Solved Green Box with arrow on top right corner ALL browsers HELP

January 11, 2015 at 16:44:52
Specs: Windows 7
Computer found Artemis virus/removed. Had Trovi /Search protect /removed.
Have run two malware problems and removed or quarantined items. Nothing showing up anymore for viruses or malware yet I still have this pesky box.
Can upload a pic if necessary.

See More: Green Box with arrow on top right corner ALL browsers HELP

Report •


✔ Best Answer
January 17, 2015 at 14:54:42
Here is how you got into this mess.

WARNING: CNET Download.com downloads now come bundled with opt-out crapware and toolbars ( Same applies to Softonic & Brothersoft )
http://www.groovypost.com/unplugged...
I use Softpedia & FreewareFiles.com, down the bottom of the page, they make you aware what Ad-supported programs the author of the program has included.
http://www.freewarefiles.com/new_fi...
Sample pages
http://www.softpedia.com/get/CD-DVD...
First and foremost, extra attention needs to be paid during installation as ImgBurn offers to create desktop shortcuts to third-party apps, as well as install a browser toolbar onto the host computer, which are not required to ensure the smooth running of the app.
SS of above.
http://i.imgur.com/jgGYNsP.gif
This is what ImgBurn tries to install.
http://i.imgur.com/ms4DzE9.gif
http://i.imgur.com/vVkd39a.gif
http://i.imgur.com/rqFVaHs.gif
http://i.imgur.com/sm1T7h6.gif
http://i.imgur.com/vhkKLYo.gif

Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies, so be vigilant.
http://www.softpedia.com/get/System...
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.

Install Adblock Plus to your browsers.

A web page for whatever browser you did the Adblock Plus install will open after the install. Follow these SS ( screenshots )
http://i.imgur.com/pW20i0u.gif
http://i.imgur.com/pRIayVe.gif

Adblock Plus for Internet Explorer
http://www.iegallery.com/Search?q=a...
https://adblockplus.org/blog/workin...
http://adblockplus.org/
Installing
http://i.imgur.com/U9grvpT.gif
http://i.imgur.com/0Myhnkl.gif
http://i.imgur.com/I0gWFuM.gif
Features
https://adblockplus.org/en/features
A web page for whatever browser you did the Adblock Plus install will open after the install. Follow these SS ( screenshots )
http://i.imgur.com/pW20i0u.gif
http://i.imgur.com/pRIayVe.gif

Adblock Plus for Firefox
https://adblockplus.org/en/firefox
https://addons.mozilla.org/en-US/fi...
https://addons.mozilla.org/en-US/fi...
Features
https://adblockplus.org/en/features
A web page for whatever browser you did the Adblock Plus install will open after the install. Follow these SS ( screenshots )
http://i.imgur.com/pW20i0u.gif
http://i.imgur.com/pRIayVe.gif

message edited by Johnw



#1
January 11, 2015 at 18:20:00
"Can upload a pic if necessary"
Yes please, you are on the ball.

"Computer found Artemis virus/removed. Had Trovi /Search protect /removed.
Have run two malware problems and removed or quarantined items"
Copy & Paste the contents of the log please.

"Computer found Artemis virus/removed. Had Trovi /Search protect /removed"
We will need to do more.

Here are the first 2 steps, there will be more steps needed after I see the results of these logs.

Run them in this order.

Step 1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.



Report •

#2
January 11, 2015 at 20:09:47
Does anything happen if you highlight it with the mouse or click on it?

Report •

#3
January 12, 2015 at 00:53:53
Have you installed and security software from your online banking, or something similar?

Report •

Related Solutions

#4
January 12, 2015 at 02:54:42
When I move the cursor over it, the box disappears...it cannot be highlighted.

Report •

#5
January 12, 2015 at 03:25:20
I have run both these programs before but will follow your directions , hopefully later today and get back with you.
Thanks.

Report •

#6
January 12, 2015 at 14:46:52
# AdwCleaner v4.107 - Report created 12/01/2015 at 17:26:38
# Updated 07/01/2015 by Xplode
# Database : 2015-01-12.3 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Barbara's Toy - BARBARASTOY-PC
# Running from : C:\Users\Barbara's Toy\Desktop\adwcleaner_4.107.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\Barbara's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\lq0meogr.Test Profile\searchplugins\yahoo_ff.xml
File Deleted : C:\Users\Barbara's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\x14pmxzt.default\searchplugins\yahoo_ff.xml

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Search Protection

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[x14pmxzt.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxps://search.yahoo.com/?type=523482&fr=spigot-yhp-ff");

-\\ Google Chrome v


-\\ Chromium v


*************************

AdwCleaner[R0].txt - [7182 octets] - [11/01/2015 17:35:14]
AdwCleaner[R1].txt - [2174 octets] - [12/01/2015 06:01:42]
AdwCleaner[R2].txt - [2253 octets] - [12/01/2015 06:04:35]
AdwCleaner[R3].txt - [2311 octets] - [12/01/2015 06:06:26]
AdwCleaner[R4].txt - [1629 octets] - [12/01/2015 17:24:35]
AdwCleaner[S0].txt - [8748 octets] - [11/01/2015 17:36:58]
AdwCleaner[S1].txt - [3007 octets] - [12/01/2015 06:09:25]
AdwCleaner[S2].txt - [1567 octets] - [12/01/2015 17:26:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1627 octets] ##########


