Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HDD runs constantly, suspecting iyogi is the problem


  • This topic is locked This topic is locked
5 replies to this topic

#1 Montana Mad Dog

Montana Mad Dog

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:07:17 PM

Posted 07 December 2015 - 01:34 PM

I have a computer here that has a HDD that has constant activity.  The user got taken in by iyogi and I removed what I could find, using the usual tools (MBAM, Adw, JRT, etc.).

 

Can you have a look at the FRST reports and let me know if there's some more clean up I can perform.

 

Thanks.

 

========================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
Ran by Bo (administrator) on BO-PC (07-12-2015 11:29:01)
Running from C:\Users\Bo\Downloads
Loaded Profiles: Bo (Available Profiles: Bo)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Dell) C:\Program Files\Dell\Tech Concierge\srvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Dell, Inc.) C:\Program Files\Dell\Tech Concierge Backup\Dell-Backup-Svc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Dell) C:\Program Files\Dell\Tech Concierge\cust.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files (x86)\SDC\SDiManage\IYogiMonitoringSvc.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files (x86)\SDC\SDiManage\Monitor.Event.Agent.exe
(Dell) C:\Program Files\Dell\Tech Concierge\capp.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell, Inc.) C:\Program Files\Dell\Tech Concierge Backup\DashUI.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Dell Backup Dashboard] => C:\Program Files\Dell\Tech Concierge Backup\DashUI.exe [3665904 2014-02-10] (Dell, Inc.)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [957440 2011-11-03] ()
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1638495040-610978764-958578444-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\S-1-5-21-1638495040-610978764-958578444-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-1638495040-610978764-958578444-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1638495040-610978764-958578444-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1638495040-610978764-958578444-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-1638495040-610978764-958578444-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-1638495040-610978764-958578444-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-1638495040-610978764-958578444-1001\...\Winlogon: [Shell] - <==== ATTENTION
HKU\S-1-5-21-1638495040-610978764-958578444-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [805888 2015-07-09] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2012-05-03]
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk [2012-05-03]
ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 216.129.224.49 216.220.30.1
Tcpip\..\Interfaces\{3ba40ee8-9f80-4f50-a08d-a9c100899ced}: [DhcpNameServer] 216.129.224.49 216.220.30.1
Tcpip\..\Interfaces\{420df6fc-aaa9-4d9b-93a7-8a830ead0826}: [DhcpNameServer] 216.129.224.49 216.220.30.1
Tcpip\..\Interfaces\{73f9d4f9-a2a4-4cf7-82b9-f7d8e41e7256}: [DhcpNameServer] 216.129.224.49 216.220.30.1
Tcpip\..\Interfaces\{c5b20ff1-a988-44af-a886-847dc39c326d}: [DhcpNameServer] 216.129.224.49 216.220.30.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1638495040-610978764-958578444-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
HKU\S-1-5-21-1638495040-610978764-958578444-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-1638495040-610978764-958578444-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-1638495040-610978764-958578444-1001\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxp://search.myway.com/home/index.jhtml?p2=^UX^xdm423^S12539^us&ptb=A745BF35-E5A6-49D9-BA96-33378B08FE4E&si=49588_NEW-Directionsmaps&n=781B14CC
HKU\S-1-5-21-1638495040-610978764-958578444-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> {88EEAD8C-68A2-45E1-A765-0344003CF0AE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {88EEAD8C-68A2-45E1-A765-0344003CF0AE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1638495040-610978764-958578444-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1638495040-610978764-958578444-1001 -> {1A5CF0AF-C81A-473E-8A72-C406C5B1D09A} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1638495040-610978764-958578444-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1638495040-610978764-958578444-1001 -> {88EEAD8C-68A2-45E1-A765-0344003CF0AE} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-10-25] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-24] (Google Inc.)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2013-09-02] ()
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-25] (Oracle Corporation)
BHO-x32: Dragon NaturallySpeaking Rich Internet Application Support - Extension -> {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll [2013-10-15] (Nuance Communications, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-25] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-24] (Google Inc.)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2013-09-02] ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-25] (Oracle Corporation)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-24] (Google Inc.)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2013-09-02] ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-24] (Google Inc.)
Toolbar: HKU\S-1-5-21-1638495040-610978764-958578444-1001 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2013-09-02] ()

