Tech Problem Aggregator

I am infected by safe search finder please help me.

Q: I am infected by safe search finder please help me.

Hi i made a topic earlier but it was my first topic and a mod helped me get on track, i followed a step that the mod told me from the preperation guide, i'd like to point out that my firewall is alays active and i made no backups of songs games etc because i literally have nothing to lose on my computer of any significant importance i just want this virus gone. basically i have a browser highjacker and i downloaded this program that you all mentioned on a post that we should download to make a log of what it scans called farbar recovery tool. i'll post now the text report it gave me but im not sure it's what you all expect of me to post so if i posted the wrong text please let me know, if this is the correct i hope it contains any valuable information. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016Ran by Miguel (administrator) on MIGUEL-TOSH (02-02-2016 23:36:57)Running from C:\Users\Miguel\DownloadsLoaded Profiles: Miguel &  (Available Profiles: Miguel)Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Português (Portugal)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe(IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe() C:\ProgramData\Airtostrong\Airtostrong.exe() C:\ProgramData\Airtostrong\Airtostrong.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [] => [X]Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)HKU\S-1-5-21-554141276-1332439800-3159707109-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)HKU\S-1-5-21-554141276-1332439800-3159707109-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)HKU\S-1-5-21-554141276-1332439800-3159707109-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)HKU\S-1-5-21-554141276-1332439800-3159707109-1001\...\Policies\Explorer: [] HKU\S-1-5-21-554141276-1332439800-3159707109-1001\...\MountPoints2: F - F:\setup.exeHKU\S-1-5-21-554141276-1332439800-3159707109-1001\...\MountPoints2: {2ef082c7-1aba-11e3-b26d-0026223d858f} - F:\Autorun.exeHKU\S-1-5-21-554141276-1332439800-3159707109-1001\...\MountPoints2: {c6d2cd2d-0ff7-11e4-9d37-0026223d858f} - G:\Install.exeHKU\S-1-5-21-554141276-1332439800-3159707109-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)HKU\S-1-5-21-554141276-1332439800-3159707109-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)HKU\S-1-5-21-554141276-1332439800-3159707109-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)HKU\S-1-5-21-554141276-1332439800-3159707109-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [] HKU\S-1-5-21-554141276-1332439800-3159707109-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: F - F:\setup.exeHKU\S-1-5-21-554141276-1332439800-3159707109-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {2ef082c7-1aba-11e3-b26d-0026223d858f} - F:\Autorun.exeHKU\S-1-5-21-554141276-1332439800-3159707109-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {c6d2cd2d-0ff7-11e4-9d37-0026223d858f} - G:\Install.exeHKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)AppInit_DLLs: C:\ProgramData\Airtostrong\MoveTamsoft.dll => C:\ProgramData\Airtostrong\MoveTamsoft.dll [805376 2016-02-02] ()AppInit_DLLs-x32: C:\ProgramData\Airtostrong\Plustam.dll => C:\ProgramData\Airtostrong\Plustam.dll [257536 2016-02-02] ()ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-09-16]ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-09-16]ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)BootExecute: autocheck autochk * SmartDefragBootTime.exeCHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254Tcpip\..\Interfaces\{D7C8C74C-9C5A-4A0B-97B8-D0EA55AAF98B}: [DhcpNameServer] 192.168.1.254 192.168.1.254 Internet Explorer:==================HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.google.comHKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.google.comHKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.google.comHKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.google.comHKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.google.comHKU\S-1-5-21-554141276-1332439800-3159707109-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3u5zNCh3rhgU9tFtbtuGPFnKznOVWLy75Ol9WmMaQaM6p-pnfbiQwpVmruZlyIju9KM-8_xiAfW0Ni-6jx-I07KF0H_DFIbVT-Ul4_gns_LsWJl8hqhmrlznN6nTg0s02SwW33B2tLyabGq8VsizDHoxdUnvFF6vcHkRVDiIAIM,&q={searchTerms}HKU\S-1-5-21-554141276-1332439800-3159707109-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3u5zNCh3rhgU9tFtbtuGPFnKznOVWLy75Ol9WmMaQaM6p-pnfbiQwpVmruZlyIju9KM-8_xiAfW0Ni-6jx-I07KF0H_DFIbVT-Ul4_gns_LsWJl8hqhmrlznN6nTg0s02SwW33B2tLyabGq8VsizDHoxdUnvFF