Report •

#7
January 12, 2015 at 14:47:54
OS: Windows 7 Ultimate x64
Ran by Barbara's Toy on Mon 01/12/2015 at 17:32:56.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services


~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\search protection


~~~ Registry Keys


~~~ Files


~~~ Folders

Failed to delete: [Folder] "C:\Users\Barbara's Toy\AppData\Roaming\search protection"


~~~ FireFox

Emptied folder: C:\Users\Barbara's Toy\AppData\Roaming\mozilla\firefox\profiles\x14pmxzt.default\minidumps [1 files]
Emptied folder: C:\Users\Barbara's Toy\AppData\Roaming\mozilla\firefox\profiles\lq0meogr.Test Profile\minidumps [52 files]


~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/12/2015 at 17:39:11.86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

#8
January 12, 2015 at 14:54:08
Run RogueKiller
http://www.softpedia.com/get/Securi...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
User Guide
http://www.adlice.com/softwares/rog...
Official tutorial
http://www.adlice.com/softwares/rog...
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
If RogueKiller won't run, open IE & turn off SmartScreen Filter.
http://windows.microsoft.com/en-AU/...
Download & SAVE to your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Quit all programs that you may have started.
Shutdown your antivirus to avoid any conflicts.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"

For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
Click on "Delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop.
Exit/Close RogueKiller.
When completed make sure to re-enable your antivirus.

Report •

#9
January 12, 2015 at 15:01:15
Here is a link for the picture.

[img]http://i.imgur.com/tFewNRa.jpg[/img]


Report •

#10
January 12, 2015 at 15:05:28
"Here is a link for the picture"
That should be gone by the time we are finished.

Report •

#11
January 12, 2015 at 15:21:20
RogueKiller V10.1.2.0 [Jan 7 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/rog...
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Barbara's Toy [Administrator]
Mode : Delete -- Date : 01/12/2015 18:18:36

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 20 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\etdrv (\??\C:\Windows\etdrv.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser Manager (C:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DefaultTabSearch (C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DefaultTabUpdate ("C:\Users\Barbara's Toy\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe") -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\etdrv (\??\C:\Windows\etdrv.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\etdrv (\??\C:\Windows\etdrv.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\etdrv (\??\C:\Windows\etdrv.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1730353599-251158386-4243113671-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://search.yahoo.com/?type=5234... -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1730353599-251158386-4243113671-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://search.yahoo.com/?type=5234... -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{71D2B9A4-A48A-4497-89D1-3924A9EC1000} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{71D2B9A4-A48A-4497-89D1-3924A9EC1000} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{71D2B9A4-A48A-4497-89D1-3924A9EC1000} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤


Report •

#12
January 12, 2015 at 15:22:06
Good because so far it's still here :(

Report •

#13
January 12, 2015 at 15:34:53
We are on the right track.

Please Copy and Paste ALL instructions into a text file & print them. If a printer is not available, write them down. Tick or cross off each step as you do it.

Download ComboFix onto your Desktop & then run. If your default download location is not the Desktop, drag it out of it's location onto the Desktop. Copy & Paste the contents of the log in your next post please. ComboFix's log should be located at C:\COMBOFIX.TXT.
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"
If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
NOTE: Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE: ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your Desktop.
Please Note: Once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.


