Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Thanks to Catbyte


Recommended Posts

I had already emailed Catbyte that I am plagued by adware that appears most of the times I click the link of a webpage. The internet also often slows or stops responding and I have to keep refreshing (F5).

I am attaching the FRST and Addition texts that were created after use of the Farbar Recovery Scan Tool.

An error message said: 'You aren't permitted to up[load this kind of file'

This the FRST.txt file. The other text file is OKAddition.txt

 

So what do I do please?Addition.txt

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2013
Ran by Eddie (administrator) on 15-07-2013 10:05:30
Running from C:\Users\Eddie\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
() C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
() C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
() C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(Mirics Semiconductor Ltd) C:\Windows\system32\hauppauge\hcwD3dvb\DVBT\DVBService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Alcatel-Lucent) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(SourceTec Software Co., LTD) C:\Program Files (x86)\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
(Microsoft Corporation) C:\Windows\System32\Magnify.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Users\Eddie\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [smartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [611896 2010-09-15] ()
HKLM\...\Run: [btbb_McciTrayApp] - "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2821808 2012-11-23] (Alcatel-Lucent)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [itype] - "c:\Program Files\Microsoft IntelliType Pro\itype.exe" [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [Web Video Downloader] - "C:\Program Files (x86)\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe" [5989752 2012-06-12] (SourceTec Software Co., LTD)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)
HKCU\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-07-09] (Google Inc.)
HKCU\...\Run: [Driver Manager] - C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false [3969400 2013-07-13] (PC Drivers Headquarters)
HKCU\...\Run: [Xvid] - C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKLM-x32\...\Run: [startCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-09-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [664600 2010-09-28] (PDF Complete Inc)
HKLM-x32\...\Run: [HP Remote Solution] - %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-25] (Hewlett-Packard)
HKLM-x32\...\Run: [bATINDICATOR] - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [LaunchHPOSIAPP] - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-04] (Hewlett-Packard)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-08-30] (EasyBits Software AS)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [TaskTray] -  [x]
HKLM-x32\...\Run: [vProt] - "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [2236080 2013-06-26] ()
HKLM-x32\...\Run: [brdefprn] - C:\Program Files (x86)\Brother\BRHL2035\Brdefprn.exe -d [45056 2009-07-08] ()
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
AppInit_DLLs:                  [0 ] ()
AppInit_DLLs-x32: c:\progra~3\browse~2\261339~1.144\{c16c1~1\browse~1.dll                   c:\progra~2\contin~1\sprote~1.dll [1050112 2013-01-24] ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://news.google.com/news?ned=uk
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.a-searchpage.info/?pid=964&r=2013/06/07&hid=2948431811&lg=EN&cc=GB&unqvl=18
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} -  No File
URLSearchHook: (No Name) - {739df940-c5ee-4bab-9d7e-270894ae687a} -  No File
HKLM SearchScopes: DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=410&apn_dtid=BND410&apn_ptnrs=AGA&o=APN10649&apn_uid=5548756052104342&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=410&apn_dtid=BND410&apn_ptnrs=AGA&o=APN10649&apn_uid=5548756052104342&q={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/710-111095-2958-0/4?satitle={searchTerms}&mfe=Desktops
HKLM-x32 SearchScopes: DefaultScope {FA13C156-AE0C-4973-B2C4-C31F5EFEAB4E} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=410&apn_dtid=BND410&apn_ptnrs=AGA&o=APN10649&apn_uid=5548756052104342&q={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.a-searchpage.info/?l=1&q={searchTerms}&pid=964&r=2013/06/07&hid=2948431811&lg=EN&cc=GB&unqvl=18
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/710-111095-2958-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_din2g&mntrId=161100FF46595BDA&affID=122298&tt=250613_gr3&tsp=4925
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=STK&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=2DDB129A-779A-4866-9B3A-3DCC23BD3056&apn_sauid=CB2F2D22-9A0F-4140-9EB1-FD13558DCB64
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={FD4A0962-2C12-43DD-93CE-91C6B366C47C}&mid=adc1cf4d6c3b4fbc946ee4f2e7d30bd8-5cb72af4629e2b10274d2705caff7ce47fa7daed〈=en&ds=hk011&pr=sa&d=2012-07-12 21:05:30&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=410&apn_dtid=BND410&apn_ptnrs=AGA&o=APN10649&apn_uid=5548756052104342&q={searchTerms}
SearchScopes: HKCU - {B5970CB1-CC0A-418B-8E45-86FCF3E6AB73} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=bt-odbrws
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.a-searchpage.info/?l=1&q={searchTerms}&pid=964&r=2013/06/07&hid=2948431811&lg=EN&cc=GB&unqvl=18
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/710-111095-2958-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - {EA8AC88B-32EF-4AE9-A9ED-935FBDFBBE22} URL = http://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
SearchScopes: HKCU - {FA13C156-AE0C-4973-B2C4-C31F5EFEAB4E} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN40978677702659229&UM=2&SSPV=TB_C5
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: Cool Smiley Bar for Facebook - {4723AAA8-B2F9-4CC1-9E60-190976DB1FA4} - C:\Program Files (x86)\Cool Smiley Bar for Facebook\ScriptHost.dll (Plus Winks)
BHO-x32: ccooNttinuetosave - {556DA3BF-D235-2B15-397C-698795A5F7BB} - C:\ProgramData\ccooNttinuetosave\51b222e5895d5.dll ()
BHO-x32: WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
BHO-x32: SearchNewTab - {857F05BB-8F97-4670-2644-77ECE2911D89} - C:\ProgramData\SearchNewTab\51b222fc0c41a.dll ()
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: ccooNttinuetosave - {9956AF12-A4C0-5708-2D58-5400F4324DA0} - C:\ProgramData\ccooNttinuetosave\51b21e7d33323.dll ()
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: SoThink Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: ccooNttinuetosave - {EDB81517-14B1-09FF-3408-78FB4AAA338D} - C:\ProgramData\ccooNttinuetosave\51b223515ef87.dll ()
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - SoThink Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {739DF940-C5EE-4BAB-9D7E-270894AE687A} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (AVG Secure Search)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52920 2011-03-16] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Chrome:
=======


