D-BB920303BD2E} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2535290&SearchSource=3&q={searchTerms}
FF Homepage: hxxp://search.conduit.com/?ctid=CT2535290&SearchSource=13
FF user.js: detected! => C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\Profiles\6ofjn9uw.default\user.js [2009-01-24]
FF SearchPlugin: C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\Profiles\6ofjn9uw.default\searchplugins\conduit.xml [2010-04-01]
FF Extension: 2YourFace - C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\profiles\extensions\support@2yourface.com [2011-08-13]
FF Extension: Conduit Engine  - C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\Profiles\6ofjn9uw.default\Extensions\engine@conduit.com [2010-12-30]
FF Extension: Veoh Video Compass - C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\Profiles\6ofjn9uw.default\Extensions\searchrecs@veoh.com [2010-09-26]
FF Extension: 2YourFace - C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\Profiles\6ofjn9uw.default\Extensions\support@2yourface.com [2011-08-13]
FF Extension: No Name - C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\Profiles\6ofjn9uw.default\Extensions\{4D6A6C8E-1EB2-46e1-8CAA-40DAFDE3ED93} [2014-10-19]
FF Extension: uTorrentBar Community Toolbar - C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\Profiles\6ofjn9uw.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [2010-12-30]
FF HKLM\...\Firefox\Extensions: [ShopperReports@ShopperReports.com] - C:\Program Files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions
FF Extension: ShopperReports - C:\Program Files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions [2010-11-15]
FF HKLM\...\Firefox\Extensions: [crossriderapp435@crossrider.com] - C:\ProgramData\CodecCheck\firefox
FF Extension: Premiumplay Codec-C - C:\ProgramData\CodecCheck\firefox [2011-08-13]
FF Extension: No Name - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [not found]
FF Extension: No Name - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
CHR Extension: (Veoh Web Player) - C:\Users\Miranda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fealnpfjifonchkodiffbdkfaipmpkhe [2015-08-05]
CHR Extension: (Premiumplay Codec-C) - C:\Users\Miranda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho [2011-08-13]
CHR HKLM\...\Chrome\Extension: [fealnpfjifonchkodiffbdkfaipmpkhe] - C:\Users\Miranda\AppData\Local\CRE\fealnpfjifonchkodiffbdkfaipmpkhe.crx [2012-06-11]
CHR HKLM\...\Chrome\Extension: [jpnbdefcbnoefmmcpelplabbkfmfhlho] - C:\ProgramData\CodecCheck\chrome\codec_check.crx [2011-08-13]
CHR HKLM\...\Chrome\Extension: [lmblfngognklgemafekefcdjcnkdhmdm] - <no Path\update_url>
CHR HKU\S-1-5-21-1478632700-464051546-2103095695-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fealnpfjifonchkodiffbdkfaipmpkhe] - C:\Users\Miranda\AppData\Local\CRE\fealnpfjifonchkodiffbdkfaipmpkhe.crx [2012-06-11]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\Profiles\6ofjn9uw.default\Extensions\support@2yourface.com
C:\ProgramData\CodecCheck
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\Profiles\6ofjn9uw.default\searchplugins\conduit.xml
C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\profiles\extensions\support@2yourface.com
C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\Profiles\6ofjn9uw.default\Extensions\searchrecs@veoh.com
C:\Users\Miranda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fealnpfjifonchkodiffbdkfaipmpkhe
C:\Users\Miranda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
C:\Users\Miranda\AppData\Local\CRE\fealnpfjifonchkodiffbdkfaipmpkhe.crx
C:\ProgramData\CodecCheck\chrome\codec_check.crx
C:\Users\Miranda\AppData\Local\CRE\fealnpfjifonchkodiffbdkfaipmpkhe.crx