Report •

#14
January 12, 2015 at 16:09:37
ComboFix 15-01-08.01 - Barbara's Toy 01/12/2015 18:57:58.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8109.4938 [GMT -5:00]
Running from: c:\users\Barbara's Toy\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\BARBAR~1\AppData\Local\Temp\7zS0474\HPSLPSVC64.DLL
c:\users\Barbara's Toy\AppData\Local\assembly\tmp
c:\users\Barbara's Toy\AppData\Local\Setup-Super-Word-Search-Maker.exe
c:\users\Barbara's Toy\AppData\Local\Temp\7zS0474\HPSLPSVC64.DLL
c:\users\Barbara's Toy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk
c:\windows\SysWow64\twain.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_HPSLPSVC
.
.
((((((((((((((((((((((((( Files Created from 2014-12-13 to 2015-01-13 )))))))))))))))))))))))))))))))
.
.
2015-01-13 00:02 . 2015-01-13 00:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-12 23:10 . 2015-01-12 23:11 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-01-12 23:10 . 2015-01-12 23:10 -------- d-----w- c:\programdata\RogueKiller
2015-01-12 22:32 . 2015-01-12 22:34 -------- d-----w- c:\users\Barbara's Toy\AppData\Roaming\Search Protection
2015-01-12 02:57 . 2015-01-12 02:57 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2015-01-12 00:18 . 2015-01-12 00:18 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-01-12 00:18 . 2015-01-12 00:18 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2015-01-11 22:45 . 2015-01-12 00:03 -------- d-----w- C:\EEK
2015-01-11 22:35 . 2015-01-12 22:40 -------- d-----w- C:\AdwCleaner
2015-01-11 21:20 . 2015-01-11 21:20 -------- d-----w- c:\users\Barbara's Toy\AppData\Local\Rainmaker_Software_Group_
2015-01-11 21:20 . 2015-01-11 21:20 -------- d-----w- c:\users\Barbara's Toy\AppData\Roaming\Rainmaker Software Group LLC.?
2015-01-11 16:09 . 2015-01-13 00:03 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-11 16:09 . 2015-01-11 16:09 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-01-11 16:09 . 2015-01-11 16:09 -------- d-----w- c:\programdata\Malwarebytes
2015-01-11 16:09 . 2014-11-21 11:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-01-11 16:09 . 2014-11-21 11:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-01-11 16:09 . 2014-11-21 11:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-01-11 14:59 . 2015-01-11 14:59 -------- d-----w- c:\windows\ERUNT
2015-01-09 22:38 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3AFC1957-E826-4734-9771-E7F63354361E}\mpengine.dll
2014-12-26 16:23 . 2014-12-26 16:23 -------- d-----w- c:\users\Barbara's Toy\AppData\Roaming\SentryBay
2014-12-26 16:23 . 2014-12-26 16:23 21312 ----a-w- c:\windows\system32\drivers\epfilter.sys
2014-12-26 16:22 . 2014-12-26 16:22 -------- d-----w- c:\program files (x86)\SentryBay
2014-12-26 16:22 . 2014-12-26 16:22 -------- d-----w- c:\users\Barbara's Toy\AppData\Local\SentryBay
2014-12-23 15:41 . 2014-12-23 15:41 150440 ----a-w- c:\windows\SysWow64\drivers\AnyDVD.sys
2014-12-23 15:41 . 2014-12-23 15:41 150440 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2014-12-23 01:20 . 2014-12-23 01:20 -------- d-----w- c:\users\Barbara's Toy\AppData\Local\Amazon Music
2014-12-20 22:31 . 2014-12-20 22:31 40344 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2014-12-18 22:31 . 2014-12-18 22:31 97176 ----a-w- c:\windows\SysWow64\ElbyCDIO.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-13 00:03 . 2011-03-14 15:26 25640 ----a-w- c:\windows\gdrv.sys
2015-01-06 09:36 . 2011-03-18 09:14 298120 ------w- c:\windows\system32\MpSigStub.exe
2015-01-02 15:11 . 2012-04-25 09:23 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-02 15:11 . 2011-05-14 13:00 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-10 11:08 . 2011-03-14 16:10 112710672 ----a-w- c:\windows\system32\MRT.exe
2014-12-04 02:50 . 2014-12-10 10:44 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-10 10:44 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-10 10:44 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-10 10:44 830976 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-10 10:44 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 02:50 . 2014-12-10 10:44 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 02:44 . 2014-12-10 10:44 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-10 10:44 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-18 19:56 . 2014-11-18 19:56 1202848 ----a-w- c:\windows\SysWow64\FM20.DLL
2014-11-11 03:09 . 2014-12-10 10:44 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 13:37 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 13:37 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-10 10:44 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 13:37 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 13:37 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-10 10:44 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-10 10:44 2048 ----a-w- c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-10 10:44 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-10-30 02:03 . 2014-12-10 10:44 165888 ----a-w- c:\windows\system32\charmap.exe
2014-10-30 01:45 . 2014-12-10 10:44 155136 ----a-w- c:\windows\SysWow64\charmap.exe
2014-10-25 01:57 . 2014-11-12 13:36 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 13:36 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-12 13:36 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 02:05 . 2014-12-10 11:08 4121600 ----a-w- c:\windows\system32\mf.dll
2014-10-18 01:33 . 2014-11-12 13:36 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-10-18 01:33 . 2014-12-10 11:08 3209728 ----a-w- c:\windows\SysWow64\mf.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-08-08 43816]
"Amazon Music"="c:\users\Barbara's Toy\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2014-12-08 6277952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-03 1021128]
"iTunesHelper"="e:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
"Data Protection Suite"="c:\program files (x86)\AOL\DataMask by AOL\dps.exe" [2014-06-24 1317168]
"PhishLock"="c:\program files (x86)\AOL\DataMask by AOL\pl.exe" [2014-06-24 801584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"SDBOK"="c:\program files (x86)\GIGABYTE\smart6\dbios\run.exe" [2009-07-06 207400]
.
c:\users\Barbara's Toy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Officejet Pro 8600.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1B11K25P05KD;CONNECTION=USB;MONITOR=1; [2009-7-13 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [x]
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/05/29 11:22;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 sbupdate;AOL Update Service (sbupdate);c:\program files (x86)\SentryBay\Update\SentryBayUpdate.exe;c:\program files (x86)\SentryBay\Update\SentryBayUpdate.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys;c:\windows\SYSNATIVE\DRIVERS\athrxusb.sys [x]
R3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys;c:\windows\SYSNATIVE\DRIVERS\BthAudioHF.sys [x]
R3 BTHprint;Microsoft Bluetooth Printer Class;c:\windows\system32\DRIVERS\bthprint.sys;c:\windows\SYSNATIVE\DRIVERS\bthprint.sys [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys;c:\windows\SYSNATIVE\Drivers\btnetBus.sys [x]
R3 cleanhlp;cleanhlp;c:\eek\bin\cleanhlp64.sys;c:\eek\bin\cleanhlp64.sys [x]
R3 csr_a2dp;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys;c:\windows\SYSNATIVE\drivers\bthav.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys;c:\windows\SYSNATIVE\Drivers\IvtBtBus.sys [x]
R3 libusb0;Jawbone LibUsb-Win32 - Kernel Driver 09/22/2011,1.2.5.0;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 PBProcessMonitor264;PolderbitS Process Monitor Driver 2;e:\program files (x86)\PBProcessMonitor264.sys;e:\program files (x86)\PBProcessMonitor264.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rt70x64;RT2500 USB Wireless LAN Driver for Vista;c:\windows\system32\DRIVERS\netr7064.sys;c:\windows\SYSNATIVE\DRIVERS\netr7064.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SMARTMouseFilterx64;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx64.sys;c:\windows\SYSNATIVE\DRIVERS\SMARTMouseFilterx64.sys [x]
R3 SMARTVHidMiniVistaAmd64;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys;c:\windows\SYSNATIVE\DRIVERS\SMARTVHidMiniVistaAmd64.sys [x]
R3 SMARTVTabletPCx64;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx64.sys;c:\windows\SYSNATIVE\DRIVERS\SMARTVTabletPCx64.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R4 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R4 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys;c:\windows\SYSNATIVE\Drivers\BtHidBus.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\eek\BIN\a2ddax64.sys;c:\eek\BIN\a2ddax64.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\DRIVERS\CLBStor.sys;c:\windows\SYSNATIVE\DRIVERS\CLBStor.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 EntryProtect;DataMask by AOL;c:\program files (x86)\AOL\DataMask by AOL\epservice.exe;c:\program files (x86)\AOL\DataMask by AOL\epservice.exe [x]
S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 epfilter;epfilter;c:\windows\system32\drivers\epfilter.sys;c:\windows\SYSNATIVE\drivers\epfilter.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys;c:\windows\SYSNATIVE\DRIVERS\VirtuWDDM.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_9EC60124
*Deregistered* - epinject
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 15:11]
.
2015-01-13 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2012-02-13 18:24]
.
2015-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-26 13:42]
.
2015-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf8d90808b6169.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-26 13:42]
.
2015-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cfec6bad3f6633.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-26 13:42]
.
2014-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cffea937fd59d7.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-26 13:42]
.
2015-01-13 c:\windows\Tasks\SentryBayUpdateTaskMachineCore.job
- c:\program files (x86)\SentryBay\Update\SentryBayUpdate.exe [2014-12-26 16:22]
.
2015-01-12 c:\windows\Tasks\SentryBayUpdateTaskMachineUA.job
- c:\program files (x86)\SentryBay\Update\SentryBayUpdate.exe [2014-12-26 16:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VIRTU"="c:\program files\Lucidlogix Technologies\VIRTU\VirtuControlPanel.Exe" [2011-06-19 2764384]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\appinit_dll.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://search.yahoo.com/?type=5234...
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Barbara's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\lq0meogr.Test Profile\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=523482&p=
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{520C1D80-935C-42B9-9340-E883849D804F}_is1 - m:\drivertuner\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95,
8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{182EC0BE-5110-49C8-A062-BEB1D02A220B}"=hex:51,66,7a,6c,4c,1d,38,12,d0,c3,3d,
1c,22,1f,a6,0c,df,74,fd,f1,d5,74,66,1f
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8b,c1,82,40,e7,ef,3f,47,ab,43,24,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8b,c1,82,40,e7,ef,3f,47,ab,43,24,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"v5Licence0"="15-2V5G-WFTG-31SR-TMC7-CZKW-PQXFGYD"
"Activated"="N"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\AOL\DataMask by AOL\ep.exe
c:\program files (x86)\GIGABYTE\smart6\dbios\SDBMSG.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2015-01-12 19:05:41 - machine was rebooted
ComboFix-quarantined-files.txt 2015-01-13 00:05
.
Pre-Run: 229,627,424,768 bytes free
Post-Run: 229,913,874,432 bytes free
.
- - End Of File - - FDF4C674A95C048122311EC52ADE98E9