CHR Extension: (SearchNewTab) - C:\Users\Eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions\biogdpakigoblalpeidbcgdljeepjelf\1
CHR Extension: (YouTube) - C:\Users\Eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (Google Search) - C:\Users\Eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR Extension: (Motive Extension) - C:\Users\Eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.0_0
CHR Extension: (ccooNttinuetosave) - C:\Users\Eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcplhnlcpbbdcmcmeigceeimoadmolak\1
CHR Extension: (Sothink web video downloader chrome extension) - C:\Users\Eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggpkaghlpmnpcmlcolhndoopcoipjeoe\1.0_0
CHR Extension: (SearchNewTab) - C:\Users\Eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmhkndjhcaacmdgfbinnpnmdcbhilgb\1
CHR Extension: (ccooNttinuetosave) - C:\Users\Eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajioafogdffknbipcdfdnlmdbcngmnk\1
CHR Extension: (ccooNttinuetosave) - C:\Users\Eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmpoolimommkkjpelhohdhlclbcphap\1
CHR Extension: (Skype Click to Call) - C:\Users\Eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0
CHR Extension: () - C:\Users\Eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mocblcnaofikinigmceddfghppkkjbog\1.0.0.3
CHR Extension: (AVG Secure Search) - C:\Users\Eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0
CHR Extension: (Gmail) - C:\Users\Eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2827728 2013-05-23] ()
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
R2 hcwD3bda_dvbt; C:\Windows\system32\hauppauge\hcwD3dvb\DVBT\DVBService.exe [2641920 2010-07-15] (Mirics Semiconductor Ltd)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2012-11-01] (Alcatel-Lucent)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
R2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-06-26] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-26] (AVG Technologies)
R3 hcwD3bda; C:\Windows\System32\DRIVERS\hcwD3bda64.sys [116352 2010-07-15] (Mirics)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50a64; C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [43008 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA))
R3 MRESP50a64; C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [40960 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA))
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-15 10:05 - 2013-07-15 10:05 - 00000000 ____D C:\FRST
2013-07-15 10:03 - 2013-07-15 10:04 - 01777839 _____ (Farbar) C:\Users\Eddie\Downloads\FRST64 (1).exe
2013-07-15 10:00 - 2013-07-15 10:02 - 01777839 _____ (Farbar) C:\Users\Eddie\Downloads\FRST64.exe
2013-07-15 09:52 - 2013-07-15 09:52 - 00000000 ____D C:\Users\Eddie\AppData\Local\{14D63556-E4B8-4D38-AFAA-5A31CC9212E6}
2013-07-15 09:50 - 2013-07-15 09:50 - 00000056 _____ C:\Windows\setupact.log
2013-07-15 09:50 - 2013-07-15 09:50 - 00000000 _____ C:\Windows\setuperr.log
2013-07-14 11:48 - 2013-07-14 11:48 - 00023775 _____ C:\Users\Eddie\Desktop\Jul13- Play piano today What keybd to buy.eml
2013-07-14 11:46 - 2013-07-14 11:46 - 00000000 ____D C:\Users\Eddie\AppData\Local\{A489745A-40A8-4A00-A64C-80AEEFF44CD3}
2013-07-13 16:38 - 2013-07-13 16:38 - 00000000 ____D C:\Users\Eddie\AppData\Local\{71CD9CC5-E12B-4ED9-AFC7-85AB0A9BA2F9}
2013-07-12 22:13 - 2013-07-12 22:14 - 00000000 ____D C:\Users\Eddie\AppData\Local\{8E9C702F-D023-483F-A5C3-AC55E37AE583}
2013-07-12 10:13 - 2013-07-12 10:13 - 00000000 ____D C:\Users\Eddie\AppData\Local\{ABBEB59E-B704-4E16-95BA-C4352C270703}
2013-07-11 22:08 - 2013-07-11 22:08 - 00000000 ____D C:\Users\Eddie\AppData\Local\{0E8074E6-EA46-48A3-B3CD-4920F08EF03B}
2013-07-11 17:44 - 2013-06-18 19:22 - 00009264 _____ C:\Users\Eddie\Downloads\A story - and some advice for Blender users._._eml
2013-07-11 11:32 - 2013-07-11 11:32 - 00068965 _____ C:\Users\Eddie\Desktop\Xavier COMMON FALLACIES IN REASONING.eml
2013-07-11 10:28 - 2013-07-11 10:28 - 00090839 _____ C:\Users\Eddie\Desktop\Jul13- India's Parliament is awash with criminal MPs.eml
2013-07-11 10:07 - 2013-07-11 10:07 - 00000000 ____D C:\Users\Eddie\AppData\Local\{233D227A-388A-4220-A969-ED4527CEFDA1}
2013-07-10 22:31 - 2013-06-12 00:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 22:31 - 2013-06-12 00:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 22:31 - 2013-06-12 00:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 22:31 - 2013-06-12 00:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 22:31 - 2013-06-12 00:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 22:31 - 2013-06-12 00:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 22:31 - 2013-06-12 00:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 22:31 - 2013-06-12 00:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 22:31 - 2013-06-12 00:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 22:31 - 2013-06-12 00:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 22:31 - 2013-06-12 00:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 22:31 - 2013-06-12 00:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 22:31 - 2013-06-12 00:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 22:31 - 2013-06-12 00:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 22:31 - 2013-06-12 00:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 22:31 - 2013-06-12 00:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-10 22:31 - 2013-06-12 00:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 22:31 - 2013-06-12 00:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 22:31 - 2013-06-12 00:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 22:31 - 2013-06-12 00:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 22:31 - 2013-06-12 00:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 22:31 - 2013-06-12 00:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 22:31 - 2013-06-12 00:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 22:31 - 2013-06-12 00:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-10 22:31 - 2013-06-12 00:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-10 22:31 - 2013-06-12 00:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 22:31 - 2013-06-12 00:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-10 22:31 - 2013-06-11 23:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 22:31 - 2013-06-11 23:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-10 22:31 - 2013-06-07 04:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 22:31 - 2013-06-07 03:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 21:30 - 2013-07-10 21:30 - 00000000 ____D C:\Users\Eddie\AppData\Local\{1D93CD4B-0D65-4E9B-A2EA-0F36EE16B3BF}
2013-07-10 16:18 - 2013-06-05 04:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 16:18 - 2013-06-04 07:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 16:18 - 2013-06-04 05:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 16:18 - 2013-05-06 07:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 16:18 - 2013-05-06 05:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 16:17 - 2013-04-10 00:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 16:17 - 2013-04-02 23:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 09:29 - 2013-07-10 09:29 - 00000000 ____D C:\Users\Eddie\AppData\Local\{337DE0E6-28FB-4F81-848F-85C38D5F128E}
2013-07-10 09:27 - 2013-07-10 09:27 - 00000000 ____D C:\Users\Eddie\AppData\Local\Adobe
2013-07-09 21:18 - 2013-04-16 13:56 - 00003273 _____ C:\Users\Eddie\Desktop\Blender Addon _ Automatic Rig Layer Panel.rss
2013-07-09 10:45 - 2013-07-09 11:00 - 02749856 _____ (Microsoft Corporation) C:\Users\Eddie\Downloads\EIE10_EN-US_MCM_Win764L.EXE
2013-07-09 09:49 - 2013-07-09 09:49 - 00000000 ____D C:\Users\Eddie\AppData\Local\{88181B4D-F7CB-4569-A61D-124B451AFB36}
2013-07-08 21:49 - 2013-07-08 21:49 - 00000000 ____D C:\Users\Eddie\AppData\Local\{57FC5215-D3D3-4671-B593-84D9E62DE510}
2013-07-08 09:48 - 2013-07-08 09:49 - 00000000 ____D C:\Users\Eddie\AppData\Local\{644CD492-6BDE-437E-82BD-AD1327BD3867}
2013-07-07 14:59 - 2013-07-07 14:59 - 00000000 ____D C:\Users\Eddie\AppData\Local\{51169B30-1722-4937-B28A-5114B97E04D9}
2013-07-06 20:45 - 2013-07-06 20:45 - 00000000 ____D C:\Users\Eddie\AppData\Local\{53115A6A-455B-4475-86AD-C3458A282534}
2013-07-06 17:02 - 2013-07-06 17:02 - 00000000 ____D C:\Hewlett-Packard
2013-07-06 08:26 - 2013-07-06 08:26 - 00000000 ____D C:\Users\Eddie\AppData\Local\{22F6936A-307D-4CF9-97D1-016E2B965E33}
2013-07-05 10:07 - 2013-07-08 10:47 - 00000000 ___RD C:\Users\Eddie\Desktop\SPECIAL pieces (UN shame on Snowden)
2013-07-05 10:02 - 2013-07-05 10:03 - 00000000 ____D C:\Users\Eddie\AppData\Local\{ACDB2DCA-49FF-4441-B809-3D030BD1E134}
2013-07-04 21:44 - 2013-07-04 21:45 - 00000000 ____D C:\Users\Eddie\AppData\Local\{08DDA3FF-7F1A-4549-8349-C29E311F05C1}
2013-07-04 10:57 - 2013-07-11 19:00 - 00009264 _____ C:\Users\Eddie\Desktop\test.eml
2013-07-04 09:44 - 2013-07-04 09:44 - 00001847 _____ C:\Users\Public\Desktop\QuickTime Player V7.7.4.lnk
2013-07-04 09:16 - 2013-07-04 09:16 - 00000000 ____D C:\Users\Eddie\AppData\Local\{E2C6E8C2-6B9E-43BA-8763-1A3F082089A7}
2013-07-03 22:03 - 2013-07-04 10:56 - 00000000 ___RD C:\Users\Eddie\Desktop\CG orgs
2013-07-03 16:27 - 2013-07-03 16:27 - 00000000 ____D C:\Users\Eddie\AppData\Local\{74D12FBC-40F9-4664-BFED-6A113AB27A82}
2013-07-02 21:11 - 2013-07-02 21:11 - 00000000 ____D C:\Users\Eddie\AppData\Local\{3E14F56B-F819-47A9-88F4-A3B18011B525}
2013-07-02 09:11 - 2013-07-02 09:11 - 00000000 ____D C:\Users\Eddie\AppData\Local\{42C668B2-4B23-41CC-9C64-309FD15C26B6}
2013-07-02 09:09 - 2013-07-14 23:47 - 00000000 ____D C:\Users\Eddie\Desktop\1-mix
2013-07-01 16:46 - 2013-07-01 16:47 - 00000000 ___RD C:\Users\Eddie\Desktop\IE10 installed 09Jul13
2013-07-01 15:50 - 2013-07-01 15:50 - 00000000 ____D C:\Users\Eddie\AppData\Local\{92E64A13-EF3A-4A7C-9AA8-DCBC8F9FDE22}
2013-06-30 10:37 - 2013-06-30 10:37 - 00000000 ____D C:\Users\Eddie\AppData\Local\{50BE0455-DAD7-4F6E-806E-F60E43771659}
2013-06-29 21:39 - 2013-06-29 21:39 - 01116584 _____ (AirInstaller Inc.) C:\Users\Eddie\Downloads\Setup (1).exe
2013-06-29 15:12 - 2013-06-29 15:12 - 00000000 ____D C:\Users\Eddie\AppData\Local\{201A8CEF-69A1-4593-B104-96A9351B3308}
2013-06-28 23:00 - 2013-06-28 23:00 - 00000000 ____D C:\Users\Eddie\AppData\Local\{EC6CB20F-D76D-42B8-8B19-B061583EC193}
2013-06-28 09:14 - 2013-06-28 09:15 - 00000000 ____D C:\Users\Eddie\AppData\Local\{A817B7AF-9289-4D50-87BF-0FCE626E359D}
2013-06-27 19:03 - 2013-06-27 19:03 - 00000000 ____D C:\Users\Eddie\AppData\Local\{B9A79EBF-D16A-45F1-956E-FDFAC63C8E46}
2013-06-27 05:45 - 2013-06-27 05:45 - 00000000 ____D C:\Users\Eddie\AppData\Local\{B2E7FF49-B3E6-4102-B202-DEA3B560BB3A}