FireFox:
========
FF ProfilePath: C:\Users\Bo\AppData\Roaming\Mozilla\Firefox\Profiles\0w8ff1wo.default
FF Homepage: hxxps://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-04] ()
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-04] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-24] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll [2013-10-15] (Nuance Communications Inc.)
FF Plugin HKU\S-1-5-21-1638495040-610978764-958578444-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Bo\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1638495040-610978764-958578444-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Bo\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-28] (Google Inc.)
FF Extension: Adblock Plus - C:\Users\Bo\AppData\Roaming\Mozilla\Firefox\Profiles\0w8ff1wo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-24]
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: No Name - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-10-15] [not signed]

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Plugin: (Shockwave Flash) - C:\Users\Bo\AppData\Local\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Users\Bo\AppData\Local\Google\Chrome\Application\43.0.2357.81\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Bo\AppData\Local\Google\Chrome\Application\43.0.2357.81\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\Bo\AppData\Roaming\Mozilla\plugins\npatgpc.dll => No File
CHR Plugin: (Java™ Platform SE 7 U15) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll => No File
CHR Plugin: (Google Update) - C:\Users\Bo\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Profile: C:\Users\Bo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Yahoo Web) - C:\Users\Bo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaffhmecfaelkngcbnfdkcckmillnoki [2015-10-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Bo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-01]
CHR Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Users\Bo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn [2015-07-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-26]
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-10-15]
StartMenuInternet: Google Chrome - C:\Users\Bo\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
R2 Dell Tech Concierge; C:\Program Files\Dell\Tech Concierge\srvc.exe [107840 2014-02-17] (Dell)
R2 Dell-Backup-Svc; C:\Program Files\Dell\Tech Concierge Backup\Dell-Backup-Svc.exe [6955016 2014-02-10] (Dell, Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201560 2015-09-11] (Dell Inc.)
S4 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-08-02] (Dell Products, LP.) [File not signed]
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-11-03] (Microsoft Corporation)
R2 SDiManage; C:\Program Files (x86)\SDC\SDiManage\IYogiMonitoringSvc.exe [25048 2012-09-05] ()
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [21160 2015-09-30] (Dell Inc.)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [116224 2009-10-14] (WDC) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-09] (Microsoft Corporation)
S2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-09] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-07] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R1 mfenlfk; C:\Windows\system32\DRIVERS\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-06-17] (Realtek                                            )
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-09] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-09] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-09] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-09] (Microsoft Corporation)
S1 BdfNdisf; \??\E:\Windows\System32\DriverStore\FileRepository\netlwf.inf_amd64_neutral_97f843f0c52a2992\bdfndisf6.sys [X]
S1 bdfwfpf; \??\C:\Program Files (x86)\iYogi\TechGenie\bdfwfpf.sys [X]
U3 idsvc; no ImagePath
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-07 11:29 - 2015-12-07 11:29 - 00021330 _____ C:\Users\Bo\Downloads\FRST.txt
2015-12-07 11:28 - 2015-12-07 11:29 - 00000000 ____D C:\FRST
2015-12-07 11:28 - 2015-12-07 11:28 - 02369024 _____ (Farbar) C:\Users\Bo\Downloads\FRST64.exe
2015-12-07 11:27 - 2015-12-07 11:27 - 00307200 _____ (Secure By Design Inc.) C:\Users\Bo\Downloads\Ninite Air Classic Start Firefox Java 8 Installer.exe
2015-12-07 11:25 - 2015-12-07 11:25 - 06801752 _____ (Piriform Ltd) C:\Users\Bo\Downloads\ccsetup512.exe
2015-12-07 11:22 - 2015-12-07 11:22 - 00016148 _____ C:\WINDOWS\system32\BO-PC_Bo_HistoryPrediction.bin
2015-12-07 10:57 - 2015-12-07 10:57 - 00283032 _____ C:\WINDOWS\Minidump\120715-47359-01.dmp
2015-12-07 10:56 - 2015-12-07 10:56 - 538946145 _____ C:\WINDOWS\MEMORY.DMP
2015-11-24 20:23 - 2015-11-24 20:23 - 00002844 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-11-24 20:17 - 2015-11-24 20:20 - 00000806 _____ C:\WINDOWS\ntbtlog.txt
2015-11-24 20:09 - 2015-11-24 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-11-24 20:09 - 2015-11-24 20:09 - 00000000 ____D C:\Program Files\CCleaner
2015-11-24 19:47 - 2015-11-24 20:02 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-11-20 18:58 - 2015-11-20 18:58 - 00000000 ____D C:\Users\Bo\AppData\Local\CEF
2015-11-14 11:54 - 2015-11-14 11:54 - 00003258 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask-Retry
2015-11-14 11:14 - 2015-11-15 19:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-13 11:08 - 2015-11-13 11:08 - 00000000 ____D C:\Users\Default\AppData\Roaming\KODAK AiO Home Center822060086
2015-11-13 11:08 - 2015-11-13 11:08 - 00000000 ____D C:\Users\Default User\AppData\Roaming\KODAK AiO Home Center822060086
2015-11-13 09:54 - 2015-11-13 09:54 - 00000000 ____D C:\Users\Default\AppData\Roaming\KODAK AiO Home Center1636583090
2015-11-13 09:54 - 2015-11-13 09:54 - 00000000 ____D C:\Users\Default User\AppData\Roaming\KODAK AiO Home Center1636583090
2015-11-12 11:02 - 2015-11-12 11:02 - 00004112 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-11-12 11:02 - 2015-11-12 11:02 - 00003560 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2015-11-12 11:02 - 2015-11-12 11:02 - 00003282 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2015-11-12 11:02 - 2015-11-12 11:02 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2015-11-12 11:02 - 2015-11-12 11:02 - 00000000 ____D C:\Program Files\Dell Support Center