Report •

#15
January 12, 2015 at 16:11:03
My "green phantom" still appears.

Report •

#16
January 12, 2015 at 16:16:42
Thanks for keeping me updated.

Update & Run Malwarebytes' Anti-Malware ( MBAM ) Free Version. Use Quick scan ( now called Threat Scan )
Malwarebytes' Anti-Malware
http://www.softpedia.com/get/Antivi...
http://www.malwarebytes.org/free/
Make sure you uncheck > Enable free trial < at the END of the install.
http://i.imgur.com/tUFCbYz.gif
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box to Scan for rootkits.
http://i.imgur.com/dZgt1g2.gif
Copy and Paste the contents of the log, in your reply please.

If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
If your MBAM log indicates "No action taken". That's usually a result of NOT clicking the Apply Actions button after the scan. In most cases, a restart will be required.
If you misplace your log, here are ways to find.
http://i.imgur.com/U9IqcVj.gif
http://i.imgur.com/zHMG6J9.gif
http://i.imgur.com/ZZ1trsv.gif
http://i.imgur.com/LL0K3qs.gif
Or,
(Export log to save as txt)
After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
http://i.imgur.com/LNl3Sgw.gif
http://i.imgur.com/xGJgawB.gif



Report •

#17
January 12, 2015 at 16:32:40
Hopefully it will be I thanking you for all the time you are spending trying to help me.