2013-06-26 22:34 - 2013-06-26 22:34 - 00000997 _____ C:\Users\Eddie\Desktop\CT WebD - Shortcut.lnk
2013-06-26 21:59 - 2013-06-26 22:00 - 13691806 _____ C:\Users\Eddie\Downloads\videodownloader (2).zip
2013-06-26 21:46 - 2013-06-26 21:46 - 00000000 ____D C:\Windows\SysWOW64\cache
2013-06-26 19:01 - 2013-06-26 19:01 - 00513024 _____ C:\Users\Eddie\Downloads\web_downldr.zip
2013-06-26 18:15 - 2013-06-26 18:15 - 00008973 _____ C:\Users\Eddie\Desktop\Jul13- BGuru Trailer for Architecture Academy.eml
2013-06-26 17:49 - 2013-06-26 18:18 - 00000000 ___HD C:\Windows\AxInstSV
2013-06-26 12:25 - 2013-06-26 12:26 - 00003388 _____ C:\Windows\System32\Tasks\EPUpdater
2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\PlusWinks
2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\Mozilla
2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\File Scout
2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\Delta
2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\Babylon
2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\BabSolution
2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\ProgramData\Babylon
2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Program Files (x86)\Haali
2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Program Files (x86)\ffdshow
2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Program Files (x86)\Delta
2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Program Files (x86)\Cool Smiley Bar for Facebook
2013-06-26 12:25 - 2012-04-09 00:40 - 00079360 _____ C:\Windows\SysWOW64\ff_vfw.dll
2013-06-26 12:23 - 2013-06-26 12:23 - 00692544 _____ () C:\Users\Eddie\Downloads\CodecPerformerSetup.exe
2013-06-26 10:02 - 2013-06-26 10:02 - 00000000 ____D C:\Users\Eddie\AppData\Local\{9C3FF6C6-34E5-4635-B22C-ED07D7994764}
2013-06-25 20:27 - 2013-06-25 20:27 - 00000000 ____D C:\Users\Eddie\AppData\Local\{78D4AC00-9668-4B58-8B76-9395546EC1D7}
2013-06-25 08:22 - 2013-06-25 08:22 - 00000000 ____D C:\Users\Eddie\AppData\Local\{5D803B5E-ADE8-41C9-82D7-C184EFFE9B8C}
2013-06-24 16:01 - 2013-06-24 16:01 - 00000000 ____D C:\Users\Eddie\AppData\Local\{5507CC77-1C7E-4E5E-9E88-1A6F7BF3CD4A}
2013-06-23 21:44 - 2013-06-23 21:45 - 00000000 ____D C:\Users\Eddie\AppData\Local\{3390D848-80D5-40F4-9422-23569D5F7ABA}
2013-06-23 16:38 - 2013-07-12 18:29 - 00001388 _____ C:\Users\Eddie\Desktop\VITCHEK - Shortcut.lnk
2013-06-23 09:44 - 2013-06-23 09:44 - 00000000 ____D C:\Users\Eddie\AppData\Local\{4EEE99C9-C2CB-4454-9D59-52E7FD33F2E9}
2013-06-22 21:40 - 2013-06-22 21:41 - 00000000 ____D C:\Users\Eddie\AppData\Local\{9AC5EDB5-A47A-4246-866D-7D77E435A7D3}
2013-06-22 09:40 - 2013-06-22 09:40 - 00000000 ____D C:\Users\Eddie\AppData\Local\{99FCC76B-1D6F-43F8-A34B-DB53848913F0}
2013-06-21 21:40 - 2013-06-21 21:40 - 00000000 ____D C:\Users\Eddie\AppData\Local\{9DB0956D-B876-4BB3-8F3C-BAAA79683687}
2013-06-21 16:56 - 2013-06-21 16:56 - 01825632 _____ (                                                            ) C:\Users\Eddie\Downloads\setup.exe
2013-06-21 09:39 - 2013-06-21 09:39 - 00000000 ____D C:\Users\Eddie\AppData\Local\{A5382006-242B-41FD-96AF-F4ACE8F91C00}
2013-06-20 21:19 - 2013-06-20 21:19 - 00000000 ____D C:\Users\Eddie\AppData\Local\{4DB8EA57-E2D7-4F7E-865F-CFE3827E5DCC}
2013-06-20 16:25 - 2013-06-21 17:04 - 00001595 _____ C:\Users\Eddie\Desktop\TEXTURES (selected).lnk
2013-06-20 09:19 - 2013-06-20 09:19 - 00000000 ____D C:\Users\Eddie\AppData\Local\{C2DA2A62-378C-47CC-91ED-49AF858DB18E}
2013-06-19 21:18 - 2013-06-19 21:18 - 00000000 ____D C:\Users\Eddie\AppData\Local\{58E25D9A-1D6E-4EC3-8941-7B2D7B9E6656}
2013-06-19 09:43 - 2013-06-19 09:47 - 91386504 _____ C:\Users\Eddie\Downloads\BlenderGuru+-+Cobblestone+Street+Final.blend
2013-06-19 09:17 - 2013-06-19 09:17 - 00000000 ____D C:\Users\Eddie\AppData\Local\{8B606858-8A41-40EC-B961-C5971CEA0311}
2013-06-18 21:08 - 2013-06-18 21:08 - 00000000 ____D C:\Users\Eddie\AppData\Local\{B2B76254-8CAC-4D69-94F2-91C3C1CA4BF1}
2013-06-18 21:03 - 2013-06-18 19:22 - 00009264 _____ C:\Users\Eddie\Desktop\BGuru advice and top art samples._eml
2013-06-18 21:02 - 2013-06-18 19:22 - 00009264 _____ C:\Users\Eddie\Desktop\Jun13 A story, advice for Blender users+ lots of top art._eml
2013-06-18 09:55 - 2013-07-03 18:10 - 00000000 ___RD C:\Users\Eddie\Desktop\RAVINDER Ramblings
2013-06-18 09:08 - 2013-06-18 09:08 - 00000000 ____D C:\Users\Eddie\AppData\Local\{AD12FFD5-06C9-4BCE-9FF0-8C7A06ED85F8}
2013-06-17 11:28 - 2013-06-17 11:28 - 00048900 _____ C:\Users\Eddie\Desktop\RE_ Foreign impressions of India today - Sean Kelley.eml
2013-06-17 10:40 - 2013-06-17 10:40 - 00009872 _____ C:\Users\Eddie\Desktop\[Goanet-News] 10 Useful Goa Websites (GoaStreets.com).eml
2013-06-17 10:38 - 2013-06-17 10:38 - 00000000 ____D C:\Users\Eddie\AppData\Local\{DB19CEF9-0195-45CC-90CC-6135A3466137}
2013-06-16 21:35 - 2013-06-16 21:35 - 00000000 ____D C:\Users\Eddie\AppData\Local\{B71AADD1-F978-41A6-8695-EF374B52A29C}
2013-06-16 20:51 - 2013-06-16 20:58 - 00000000 ___RD C:\Users\Eddie\Documents\West- Bilderberg group
2013-06-16 09:35 - 2013-06-16 09:35 - 00000000 ____D C:\Users\Eddie\AppData\Local\{54CD1500-3967-468A-BAEA-84102759F446}
2013-06-15 16:00 - 2013-06-15 16:01 - 63961895 _____ C:\Users\Eddie\Downloads\BGuru_sintel_cycles_starter.blend
2013-06-15 09:24 - 2013-06-15 09:24 - 00000000 ____D C:\Users\Eddie\AppData\Local\{1E3FA71E-2431-4ECE-A90A-92F7126F4465}