6vcHkRVDiIAIM,&q={searchTerms}HKU\S-1-5-21-554141276-1332439800-3159707109-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3u5zNCh3rhgU9tFtbtuGPFnKznOVWLy75Ol9WmMaQaM6p-pnfbiQwpVmruZlyIju9KM-8_xiAfW0Ni-6jx-I07KF0H_DFIbVT-Ul4_gns_LsWJl8hqhmrlznN6nTg0s02SwW33B2tLyabGq8VsizDHoxdUnvFF6vcHkRVDiIAIM,&q={searchTerms}HKU\S-1-5-21-554141276-1332439800-3159707109-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3u5zNCh3rhgU9tFtbtuGPFnKznOVWLy75Ol9WmMaQaM6p-pnfbiQwpVmruZlyIju9KM-8_xiAfW0Ni-6jx-I07KF0H_DFIbVT-Ul4_gns_LsWJl8hqhmrlznN6nTg0s02SwW33B2tLyabGq8VsizDHoxdUnvFF6vcHkRVDiIAIM,&q={searchTerms}HKU\S-1-5-21-554141276-1332439800-3159707109-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3u5zNCh3rhgU9tFtbtuGPFnKznOVWLy75Ol9WmMaQaM6p-pnfbiQwpVmruZlyIju9KM-8_xiAfW0Ni-6jx-I07KF0H_DFIbVT-Ul4_gns_LsWJl8hqhmrlznN6nTg0s02SwW33B2tLyabGq8VsizDHoxdUnvFF6vcHkRVDiIAIM,&q={searchTerms}HKU\S-1-5-21-554141276-1332439800-3159707109-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3u5zNCh3rhgU9tFtbtuGPFnKznOVWLy75Ol9WmMaQaM6p-pnfbiQwpVmruZlyIju9KM-8_xiAfW0Ni-6jx-I07KF0H_DFIbVT-Ul4_gns_LsWJl8hqhmrlznN6nTg0s02SwW33B2tLyabGq8VsizDHoxdUnvFF6vcHkRVDiIAIM,&q={searchTerms}SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3u5zNCh3rhgU9tFtbtuGPFnKznOVWLy75Ol9WmMaQaM6p-pnfbiQwpVmruZlyIju9KM-8_xiAfW0Ni-6jx-I07KF0H_DFIbVT-Ul4_gns_LsWJl8hqhmrlznN6nTg0s02SwW33B2tLyabGq8VsizDHoxdUnvFF6vcHkRVDiIAIM,&q={searchTerms}SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-554141276-1332439800-3159707109-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-554141276-1332439800-3159707109-1001 -> OldSearch URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-554141276-1332439800-3159707109-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-554141276-1332439800-3159707109-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3u5zNCh3rhgU9tFtbtuGPFnKznOVWLy75Ol9WmMaQaM6p-pnfbiQwpVmruZlyIju9KM-8_xiAfW0Ni-6jx-I07KF0H_DFIbVT-Ul4_gns_LsWJl8hqhmrlznN6nTg0s02SwW33B2tLyabGq8VsizDHoxdUnvFF6vcHkRVDiIAIM,&q={searchTerms}SearchScopes: HKU\S-1-5-21-554141276-1332439800-3159707109-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-554141276-1332439800-3159707109-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> OldSearch URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-554141276-1332439800-3159707109-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-554141276-1332439800-3159707109-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3u5zNCh3rhgU9tFtbtuGPFnKznOVWLy75Ol9WmMaQaM6p-pnfbiQwpVmruZlyIju9KM-8_xiAfW0Ni-6jx-I07KF0H_DFIbVT-Ul4_gns_LsWJl8hqhmrlznN6nTg0s02SwW33B2tLyabGq8VsizDHoxdUnvFF6vcHkRVDiIAIM,&q={searchTerms}BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)Toolbar: HKU\S-1-5-21-554141276-1332439800-3159707109-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No FileToolbar: HKU\S-1-5-21-554141276-1332439800-3159707109-1001 -> No Name - {51A86BB3-6602-4C85-92A5-130EE4864F13} -  No FileToolbar: HKU\S-1-5-21-554141276-1332439800-3159707109-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No FileToolbar: HKU\S-1-5-21-554141276-1332439800-3159707109-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {51A86BB3-6602-4C85-92A5-130EE4864F13} -  No FileHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)StartMenuInternet: IEXPLORE.EXE -  FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()FF Plugin: @microsoft.com/GENUINE -> disabled [No File]FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-03-24] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-03-24] (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]FF Plugin-x32: @spoon.net/Spoon Plugin 3.33 -> C:\Program Files (x86)\Spoon\3.33.539.0\npMozillaSpoonPlugin.dll [No File]FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)FF Plugin-x32: @vizzed.com/VizzedRGR -> C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll [2013-01-11] (Vizzed.com)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-554141276-1332439800-3159707109-1001: @spoon.net/Spoon Plugin 3.33 -> C:\Users\Miguel\AppData\Local\Spoon\3.33.539.0\npMozillaSpoonPlugin.dll [No File]FF Plugin HKU\S-1-5-21-554141276-1332439800-3159707109-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @spoon.net/Spoon Plugin 3.33 -> C:\Users\Miguel\AppData\Local\Spoon\3.33.539.0\npMozillaSpoonPlugin.dll [No File] Chrome: =======CHR HomePage: Profile 1 -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3u5zNCh3rhgU9tFtbtuGPFnKznOVWLy75Ol9WmMaQaM6p-pnfbiQwpVmruZlyIju9KM-8_xiAfW0Ni-hQwFY_iYc2rPB1eYKIDstWiG4bi1RgZVL5HlSiu-arj4UX2h4lq_N-0Q-bk1vrkc1A6UlhptRp7xCc0gjsbRuuuJ2z1Q,CHR StartupUrls: Profile 1 -> "hxxp://google.com/"CHR