Report •

#18
January 12, 2015 at 16:47:06
Here's the latest:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/12/2015
Scan Time: 7:34:15 PM
Logfile: puterplayscanlogmalwarebytes.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.12.09
Rootkit Database: v2015.01.07.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Barbara's Toy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 368961
Time Elapsed: 5 min, 19 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.MyEmoticons.A, HKU\S-1-5-21-1730353599-251158386-4243113671-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Protection, Quarantined, [8f091dd7d0b989ad418c505be122b44c],

Registry Values: 0
(No malicious items detected)

Registry Data: 1
PUP.Optional.Spigot.A, HKU\S-1-5-21-1730353599-251158386-4243113671-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://search.yahoo.com/?type=5234... Good: (www.google.com), Bad: (https://search.yahoo.com/?type=523482&fr=spigot-yhp-ie),Replaced,[5642926277128bab02eb2f57c63fef11]

Folders: 0
(No malicious items detected)

Files: 4
PUP.Optional.JumpyApps.A, C:\Users\Barbara's Toy\Desktop\TPT\ZipExtractorSetup.exe, Quarantined, [dfb94aaa6d1ca591582e69d5986d6898],
PUP.Optional.Spigot.A, C:\Users\Barbara's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\lq0meogr.Test Profile\searchplugins\yahoo_ff.xml, Quarantined, [a1f7b53f1b6e7db9c6dc8edde51e6997],
PUP.Optional.Spigot.A, C:\Users\Barbara's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\x14pmxzt.default\searchplugins\yahoo_ff.xml, Quarantined, [9800866e0188270f435fb5b60ff46a96],
PUP.Optional.Spigot.A, C:\Users\Barbara's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\x14pmxzt.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "https://search.yahoo.com/?type=523482&fr=spigot-yhp-ff");), Replaced,[64346292d8b1f2443ff825a69174aa56]

Physical Sectors: 0
(No malicious items detected)


(end)


Report •

#19
January 12, 2015 at 16:49:03
I'm here, where are you please.
http://www.timeanddate.com/worldclo...

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif


Report •

#20
January 12, 2015 at 16:49:26
I thought it was interesting that though I quarantined all ...two were listed as replaced.
Phantom still winning.

Report •

#21
January 12, 2015 at 16:54:43
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
Ran by Barbara's Toy (administrator) on BARBARASTOY-PC on 12-01-2015 19:52:44
Running from C:\Users\Barbara's Toy\Desktop
Loaded Profile: Barbara's Toy (Available profiles: Barbara's Toy)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topi...

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(AOL) C:\Program Files (x86)\AOL\DataMask by AOL\epservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(AOL) C:\Program Files (x86)\AOL\DataMask by AOL\ep.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
() C:\Program Files (x86)\GIGABYTE\smart6\dbios\SDBMSG.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe


Report •

#22
January 12, 2015 at 16:56:14
"Phantom still winning"

Stubborn little critter.


Report •

#23
January 12, 2015 at 17:04:00
http://www27.zippyshare.com/v/4Q2zG...

Report •

#24
January 12, 2015 at 17:05:30
Maybe stubborn but my coach will not let that critter win!

Report •

#25
January 12, 2015 at 17:08:09
http://www.timeanddate.com/worldclo...

Report •

#26
January 12, 2015 at 17:08:27
FRST log needs to be uploaded, post #21 incomplete.

Report •

#27
January 12, 2015 at 17:22:30
Post #23 contains Zip File with additional text

Report •

#28
January 12, 2015 at 17:25:32
If need be can redo tomorrow. Just let me know ...and once again thank you for your time.

Report •

#29
January 12, 2015 at 17:26:48
Yep I got that, but as per my original post, there are 2 logs, the one I now want is > FRST log

Report •

#30
January 12, 2015 at 18:13:45
"If need be can redo tomorrow. Just let me know .."

Run Farbar again please, follow this SS & upload the 2 new logs.
http://i.imgur.com/i3fg3Pf.gif


Report •

#31
January 15, 2015 at 16:05:09
Just able to return...here are the uploads

http://www71.zippyshare.com/v/pyEhU...
http://www71.zippyshare.com/v/z5KUR...

Seriously getting ready to reformat and reinstall but I have SOOOO much I hate the thought of preparing and reinstalling


Report •

#32
January 15, 2015 at 16:17:58
It will take me quite a while to go through the Farbar logs, whilst doing so, do these please. We are getting close to the finish line

Delete files using Disk Cleanup
http://windows.microsoft.com/en-au/...

Please Copy and Paste ALL instructions into a text file & print them. If a printer is not available, write them down. Tick or cross off each step as you do it.