==================== One Month Modified Files and Folders =======

2013-07-15 10:05 - 2013-07-15 10:05 - 00000000 ____D C:\FRST
2013-07-15 10:04 - 2013-07-15 10:03 - 01777839 _____ (Farbar) C:\Users\Eddie\Downloads\FRST64 (1).exe
2013-07-15 10:02 - 2013-07-15 10:00 - 01777839 _____ (Farbar) C:\Users\Eddie\Downloads\FRST64.exe
2013-07-15 09:57 - 2009-07-14 05:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-15 09:57 - 2009-07-14 05:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-15 09:53 - 2011-10-24 17:07 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A8DCE1B2-E8F1-46B8-BABB-2C9EA28F3950}
2013-07-15 09:52 - 2013-07-15 09:52 - 00000000 ____D C:\Users\Eddie\AppData\Local\{14D63556-E4B8-4D38-AFAA-5A31CC9212E6}
2013-07-15 09:50 - 2013-07-15 09:50 - 00000056 _____ C:\Windows\setupact.log
2013-07-15 09:50 - 2013-07-15 09:50 - 00000000 _____ C:\Windows\setuperr.log
2013-07-15 09:50 - 2013-06-08 15:37 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2013-07-15 09:50 - 2013-05-31 20:43 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-07-15 09:50 - 2011-07-09 10:01 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-15 09:50 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-15 00:11 - 2011-03-16 20:07 - 01224410 _____ C:\Windows\WindowsUpdate.log
2013-07-15 00:10 - 2011-07-08 17:14 - 00000248 _____ C:\Windows\Brownie.ini
2013-07-15 00:08 - 2011-07-08 21:23 - 00000000 ____D C:\Users\Eddie\AppData\Local\CrashDumps
2013-07-15 00:08 - 2009-07-24 20:22 - 00000000 ____D C:\Windows\Panther
2013-07-14 23:50 - 2012-03-30 09:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-14 23:47 - 2013-07-02 09:09 - 00000000 ____D C:\Users\Eddie\Desktop\1-mix
2013-07-14 23:27 - 2011-07-09 10:01 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-14 22:04 - 2011-07-08 12:21 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\vlc
2013-07-14 21:17 - 2013-02-04 11:05 - 00000000 ___RD C:\Users\Eddie\Desktop\INDIA CRITICALS
2013-07-14 18:27 - 2012-05-27 11:28 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\Skype
2013-07-14 17:25 - 2013-06-11 16:12 - 00000000 ___RD C:\Users\Eddie\Desktop\US-UK SPY Culture (Snowden etc)
2013-07-14 12:06 - 2013-04-29 15:51 - 00000000 ___RD C:\Users\Eddie\Desktop\Australia
2013-07-14 11:49 - 2012-10-09 18:32 - 00000000 ___RD C:\Users\Eddie\Desktop\Piano lessons
2013-07-14 11:48 - 2013-07-14 11:48 - 00023775 _____ C:\Users\Eddie\Desktop\Jul13- Play piano today What keybd to buy.eml
2013-07-14 11:46 - 2013-07-14 11:46 - 00000000 ____D C:\Users\Eddie\AppData\Local\{A489745A-40A8-4A00-A64C-80AEEFF44CD3}
2013-07-13 17:47 - 2011-10-29 15:36 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-07-13 17:47 - 2011-07-08 10:13 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-07-13 17:46 - 2011-07-08 10:11 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\HpUpdate
2013-07-13 17:46 - 2011-07-08 10:11 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\HP Support Assistant
2013-07-13 17:28 - 2011-07-29 22:12 - 00002104 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-13 16:38 - 2013-07-13 16:38 - 00000000 ____D C:\Users\Eddie\AppData\Local\{71CD9CC5-E12B-4ED9-AFC7-85AB0A9BA2F9}
2013-07-13 16:37 - 2013-01-13 12:27 - 00000000 ____D C:\ProgramData\UAB
2013-07-12 22:22 - 2011-07-09 10:01 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-12 22:22 - 2011-07-09 10:01 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 22:14 - 2013-07-12 22:13 - 00000000 ____D C:\Users\Eddie\AppData\Local\{8E9C702F-D023-483F-A5C3-AC55E37AE583}
2013-07-12 18:29 - 2013-06-23 16:38 - 00001388 _____ C:\Users\Eddie\Desktop\VITCHEK - Shortcut.lnk
2013-07-12 18:29 - 2013-03-13 12:01 - 00001860 _____ C:\Users\Eddie\Desktop\#  PROJECT LIST.lnk
2013-07-12 18:29 - 2013-01-10 23:01 - 00002307 _____ C:\Users\Eddie\Desktop\COMPOS.lnk
2013-07-12 16:55 - 2013-02-17 18:23 - 00000000 ___RD C:\Users\Eddie\Desktop\Finance & TAX dodging
2013-07-12 11:12 - 2011-03-16 20:18 - 00000000 ____D C:\ProgramData\PDFC
2013-07-12 10:13 - 2013-07-12 10:13 - 00000000 ____D C:\Users\Eddie\AppData\Local\{ABBEB59E-B704-4E16-95BA-C4352C270703}
2013-07-11 22:08 - 2013-07-11 22:08 - 00000000 ____D C:\Users\Eddie\AppData\Local\{0E8074E6-EA46-48A3-B3CD-4920F08EF03B}
2013-07-11 19:00 - 2013-07-04 10:57 - 00009264 _____ C:\Users\Eddie\Desktop\test.eml
2013-07-11 11:32 - 2013-07-11 11:32 - 00068965 _____ C:\Users\Eddie\Desktop\Xavier COMMON FALLACIES IN REASONING.eml
2013-07-11 10:28 - 2013-07-11 10:28 - 00090839 _____ C:\Users\Eddie\Desktop\Jul13- India's Parliament is awash with criminal MPs.eml
2013-07-11 10:07 - 2013-07-11 10:07 - 00000000 ____D C:\Users\Eddie\AppData\Local\{233D227A-388A-4220-A969-ED4527CEFDA1}
2013-07-11 10:05 - 2009-07-14 05:45 - 00432992 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 10:03 - 2013-03-14 23:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 10:03 - 2013-03-14 23:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 10:03 - 2009-07-14 08:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 10:03 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 10:03 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 22:36 - 2009-07-14 06:13 - 00791122 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-10 22:32 - 2011-07-07 19:39 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-10 22:27 - 2011-07-23 11:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 21:30 - 2013-07-10 21:30 - 00000000 ____D C:\Users\Eddie\AppData\Local\{1D93CD4B-0D65-4E9B-A2EA-0F36EE16B3BF}
2013-07-10 10:03 - 2013-03-31 18:22 - 00000000 ___RD C:\Users\Eddie\Desktop\KOREA- US Crimes
2013-07-10 09:29 - 2013-07-10 09:29 - 00000000 ____D C:\Users\Eddie\AppData\Local\{337DE0E6-28FB-4F81-848F-85C38D5F128E}
2013-07-10 09:27 - 2013-07-10 09:27 - 00000000 ____D C:\Users\Eddie\AppData\Local\Adobe