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===


Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 morning_wonder

morning_wonder
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 09 August 2015 - 05:43 PM

hi nasdaq. thank you for helping me. when i tried to uninstall the uTorrent Toolbar, at first i was asked to run UNWISE.EXE which sounded suspicious; upon my second attempt, a dialogue box titled "Wise Uninstall" said, "Could not open INSTALL.LOG file". also, after installing AdwClearner and trying to open it, i got a dialogue box that said, "C:\Users\Miranda\Desktop\adwcleaner_4.208.exe is not a valid Win32 application. what should i do next? (please see attached for Fixlog.txt)Attached File  Fixlog.txt   17.44KB   1 downloads



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,261 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:33 AM

Posted 10 August 2015 - 08:09 AM


Go to this page.
How to Run Check Disk at Startup in Vista
http://www.vistax64.com/tutorials/67612-check-disk-chkdsk.html

Execute the instructions under this section

3. To Run chkdsk in a Elevated Command Prompt

Use the following command
Type: chkdsk /f or chkdsk C: /f

Make sure you have a space before the back slash /

===

Any improvement?

#5 morning_wonder

morning_wonder
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 10 August 2015 - 07:43 PM

Attached File  Untitled.jpg   42.64KB   0 downloadsAttached File  Untitled2.jpg   42.79KB   0 downloadshi nasdaq. i tried both commands (see attachments). nothing different happened when windows restarted, just the usual startup. i'm not sure whether or not this is a good thing.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,261 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:33 AM

Posted 11 August 2015 - 07:54 AM

Try this command. Make sure of a space before the / backslashes.

chkdsk C: /f /r /x

#7 morning_wonder

morning_wonder
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 11 August 2015 - 07:45 PM

Attached File  Untitled3.jpg   43.39KB   0 downloadshello. so i tried that and this time it did go to a black screen that said something about checking the disk (or file?); the second line said something about NTFS; the third line said it could not open file for direct access; and the fourth line said that it was done checking. when it finished restarting, i didn't have a wireless connection even though the switch was turned on (as it's been doing). when i restarted again, the same black screen came back, and when it finished restarting i had wireless. see the attached file for the command i typed in for all this.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,261 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:33 AM

Posted 12 August 2015 - 08:30 AM

Your Hard disk may be going bad or is protected.

You can try a few more switches as recommended here.

http://answers.microsoft.com/en-us/windows/forum/windows_7-performance/cant-run-chkdsk-r/43ebe2e5-3ae6-451b-b5e7-032b1e657a6c?auth=1

Make sure you do the ones where NTFS is mentioned.

This may take awhile.

You can decide to ask for help in the Hardware forum.
An expert in that field may be better able to help your then I can.

http://www.bleepingcomputer.com/forums/f/7/internal-hardware/

I will leave this topic open for 6 days if you need to return please do.

#9 morning_wonder

morning_wonder
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 12 August 2015 - 11:48 PM

hello. i'm actually going away tomorrow and won't be able to try these until tuesday, which is six days away from today. could you leave it open a bit longer so i can try your suggestions and get back to you? i really appreciate all your help, even if we haven't totally fixed it yet!



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,261 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:33 AM

Posted 13 August 2015 - 08:41 AM

Will be here.

#11 morning_wonder

morning_wonder
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 21 August 2015 - 09:07 PM

hi nasdaq. i managed to try those switches where NTFS was mentioned. attached are the screenshots of my results. after /b, i restarted my computer, got the same message about "cannot open volume for direct access". when my computer restarted, i had no wireless even though the switch was on. i restarted again. do i need to get help in the hardware forum? what should i ask for?

Attached Files



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,261 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:33 AM

Posted 22 August 2015 - 08:50 AM


Start a new topic in the Internal Hardware forum.
http://www.bleepingcomputer.com/forums/f/7/internal-hardware/

Title: Problem running Chkdsk on a NTFS system.

The content should look like this.

When running Chkdsk on the hard disk, no matter which switch I used I always get this message cannot open volume for direct access

#13 morning_wonder

morning_wonder
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 22 August 2015 - 12:53 PM

thank you for all your help, nasdaq. i will do that.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,261 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:33 AM

Posted 28 August 2015 - 07:17 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users