Run ESET Online Scanner, Copy and Paste the contents of the log in your reply please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
If your comp is unbootable, or won't let you download, you will have to download ESET from a good computer, put it on a flash/thumb/pen/usb drive & run it from there.
Create a ESET SysRescue CD or USB drive
http://kb.eset.com/esetkb/index?pag...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://kb.eset.com/esetkb/index?pag...
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Which web browsers are compatible with ESET Online Scanner?
http://www.nod32.fi/eset-online-sca...
http://kb.eset.com/esetkb/index?pag...
Online Scanner not working
http://kb.eset.com/esetkb/index?pag...
Why Would I Ever Need an Online Virus Scanner? I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
http://www.eset.com/home/products/o...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the Desktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...


Report •

#33
January 15, 2015 at 16:23:30
Just so you are aware I disconnect two of my hardrives the other day . Also decided to try... and installed Kapersky intead of McAfee

Report •

#34
January 15, 2015 at 16:32:43
Thanks.

I use MS's AV ( Anti-Virus ) & firewall.


Report •

#35
January 15, 2015 at 16:38:48
I'm a bit confused....Do I need to create a separate ESET sysRescue CD or usb drive even if my computer is bootable and can make the download?

Report •

#36
January 15, 2015 at 16:55:25
".Do I need to create a separate ESET sysRescue CD or usb drive"
No, that is there, just in case.

Report •

#37
January 15, 2015 at 19:57:09
C:\AdwCleaner\Quarantine\C\Program Files (x86)\weDownload\34344.crx.vir JS/Toolbar.Crossrider.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\weDownload\weDownload-buttonutil64.dll.vir a variant of Win64/Toolbar.Crossrider.A potentially unwanted application deleted - quarantined
C:\Users\Barbara's Toy\AppData\Local\Chromium\User Data\Default\Cache\f_000c6a HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\Barbara's Toy\AppData\Local\Downloaded Installations\{AB81C6D4-8F6A-4283-86F3-402DE3E63A21}\Mobile Mouse Server.msi a variant of Win32/HiddenStart.A potentially unsafe application deleted - quarantined
C:\Users\Barbara's Toy\AppData\Local\Mozilla\Firefox\Profiles\lq0meogr.Test Profile\cache2\entries\DE991EB6543C08C5D6C4327569FC6C95528C7F50 HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\Barbara's Toy\Desktop\cbsidlm-cbsi134-Free_PDF_To_Powerpoint_Converter-SEO-75938553.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
C:\Users\Barbara's Toy\Documents\OffercastInstaller_AVR_U-0090-01-P_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined
C:\Users\Barbara's Toy\Documents\Extracted Files\SopCast\Setup-SopCast-3.4.8-2012-1-1.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
C:\Users\Barbara's Toy\Documents\Extracted Files\SopCast-3.4.8\Setup-SopCast-3.4.8-2012-1-1.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
C:\Users\Barbara's Toy\Downloads\80211gbwlanusb20adapter-setup.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
C:\Users\Barbara's Toy\Downloads\cpu-z_1.57-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
C:\Users\Barbara's Toy\Downloads\Firefox_Setup.exe Win32/InstallCore.EL potentially unwanted application deleted - quarantined
C:\Users\Barbara's Toy\Downloads\iLividSetupV1.exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application deleted - quarantined
C:\Users\Barbara's Toy\Downloads\OffercastInstaller_AVR_U-0090-01-NewYearsSilhouette-0809-01-en_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined
C:\Users\Barbara's Toy\Downloads\U_0087_01_PlateauLines_0805_01_en.msi a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
C:\Windows\Installer\3531dd.msi a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
F:\reading 2013-2014\VLC-Media-Player.exe a variant of Win32/DownloadAssistant.A potentially unwanted application deleted - quarantined
F:\TPT\ZipExtractorSetup.exe Win32/InstallCore.FY potentially unwanted application deleted - quarantined

Report •

#38
January 15, 2015 at 19:57:32
green phantom still there

Report •

#39
January 15, 2015 at 20:11:33
Thanks.

Copy & Paste the text below ( starting closeprocesses: ), save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

closeprocesses:
emptytemp:
Task: {0C92291D-B674-4CD0-9E92-DEC33F38B36A} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-03-11] (Bitberry Software) <==== ATTENTION
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:373E1720
Task: {0C92291D-B674-4CD0-9E92-DEC33F38B36A} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-03-11] (Bitberry Software) <==== ATTENTION
Free File Viewer 2011 (HKLM-x32\...\FreeFileViewer_is1) (Version: - Bitberry Software) <==== ATTENTION
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1730353599-251158386-4243113671-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1730353599-251158386-4243113671-1000 -> DefaultScope {C1A48860-84F3-4EAB-9163-0F0A9C7E2AD0} URL = https://search.yahoo.com/search?fr=...
SearchScopes: HKU\S-1-5-21-1730353599-251158386-4243113671-1000 -> {A4A60291-C5DD-4bdb-89A4-FF6AB93FA814} URL = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=4183257091&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1730353599-251158386-4243113671-1000 -> {C1A48860-84F3-4EAB-9163-0F0A9C7E2AD0} URL = https://search.yahoo.com/search?fr=...
Toolbar: HKU\.DEFAULT -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-1730353599-251158386-4243113671-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FF Homepage: hxxp://www.aol.com/
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> E:\Program Files (x86)\Picasa3\npPicasa3.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin HKU\S-1-5-21-1730353599-251158386-4243113671-1000: @nds.com/PCShowPlugin -> C:\Users\Barbara's Toy\AppData\Local\DIRECTV Player\npPCShowPlugin.dll No File
FF Plugin HKU\S-1-5-21-1730353599-251158386-4243113671-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\BARBAR~1\AppData\Roaming\CATALI~1\NPBCSK~1.DLL No File
CHR StartupUrls: Default -> "https://search.yahoo.com/?type=523482&fr=yo-yhp-ch",
"hxxp://search.conduit.com/?ctid=CT3324316&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP8503FB62-2F77-4B2F-81BC-02D9A75DFC04&SSPV="
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 PBProcessMonitor264; \??\E:\Program Files (x86)\PBProcessMonitor264.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
534 C:\Users\Barbara's Toy\AppData\Local\Temp\dllnt_dump.dll