2013-07-10 09:27 - 2012-03-30 09:22 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-10 09:27 - 2012-03-30 09:22 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-10 09:27 - 2011-07-15 19:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-09 16:33 - 2011-07-29 16:39 - 00000000 ____D C:\Users\Eddie\India folders
2013-07-09 11:00 - 2013-07-09 10:45 - 02749856 _____ (Microsoft Corporation) C:\Users\Eddie\Downloads\EIE10_EN-US_MCM_Win764L.EXE
2013-07-09 10:46 - 2011-07-07 20:57 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-07-09 09:49 - 2013-07-09 09:49 - 00000000 ____D C:\Users\Eddie\AppData\Local\{88181B4D-F7CB-4569-A61D-124B451AFB36}
2013-07-08 22:38 - 2011-07-07 20:23 - 00770968 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-07-08 21:49 - 2013-07-08 21:49 - 00000000 ____D C:\Users\Eddie\AppData\Local\{57FC5215-D3D3-4671-B593-84D9E62DE510}
2013-07-08 10:47 - 2013-07-05 10:07 - 00000000 ___RD C:\Users\Eddie\Desktop\SPECIAL pieces (UN shame on Snowden)
2013-07-08 09:49 - 2013-07-08 09:48 - 00000000 ____D C:\Users\Eddie\AppData\Local\{644CD492-6BDE-437E-82BD-AD1327BD3867}
2013-07-07 14:59 - 2013-07-07 14:59 - 00000000 ____D C:\Users\Eddie\AppData\Local\{51169B30-1722-4937-B28A-5114B97E04D9}
2013-07-07 14:57 - 2012-12-09 11:40 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForEddie.job
2013-07-06 20:45 - 2013-07-06 20:45 - 00000000 ____D C:\Users\Eddie\AppData\Local\{53115A6A-455B-4475-86AD-C3458A282534}
2013-07-06 17:15 - 2011-07-23 16:58 - 00000000 ____D C:\tmp
2013-07-06 17:02 - 2013-07-06 17:02 - 00000000 ____D C:\Hewlett-Packard
2013-07-06 17:02 - 2012-12-09 11:40 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForEddie
2013-07-06 17:02 - 2011-07-07 14:05 - 00000000 ____D C:\Users\Eddie
2013-07-06 17:02 - 2011-03-16 20:05 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-07-06 16:43 - 2011-10-06 15:48 - 00003218 _____ C:\Windows\System32\Tasks\HPCeeScheduleForEDDIE-HP$
2013-07-06 16:43 - 2011-10-06 15:48 - 00000342 _____ C:\Windows\Tasks\HPCeeScheduleForEDDIE-HP$.job
2013-07-06 08:26 - 2013-07-06 08:26 - 00000000 ____D C:\Users\Eddie\AppData\Local\{22F6936A-307D-4CF9-97D1-016E2B965E33}
2013-07-05 10:03 - 2013-07-05 10:02 - 00000000 ____D C:\Users\Eddie\AppData\Local\{ACDB2DCA-49FF-4441-B809-3D030BD1E134}
2013-07-04 21:45 - 2013-07-04 21:44 - 00000000 ____D C:\Users\Eddie\AppData\Local\{08DDA3FF-7F1A-4549-8349-C29E311F05C1}
2013-07-04 10:56 - 2013-07-03 22:03 - 00000000 ___RD C:\Users\Eddie\Desktop\CG orgs
2013-07-04 09:44 - 2013-07-04 09:44 - 00001847 _____ C:\Users\Public\Desktop\QuickTime Player V7.7.4.lnk
2013-07-04 09:44 - 2012-11-08 11:12 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-07-04 09:16 - 2013-07-04 09:16 - 00000000 ____D C:\Users\Eddie\AppData\Local\{E2C6E8C2-6B9E-43BA-8763-1A3F082089A7}
2013-07-03 18:10 - 2013-06-18 09:55 - 00000000 ___RD C:\Users\Eddie\Desktop\RAVINDER Ramblings
2013-07-03 16:27 - 2013-07-03 16:27 - 00000000 ____D C:\Users\Eddie\AppData\Local\{74D12FBC-40F9-4664-BFED-6A113AB27A82}
2013-07-02 21:11 - 2013-07-02 21:11 - 00000000 ____D C:\Users\Eddie\AppData\Local\{3E14F56B-F819-47A9-88F4-A3B18011B525}
2013-07-02 09:11 - 2013-07-02 09:11 - 00000000 ____D C:\Users\Eddie\AppData\Local\{42C668B2-4B23-41CC-9C64-309FD15C26B6}
2013-07-01 16:47 - 2013-07-01 16:46 - 00000000 ___RD C:\Users\Eddie\Desktop\IE10 installed 09Jul13
2013-07-01 16:43 - 2012-08-06 09:52 - 00000000 ___RD C:\Users\Eddie\Desktop\Japan
2013-07-01 16:41 - 2012-03-24 10:47 - 00000000 ___RD C:\Users\Eddie\Desktop\CHINA issues
2013-07-01 16:08 - 2012-04-25 11:20 - 00000000 ____D C:\Users\Eddie\Documents\- BT BILLs
2013-07-01 15:50 - 2013-07-01 15:50 - 00000000 ____D C:\Users\Eddie\AppData\Local\{92E64A13-EF3A-4A7C-9AA8-DCBC8F9FDE22}
2013-06-30 10:37 - 2013-06-30 10:37 - 00000000 ____D C:\Users\Eddie\AppData\Local\{50BE0455-DAD7-4F6E-806E-F60E43771659}
2013-06-29 21:39 - 2013-06-29 21:39 - 01116584 _____ (AirInstaller Inc.) C:\Users\Eddie\Downloads\Setup (1).exe
2013-06-29 15:12 - 2013-06-29 15:12 - 00000000 ____D C:\Users\Eddie\AppData\Local\{201A8CEF-69A1-4593-B104-96A9351B3308}
2013-06-28 23:07 - 2011-07-07 14:14 - 00000000 ___RD C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-06-28 23:00 - 2013-06-28 23:00 - 00000000 ____D C:\Users\Eddie\AppData\Local\{EC6CB20F-D76D-42B8-8B19-B061583EC193}
2013-06-28 09:15 - 2013-06-28 09:14 - 00000000 ____D C:\Users\Eddie\AppData\Local\{A817B7AF-9289-4D50-87BF-0FCE626E359D}
2013-06-28 09:08 - 2011-07-07 14:14 - 00000000 ____D C:\Users\Eddie\AppData\Local\VirtualStore
2013-06-27 19:03 - 2013-06-27 19:03 - 00000000 ____D C:\Users\Eddie\AppData\Local\{B9A79EBF-D16A-45F1-956E-FDFAC63C8E46}
2013-06-27 05:45 - 2013-06-27 05:45 - 00000000 ____D C:\Users\Eddie\AppData\Local\{B2E7FF49-B3E6-4102-B202-DEA3B560BB3A}
2013-06-26 22:34 - 2013-06-26 22:34 - 00000997 _____ C:\Users\Eddie\Desktop\CT WebD - Shortcut.lnk
2013-06-26 22:00 - 2013-06-26 21:59 - 13691806 _____ C:\Users\Eddie\Downloads\videodownloader (2).zip
2013-06-26 21:46 - 2013-06-26 21:46 - 00000000 ____D C:\Windows\SysWOW64\cache
2013-06-26 21:46 - 2012-08-30 18:51 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-06-26 21:46 - 2012-07-12 21:05 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-06-26 21:46 - 2012-07-12 21:05 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-06-26 20:57 - 2011-08-26 17:03 - 00000000 ____D C:\Program Files (x86)\Sothink Web Video Downloader Stand-alone
2013-06-26 19:01 - 2013-06-26 19:01 - 00513024 _____ C:\Users\Eddie\Downloads\web_downldr.zip
2013-06-26 18:18 - 2013-06-26 17:49 - 00000000 ___HD C:\Windows\AxInstSV
2013-06-26 18:15 - 2013-06-26 18:15 - 00008973 _____ C:\Users\Eddie\Desktop\Jul13- BGuru Trailer for Architecture Academy.eml
2013-06-26 12:26 - 2013-06-26 12:25 - 00003388 _____ C:\Windows\System32\Tasks\EPUpdater
2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\PlusWinks