2015-11-10 21:56 - 2015-11-04 22:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-10 21:56 - 2015-11-04 22:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-10 21:56 - 2015-11-04 22:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-10 21:56 - 2015-11-04 22:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-10 21:56 - 2015-11-04 22:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-10 21:56 - 2015-11-04 22:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-10 21:56 - 2015-11-04 22:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-10 21:56 - 2015-11-04 22:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-10 21:56 - 2015-11-04 21:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-10 21:56 - 2015-11-04 21:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-10 21:56 - 2015-11-04 21:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-10 21:56 - 2015-11-04 21:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-10 21:56 - 2015-11-04 21:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-10 21:56 - 2015-11-04 21:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-10 21:56 - 2015-11-04 21:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-10 21:56 - 2015-11-04 21:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-10 21:56 - 2015-11-04 21:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-10 21:56 - 2015-11-04 21:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-10 21:56 - 2015-11-04 21:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-10 21:56 - 2015-11-04 21:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-10 21:56 - 2015-11-04 21:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-10 21:56 - 2015-11-04 21:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-10 21:56 - 2015-11-04 21:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-10 21:56 - 2015-11-04 21:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-10 21:56 - 2015-11-04 21:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-10 21:56 - 2015-11-04 21:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-10 21:56 - 2015-11-04 21:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-10 21:56 - 2015-11-04 21:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-10 21:56 - 2015-11-04 21:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-10 21:56 - 2015-11-04 21:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-10 21:56 - 2015-11-04 21:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-10 21:56 - 2015-11-04 21:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-10 21:56 - 2015-11-04 21:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-10 21:56 - 2015-11-04 20:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-10 21:56 - 2015-11-04 20:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-10 21:56 - 2015-11-04 20:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-10 21:56 - 2015-11-04 20:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-10 21:56 - 2015-11-04 20:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-10 21:56 - 2015-11-04 20:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-10 21:56 - 2015-11-04 20:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-10 21:56 - 2015-11-04 20:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-10 21:56 - 2015-11-04 20:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-10 21:56 - 2015-11-04 20:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-10 21:56 - 2015-11-04 20:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-10 21:56 - 2015-11-04 20:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-10 21:56 - 2015-11-04 20:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-10 21:56 - 2015-11-04 20:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-10 21:56 - 2015-11-04 20:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-10 21:56 - 2015-11-04 20:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-10 21:56 - 2015-11-04 20:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-10 21:56 - 2015-11-04 20:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-10 21:56 - 2015-11-04 20:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-10 21:56 - 2015-11-04 20:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-07 11:29 - 2015-07-10 02:47 - 00000000 ____D C:\Windows
2015-12-07 11:26 - 2015-07-30 15:40 - 00000000 ____D C:\WINDOWS\INF
2015-12-07 11:25 - 2015-07-30 15:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-07 11:23 - 2014-06-11 22:04 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-07 11:21 - 2015-11-03 16:38 - 00000000 ____D C:\Users\Bo
2015-12-07 11:16 - 2015-07-30 15:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-07 11:13 - 2015-11-03 17:29 - 00000000 ____D C:\Windows.old
2015-12-07 11:07 - 2012-04-16 16:28 - 00000000 ____D C:\Program Files (x86)\Windows Live
2015-12-07 11:03 - 2012-06-11 13:46 - 00000000 ____D C:\ProgramData\WebEx
2015-12-07 11:03 - 2012-05-24 18:59 - 00000000 ____D C:\Program Files (x86)\Nmap
2015-12-07 10:57 - 2015-11-04 11:55 - 00000000 ____D C:\WINDOWS\Minidump
2015-12-07 10:57 - 2015-07-30 14:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-07 10:57 - 2015-07-30 14:49 - 00391096 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-24 20:38 - 2012-05-24 18:35 - 00000000 ____D C:\Program Files (x86)\iYogi Support Dock
2015-11-24 20:21 - 2015-07-10 02:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-24 19:59 - 2015-07-17 17:25 - 00000000 ____D C:\Program Files (x86)\TechGenie
2015-11-24 19:51 - 2012-05-24 18:59 - 00000000 ____D C:\Program Files (x86)\iYogi
2015-11-24 10:21 - 2015-07-30 15:42 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-24 09:49 - 2012-04-16 16:00 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-23 12:40 - 2009-11-26 14:55 - 00000000 ____D C:\Users\Bo\Documents\Skyline Lodge
2015-11-15 19:02 - 2014-02-16 15:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-13 10:01 - 2015-07-30 15:42 - 00000000 ____D C:\WINDOWS\rescache
2015-11-13 09:54 - 2015-11-03 16:34 - 00000000 ____D C:\ProgramData\Kodak
2015-11-13 09:54 - 2015-07-17 16:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak
2015-11-12 11:02 - 2012-04-16 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-11-11 03:30 - 2015-07-30 15:42 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-10 22:24 - 2012-05-03 16:50 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-10 22:09 - 2014-09-24 12:17 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-10 22:09 - 2012-05-03 16:23 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-10 21:24 - 2015-11-03 16:37 - 01009666 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-09 11:41 - 2009-11-26 15:25 - 00000000 ____D C:\Users\Bo\Documents\Bo's personal