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.

message edited by Johnw


Report •

#40
January 16, 2015 at 14:58:28
phantom still exists :(

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2015 01
Ran by Barbara's Toy at 2015-01-16 17:45:13 Run:1
Running from C:\Users\Barbara's Toy\Desktop\computer fix FRST and Notepad file
Loaded Profiles: Barbara's Toy (Available profiles: Barbara's Toy)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
closeprocesses:
emptytemp:
Task: {0C92291D-B674-4CD0-9E92-DEC33F38B36A} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-03-11] (Bitberry Software) <==== ATTENTION
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:373E1720
Task: {0C92291D-B674-4CD0-9E92-DEC33F38B36A} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-03-11] (Bitberry Software) <==== ATTENTION
Free File Viewer 2011 (HKLM-x32\...\FreeFileViewer_is1) (Version: - Bitberry Software) <==== ATTENTION
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1730353599-251158386-4243113671-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1730353599-251158386-4243113671-1000 -> DefaultScope {C1A48860-84F3-4EAB-9163-0F0A9C7E2AD0} URL = https://search.yahoo.com/search?fr=...
SearchScopes: HKU\S-1-5-21-1730353599-251158386-4243113671-1000 -> {A4A60291-C5DD-4bdb-89A4-FF6AB93FA814} URL = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=4183257091&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1730353599-251158386-4243113671-1000 -> {C1A48860-84F3-4EAB-9163-0F0A9C7E2AD0} URL = https://search.yahoo.com/search?fr=...
Toolbar: HKU\.DEFAULT -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-1730353599-251158386-4243113671-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FF Homepage: hxxp://www.aol.com/
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> E:\Program Files (x86)\Picasa3\npPicasa3.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin HKU\S-1-5-21-1730353599-251158386-4243113671-1000: @nds.com/PCShowPlugin -> C:\Users\Barbara's Toy\AppData\Local\DIRECTV Player\npPCShowPlugin.dll No File
FF Plugin HKU\S-1-5-21-1730353599-251158386-4243113671-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\BARBAR~1\AppData\Roaming\CATALI~1\NPBCSK~1.DLL No File
CHR StartupUrls: Default -> "https://search.yahoo.com/?type=523482&fr=yo-yhp-ch",
"hxxp://search.conduit.com/?ctid=CT3324316&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP8503FB62-2F77-4B2F-81BC-02D9A75DFC04&SSPV="
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 PBProcessMonitor264; \??\E:\Program Files (x86)\PBProcessMonitor264.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
534 C:\Users\Barbara's Toy\AppData\Local\Temp\dllnt_dump.dll
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0C92291D-B674-4CD0-9E92-DEC33F38B36A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C92291D-B674-4CD0-9E92-DEC33F38B36A}" => Key deleted successfully.
C:\Windows\System32\Tasks\FreeFileViewerUpdateChecker => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FreeFileViewerUpdateChecker" => Key deleted successfully.
C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => Moved successfully.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C92291D-B674-4CD0-9E92-DEC33F38B36A} => Key not found.
C:\Windows\System32\Tasks\FreeFileViewerUpdateChecker not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FreeFileViewerUpdateChecker => Key not found.
Free File Viewer 2011 (HKLM-x32\...\FreeFileViewer_is1) (Version: - Bitberry Software) <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1730353599-251158386-4243113671-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-1730353599-251158386-4243113671-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1730353599-251158386-4243113671-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A4A60291-C5DD-4bdb-89A4-FF6AB93FA814}" => Key deleted successfully.
HKCR\CLSID\{A4A60291-C5DD-4bdb-89A4-FF6AB93FA814} => Key not found.
"HKU\S-1-5-21-1730353599-251158386-4243113671-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C1A48860-84F3-4EAB-9163-0F0A9C7E2AD0}" => Key deleted successfully.
HKCR\CLSID\{C1A48860-84F3-4EAB-9163-0F0A9C7E2AD0} => Key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
HKU\S-1-5-21-1730353599-251158386-4243113671-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
Firefox homepage deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKU\S-1-5-21-1730353599-251158386-4243113671-1000\Software\MozillaPlugins\@nds.com/PCShowPlugin" => Key deleted successfully.
C:\Users\Barbara's Toy\AppData\Local\DIRECTV Player\npPCShowPlugin.dll not found.
"HKU\S-1-5-21-1730353599-251158386-4243113671-1000\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator" => Key deleted successfully.
C:\Users\BARBAR~1\AppData\Roaming\CATALI~1\NPBCSK~1.DLL not found.
Chrome StartupUrls not detected.
"hxxp://search.conduit.com/?ctid=CT3324316&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP8503FB62-2F77-4B2F-81BC-02D9A75DFC04&SSPV=" => Error: No automatic fix found for this entry.
BT => Service deleted successfully.
Btcsrusb => Service deleted successfully.
catchme => Service deleted successfully.
PBProcessMonitor264 => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VComm => Service deleted successfully.
VcommMgr => Service deleted successfully.
VGPU => Service deleted successfully.
534 C:\Users\Barbara's Toy\AppData\Local\Temp\dllnt_dump.dll => Error: No automatic fix found for this entry.
EmptyTemp: => Removed 1.3 GB temporary data.