2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\Mozilla
2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\File Scout
2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\Delta
2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\Babylon
2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\BabSolution
2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\ProgramData\Babylon
2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Program Files (x86)\Haali
2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Program Files (x86)\ffdshow
2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Program Files (x86)\Delta
2013-06-26 12:25 - 2013-06-26 12:25 - 00000000 ____D C:\Program Files (x86)\Cool Smiley Bar for Facebook
2013-06-26 12:23 - 2013-06-26 12:23 - 00692544 _____ () C:\Users\Eddie\Downloads\CodecPerformerSetup.exe
2013-06-26 10:02 - 2013-06-26 10:02 - 00000000 ____D C:\Users\Eddie\AppData\Local\{9C3FF6C6-34E5-4635-B22C-ED07D7994764}
2013-06-25 20:27 - 2013-06-25 20:27 - 00000000 ____D C:\Users\Eddie\AppData\Local\{78D4AC00-9668-4B58-8B76-9395546EC1D7}
2013-06-25 08:22 - 2013-06-25 08:22 - 00000000 ____D C:\Users\Eddie\AppData\Local\{5D803B5E-ADE8-41C9-82D7-C184EFFE9B8C}
2013-06-24 16:01 - 2013-06-24 16:01 - 00000000 ____D C:\Users\Eddie\AppData\Local\{5507CC77-1C7E-4E5E-9E88-1A6F7BF3CD4A}
2013-06-24 16:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-06-23 21:45 - 2013-06-23 21:44 - 00000000 ____D C:\Users\Eddie\AppData\Local\{3390D848-80D5-40F4-9422-23569D5F7ABA}
2013-06-23 16:38 - 2011-09-08 19:46 - 00000000 ____D C:\Users\Eddie\Documents\- CRITICS & COMMENTATORS (West)
2013-06-23 09:44 - 2013-06-23 09:44 - 00000000 ____D C:\Users\Eddie\AppData\Local\{4EEE99C9-C2CB-4454-9D59-52E7FD33F2E9}
2013-06-22 22:09 - 2011-07-09 10:01 - 00000000 ____D C:\Users\Eddie\AppData\Local\Google
2013-06-22 21:41 - 2013-06-22 21:40 - 00000000 ____D C:\Users\Eddie\AppData\Local\{9AC5EDB5-A47A-4246-866D-7D77E435A7D3}
2013-06-22 09:40 - 2013-06-22 09:40 - 00000000 ____D C:\Users\Eddie\AppData\Local\{99FCC76B-1D6F-43F8-A34B-DB53848913F0}
2013-06-21 21:40 - 2013-06-21 21:40 - 00000000 ____D C:\Users\Eddie\AppData\Local\{9DB0956D-B876-4BB3-8F3C-BAAA79683687}
2013-06-21 17:04 - 2013-06-20 16:25 - 00001595 _____ C:\Users\Eddie\Desktop\TEXTURES (selected).lnk
2013-06-21 16:56 - 2013-06-21 16:56 - 01825632 _____ (                                                            ) C:\Users\Eddie\Downloads\setup.exe
2013-06-21 09:55 - 2012-03-09 17:50 - 00000000 ___RD C:\Users\Eddie\Desktop\ISRAEL Seminals
2013-06-21 09:47 - 2013-02-15 10:59 - 00000000 ___RD C:\Users\Eddie\Desktop\SYRIA + India
2013-06-21 09:39 - 2013-06-21 09:39 - 00000000 ____D C:\Users\Eddie\AppData\Local\{A5382006-242B-41FD-96AF-F4ACE8F91C00}
2013-06-20 21:19 - 2013-06-20 21:19 - 00000000 ____D C:\Users\Eddie\AppData\Local\{4DB8EA57-E2D7-4F7E-865F-CFE3827E5DCC}
2013-06-20 20:50 - 2011-07-08 10:46 - 00000000 ____D C:\Users\Eddie\AppData\Local\Windows Live
2013-06-20 09:19 - 2013-06-20 09:19 - 00000000 ____D C:\Users\Eddie\AppData\Local\{C2DA2A62-378C-47CC-91ED-49AF858DB18E}
2013-06-19 21:18 - 2013-06-19 21:18 - 00000000 ____D C:\Users\Eddie\AppData\Local\{58E25D9A-1D6E-4EC3-8941-7B2D7B9E6656}
2013-06-19 19:10 - 2012-08-13 08:42 - 00001342 _____ C:\Users\Public\Desktop\BT Desktop Help.lnk
2013-06-19 09:47 - 2013-06-19 09:43 - 91386504 _____ C:\Users\Eddie\Downloads\BlenderGuru+-+Cobblestone+Street+Final.blend
2013-06-19 09:17 - 2013-06-19 09:17 - 00000000 ____D C:\Users\Eddie\AppData\Local\{8B606858-8A41-40EC-B961-C5971CEA0311}
2013-06-18 21:08 - 2013-06-18 21:08 - 00000000 ____D C:\Users\Eddie\AppData\Local\{B2B76254-8CAC-4D69-94F2-91C3C1CA4BF1}
2013-06-18 21:01 - 2013-06-10 20:36 - 00001179 _____ C:\Users\Eddie\Desktop\WILLs - Shortcut.lnk
2013-06-18 21:01 - 2013-04-24 21:11 - 00002566 _____ C:\Users\Eddie\Desktop\- PHONEMES & mouth shapes - Shortcut.lnk
2013-06-18 21:01 - 2012-12-27 10:35 - 00002361 _____ C:\Users\Eddie\Desktop\CYCLES.lnk
2013-06-18 19:22 - 2013-07-11 17:44 - 00009264 _____ C:\Users\Eddie\Downloads\A story - and some advice for Blender users._._eml
2013-06-18 19:22 - 2013-06-18 21:03 - 00009264 _____ C:\Users\Eddie\Desktop\BGuru advice and top art samples._eml
2013-06-18 19:22 - 2013-06-18 21:02 - 00009264 _____ C:\Users\Eddie\Desktop\Jun13 A story, advice for Blender users+ lots of top art._eml
2013-06-18 09:08 - 2013-06-18 09:08 - 00000000 ____D C:\Users\Eddie\AppData\Local\{AD12FFD5-06C9-4BCE-9FF0-8C7A06ED85F8}
2013-06-17 16:02 - 2011-09-02 12:06 - 00000000 ___RD C:\Users\Eddie\Desktop\UK seminals
2013-06-17 11:28 - 2013-06-17 11:28 - 00048900 _____ C:\Users\Eddie\Desktop\RE_ Foreign impressions of India today - Sean Kelley.eml
2013-06-17 10:40 - 2013-06-17 10:40 - 00009872 _____ C:\Users\Eddie\Desktop\[Goanet-News] 10 Useful Goa Websites (GoaStreets.com).eml
2013-06-17 10:38 - 2013-06-17 10:38 - 00000000 ____D C:\Users\Eddie\AppData\Local\{DB19CEF9-0195-45CC-90CC-6135A3466137}
2013-06-16 21:35 - 2013-06-16 21:35 - 00000000 ____D C:\Users\Eddie\AppData\Local\{B71AADD1-F978-41A6-8695-EF374B52A29C}
2013-06-16 21:29 - 2011-08-31 21:02 - 00000000 ____D C:\Users\Eddie\Documents\- Country- U K & EU
2013-06-16 21:21 - 2011-07-25 09:36 - 00000000 ___RD C:\Users\Eddie\Documents\WILLs
2013-06-16 20:58 - 2013-06-16 20:51 - 00000000 ___RD C:\Users\Eddie\Documents\West- Bilderberg group
2013-06-16 10:13 - 2013-04-19 21:08 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-06-16 09:35 - 2013-06-16 09:35 - 00000000 ____D C:\Users\Eddie\AppData\Local\{54CD1500-3967-468A-BAEA-84102759F446}
2013-06-15 16:01 - 2013-06-15 16:00 - 63961895 _____ C:\Users\Eddie\Downloads\BGuru_sintel_cycles_starter.blend
2013-06-15 09:24 - 2013-06-15 09:24 - 00000000 ____D C:\Users\Eddie\AppData\Local\{1E3FA71E-2431-4ECE-A90A-92F7126F4465}