==================== Files in the root of some directories =======

2014-02-16 15:00 - 2014-04-11 08:33 - 0001555 _____ () C:\Users\Bo\AppData\Roaming\SAS7_000.DAT
2015-07-17 17:19 - 2015-07-17 17:19 - 0000236 _____ () C:\Users\Bo\AppData\Local\LaunchHomeCenter.log
2012-05-24 19:47 - 2012-08-08 15:18 - 0000000 _____ () C:\ProgramData\Drwtsn32.log~~Drwtsn32.log~~.txt
2013-07-12 15:01 - 2013-07-12 15:01 - 6773824 _____ (Dell                                                        ) C:\ProgramData\dtc-Setup-64bit-V2542.exe
2013-08-15 15:00 - 2013-08-15 15:00 - 6788760 _____ (Dell                                                        ) C:\ProgramData\dtc-Setup-64bit-V2543.exe
2013-10-23 15:00 - 2013-10-23 15:00 - 6870232 _____ (Dell                                                        ) C:\ProgramData\dtc-Setup-64bit-V2545.exe
2012-05-24 19:00 - 2012-05-24 19:00 - 0000099 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Files to move or delete:
====================
C:\ProgramData\dtc-Setup-64bit-V2542.exe
C:\ProgramData\dtc-Setup-64bit-V2543.exe
C:\ProgramData\dtc-Setup-64bit-V2545.exe


Some files in TEMP:
====================
C:\Users\Bo\AppData\Local\Temp\uninst000.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-07 11:12

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:17 AM

Posted 08 December 2015 - 12:16 PM


:welcome:

Hello Montana Mad Dog,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Montana Mad Dog

Montana Mad Dog
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:07:17 PM

Posted 08 December 2015 - 12:25 PM

Thanks for the response Jo.  I'll complete the Security Check instructions and get back to you with the results.



#4 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:17 AM

Posted 08 December 2015 - 02:51 PM

do you have problems with running Security Check?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:17 AM

Posted 10 December 2015 - 06:33 PM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#6 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:17 AM

Posted 13 December 2015 - 03:10 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users