The system needed a reboot.


Report •

#41
January 16, 2015 at 15:05:09
Download Security Check by screen317 from one of the following links and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
Please restart the computer before running this security check..
* Double click SecurityCheck.exe. If you run Windows Vista or 7/8, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Report •

#42
January 17, 2015 at 14:39:15
JohnW,
Thank you for trying to rid the "Green Phantom." However, last night my computer was starting to have some major issues. Crashing was definitely a concern. I felt it was time to "bite the bullet,."
I am now up and running on a CLEAN computer void of garbage and bloat.
Of course I have much to do, but believe it is worth the time.
Again, thank you for having taken the time to try to help me.

Report •

#43
January 17, 2015 at 14:54:00
Very good news Puterplay, if you get any more problems & have to format again.

Make sure when you reinstall, you delete ALL partitions & format to NTFS.

W7 - Click on > Drive options (advanced) Then highlight each partition & hit > Delete.
http://www.blackviper.com/os-instal...
http://www.blackviper.com/os-instal...

Here are some examples of why you delete all partitions.
http://forums.spybot.info/showthrea...
http://forums.whatthetech.com/index...
http://blog.eset.com/2011/10/18/tdl...


Report •

#44
January 17, 2015 at 14:54:42
✔ Best Answer
Here is how you got into this mess.

WARNING: CNET Download.com downloads now come bundled with opt-out crapware and toolbars ( Same applies to Softonic & Brothersoft )
http://www.groovypost.com/unplugged...
I use Softpedia & FreewareFiles.com, down the bottom of the page, they make you aware what Ad-supported programs the author of the program has included.
http://www.freewarefiles.com/new_fi...
Sample pages
http://www.softpedia.com/get/CD-DVD...
First and foremost, extra attention needs to be paid during installation as ImgBurn offers to create desktop shortcuts to third-party apps, as well as install a browser toolbar onto the host computer, which are not required to ensure the smooth running of the app.
SS of above.
http://i.imgur.com/jgGYNsP.gif
This is what ImgBurn tries to install.
http://i.imgur.com/ms4DzE9.gif
http://i.imgur.com/vVkd39a.gif
http://i.imgur.com/rqFVaHs.gif
http://i.imgur.com/sm1T7h6.gif
http://i.imgur.com/vhkKLYo.gif

Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies, so be vigilant.
http://www.softpedia.com/get/System...
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.

Install Adblock Plus to your browsers.

A web page for whatever browser you did the Adblock Plus install will open after the install. Follow these SS ( screenshots )
http://i.imgur.com/pW20i0u.gif
http://i.imgur.com/pRIayVe.gif

Adblock Plus for Internet Explorer
http://www.iegallery.com/Search?q=a...
https://adblockplus.org/blog/workin...
http://adblockplus.org/
Installing
http://i.imgur.com/U9grvpT.gif
http://i.imgur.com/0Myhnkl.gif
http://i.imgur.com/I0gWFuM.gif
Features
https://adblockplus.org/en/features
A web page for whatever browser you did the Adblock Plus install will open after the install. Follow these SS ( screenshots )
http://i.imgur.com/pW20i0u.gif
http://i.imgur.com/pRIayVe.gif

Adblock Plus for Firefox
https://adblockplus.org/en/firefox
https://addons.mozilla.org/en-US/fi...
https://addons.mozilla.org/en-US/fi...
Features
https://adblockplus.org/en/features
A web page for whatever browser you did the Adblock Plus install will open after the install. Follow these SS ( screenshots )
http://i.imgur.com/pW20i0u.gif
http://i.imgur.com/pRIayVe.gif

message edited by Johnw


Report •

#45
January 17, 2015 at 15:51:08
Before all is loaded going back to install and format NTFS. That's what was on originally but didn't realize having that small partition could cause problems easier. Before I do though, my drive is an SSD. Is formatting it again going to cause a problem. I know they are sensitive.

Report •

#46
January 17, 2015 at 16:44:47
I have only been aware that you don't defrag a SSD.

I got mine about 3 years ago & did nothing special, it aligned itself perfectly.

Here is a little more info, you may like to google on your specific model.

12 Things You Must Do When Running a Solid State Drive in Windows 7
http://www.maketecheasier.com/12-th...

Checking SSD Partition Alignment
http://whirlpool.net.au/wiki/checki...


Report •

Ask Question