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-06-09 12:24

==================== End Of Log ============================

Link to post
Share on other sites

  • Staff

Hello Eddie,

Please do the following:

From the log it shows you have FRST running from your downloads folder:

"Running from C:\Users\Eddie\Downloads"

so the FixLst.txt must also be saved to the downloads folder for the fix to work:

Download attached fixlist.txt file and save it to the downloads folder

FixList.txt

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

NEXT

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

    You can get help on disabling your protection programs here

  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:

    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------

  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
Link to post
Share on other sites

I ran the FRST64 application and then pressed FIX button.

A text file was produced, as you said. I am attaching this to this reply.

 

I have not used the COMBOFIX yet.

You asked me to delete my anti-virus [Microsoft Security Essentials] and antispyware - this is Malwarebytes. So do I disable Malwarebytes too?

 

I'll await your reply before proceeding to CVOMBOFIX.Fixlog.txt

Link to post
Share on other sites

  • Staff

Hello,

The antivirus doesn't need to be deleted, just disable while ComboFix runs

to disable MSE - open up the user interface > go to settings > realtime protection > uncheck the "turn on real time protection (recommended)" box.

For Malwarebytes > right click the icon in the system tray and click exit

now you should be good to run comboFix

regards

~CB

Link to post
Share on other sites

Dear Catbyte,

 

Good news!
My Malware (adware) was removed from the use of FRST scan followed by FIX.

I had sent you the text file FIXlog.txt. You can see from it that the values in the registry keys HKLM, HKCU were deleted successfully or restored. Whereas keys of type HKCR were not found. Certain sub-directories were also moved.

Whatever the operations mean, the adware has disappeared and with it the irritating reminders to upgrade Flash Player etc, shrinking of a downloaded webpage to a tiny size at the top left corner of the Desktop, constant slow or zero Internet response.

 

In short, I seem to be back to normal - what relief !

So there was no need for the more invasive ComboFix.

 

Thanks a lot and warm regards

Eddie
 

Link to post
Share on other sites

  • Staff

Hello Eddie,

If you could please run the following scans, just to make sure there are no leftovers:

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT

Download AdwCleaner from here and save it to your desktop.

  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply
NEXT
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish
Link to post
Share on other sites

Your suggestions were detailed - I got to hear of new anti-malware tools.

I proceeded as you said:

 

1. I downloaded JRT.exe and ran it as administrator.

The resulting log  is attached.
 

2. I downloaded Adwcleaner and ran it.
    I did see the log and unfortunately couldn't save it. Lost it?I
    But I do  know the last line said: Registry is clean.

3. I did a quick scan with  MBAM.

   There were no infections, so no 'show results' slot.

   The logs are attached.

 

4. I next ran ESET. This is an elaborate tool and took 2 hours 22 min to scan through.

   It found 23 infections (mostly adware). The log ESETSCAN.txt is attached.

 

I await your judgement.  The exercise was a complete education id malware removal.

 

Eddie

JRT.txt

mbam-log-2013-07-22 (10-06-50).txt

protection-log-2013-07-22.txt

ESETSCAN.txt

Link to post
Share on other sites

  • Staff

Hello Eddie,

Some of the detections are in quarantine already (which will be removed when we do the housekeeping to clean up the tools)

the other detections are installer files that are bundled with adware (the type that will sneak an unwanted nuisance toolbar onto the system while installing the other program)

C:\Program Files (x86)\Cool Smiley Bar for Facebook\BackgroundHostPS.dll

C:\Users\Eddie\Blender\- BLENDER STUFF (32-bit)\- TEXTURES (selected)\CrazyBump 1.2 x86.exe

C:\Users\Eddie\Desktop\WInZip Utilities\WinZipRegistryOptimizer.exe

C:\Users\Eddie\Downloads\CodecPerformerSetup.exe

C:\Users\Eddie\Downloads\CrazyBump 1.2 x86.exe

C:\Users\Eddie\Downloads\flvplayer (1).zip

C:\Users\Eddie\Downloads\flvplayer.zip

C:\Users\Eddie\Downloads\FreeMp3WmaConverterSetup-r100-w (1).exe

C:\Users\Eddie\Downloads\FreeMp3WmaConverterSetup-r100-w (2).exe

C:\Users\Eddie\Downloads\FreeMp3WmaConverterSetup-r100-w (3).exe

C:\Users\Eddie\Downloads\FreeMp3WmaConverterSetup-r100-w.exe

C:\Users\Eddie\Downloads\Setup (1).exe

C:\Users\Eddie\Downloads\winzip155.exe

C:\Users\Eddie\Downloads\winzip160.exe

so if you don't need those installer files any more > navigate to your downloads folder > right click and delete those files.

The rest of the logs look fine (JRT removed a lot of garbage) the adwCleaner log will be at the root of your C:\ drive, but I don't need to see it.

If there are no outstanding issues then we can clean up the tools:

You can delete the FRST Folder and JRT logs and programs from your desktop.

NEXT

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.
If there are any logs/tools remaining on your desktop > right click and delete them.

NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article

    Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :

    http://windowsupdate.microsoft.com/

    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

    PC Safety and Security--What Do I Need?.

  • Simple and easy ways to keep your computer safe and secure on the Internet
Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Link to post
Share on other sites

Thanks a million, Catbyte. You have been so patient and generous with your advice.

I have carried out most of your instructions above.

 

1. Deleted the files you had listed - I don't need the installers etc.

 

2, I reset the Internet zone as suggested by you.
   In particular, I set the "unsigned ActiveX controls" to PROMPT (though Disable was recommended)

 

3. Downloaded TFC and ran it . It removed 341 MB of Temp Internet files. 

    (   I do use the CC Cleaner regularly - that too removes these temp files.)

 

4. Downloaded WOT, ran it and enabled it. Good to be reassured by the colour icon  at the top of the page.

 

5.  I will make it point to carry out your other suggestions - password change, password keeper, backup, MS updates (which I receive regularly) and read the articles you recommend.

----------------------------------------------

 

A couple of questions:

a. How does one arrive at a particular point in the Malware Forum?

    I notice you pointed me to http://forums.malwarebytes.org/index.php?showtopic=129664#entry704891

Where are these topic and entry numbers to be found?

 

b. If I have similar malware problems in future, can I proceed to use those tools in succession?
   Should one start with FRST? I didn't use COMBOFIX this time - it's a scary tool and in any case one is advised not to use it or FRST without the go ahead from an expert like you.
But are JRT, AdwCleaner, and ESET safe to use casually? [i suspect  ESET is allowed free just once?]

 

--------------------------------------------

It's been a grand experience working with a wizard like you in malware removal.
I never even suspected there were so many tools available and am much wiser now.

I am most grateful to you for your clear instructions and generous advice.
 

Link to post
Share on other sites

  • Staff

I notice you pointed me to http://forums.malwarebytes.org/index.php?showtopic=129664#entry704891

Where are these topic and entry numbers to be found?

up in the top right corner you will see a number sign and number, that is the post link > right click it "copy link location" > then paste it into your reply.

post-14238-0-37949900-1374528821_thumb.p

b. If I have similar malware problems in future, can I proceed to use those tools in succession?

Should one start with FRST? I didn't use COMBOFIX this time - it's a scary tool and in any case one is advised not to use it or FRST without the go ahead from an expert like you.

But are JRT, AdwCleaner, and ESET safe to use casually? [i suspect ESET is allowed free just once?]

ESET can be run any number of times, I don't advise using FRST as it has to be analyzed and a customized script given, nor do I recommend using any of the specialized malware removal tools without the assistance of a helper, tools are generally used for specific infections as they are designed to do different things, so it depends on what is infecting your machine, plus the tools are updated frequently that they quickly become out of date.

 

Of course, MBAM can be used as often as you like.

 

If you ever find yourself infected again, it's best to start a new topic here in our malware removal forum as we have many fine helpers who volunteer their time to help out and they are all properly trained, or you can reach me at the helpdesk.

 

It has been a pleasure working with you :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.