DefaultSearchURL: Profile 1 -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3u5zNCh3rhgU9tFtbtuGPFnKznOVWLy75Ol9WmMaQaM6p-pnfbiQwpVmruZlyIju9KM-8_xiAfW0Ni-tkWp9VKCpnT77pdNWByJbqYUNfDRWG6DHndok1_Hz4MDrKz1TSvR_tikpYxHF53rfvmKmx_6qRbH-mUgBmHdUwpGxMIo,&q={searchTerms}CHR DefaultSearchKeyword: Profile 1 -> feed.sonic-search.comCHR DefaultSuggestURL: Profile 1 -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}CHR Profile: C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Mapa do céu) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\acnecepeneiomaebkkagcfbbakcfljdc [2016-01-16]CHR Extension: (BetterTTV) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-01-16]CHR Extension: (Google Drive) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-16]CHR Extension: (TV) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2016-01-16]CHR Extension: (YouTube) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-16]CHR Extension: (Adblock Plus) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-16]CHR Extension: (Google Search) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-16]CHR Extension: (FrankerFaceZ) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb [2016-01-16]CHR Extension: (Word Online) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2016-01-16]CHR Extension: (AdBlock) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-28]CHR Extension: (Weather Now) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmiebhdnnejnaijgmkhomnheecmonjli [2016-01-16]CHR Extension: (Twitch Live) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\imcjibojeokeogfofjgaajlobobagbeg [2016-01-16]CHR Extension: (ReChat for Twitch™) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipplilmaapjjklilmmaccfemdmhkoacd [2016-01-17]CHR Extension: (Kappa Everywhere - Global Twitch Emotes) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jafkphjeboadjffjfcigcdfdilpcacod [2016-01-22]CHR Extension: (Atlas mundial de dados) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\knlgfedckdhkgjinnhogmhkbcjpmmhko [2016-01-16]CHR Extension: (Skype) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-01-16]CHR Extension: (Dailymotion unblur) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdfhplhalkibbfonminkkbfnhcpbibga [2016-01-16]CHR Extension: (Twitch Now) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk [2016-02-02]CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-16]CHR Extension: (100,000 Stars) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\odkpogjemoijmdgemngpdohpcclgegjg [2016-01-16]CHR Extension: (Send from Gmail (by Google)) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2016-01-16]CHR Extension: (Gmail) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-16]CHR Profile: C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Profile 1CHR Extension: (Mapa do céu) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\acnecepeneiomaebkkagcfbbakcfljdc [2016-02-02]CHR Extension: (BetterTTV) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-02-02]CHR Extension: (Google Drive) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-02]CHR Extension: (TV) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\beobeededemalmllhkmnkinmfembdimh [2016-02-02]CHR Extension: (YouTube) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-02]CHR Extension: (Adblock Plus) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-02]CHR Extension: (Google Search) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-02]CHR Extension: (FrankerFaceZ) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb [2016-02-02]CHR Extension: (Word Online) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2016-02-02]CHR Extension: (AdBlock) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-02]CHR Extension: (Weather Now) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hmiebhdnnejnaijgmkhomnheecmonjli [2016-02-02]CHR Extension: (Twitch Live) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\imcjibojeokeogfofjgaajlobobagbeg [2016-02-02]CHR Extension: (Kappa Everywhere - Global Twitch Emotes) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jafkphjeboadjffjfcigcdfdilpcacod [2016-02-02]CHR Extension: (My Browser Page) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jghfknlgajlcihkhkhnlcoffhbohnlbg [2016-02-02]CHR Extension: (Atlas mundial de dados) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knlgfedckdhkgjinnhogmhkbcjpmmhko [2016-02-02]CHR Extension: (Skype) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-02-02]CHR Extension: (Dailymotion unblur) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mdfhplhalkibbfonminkkbfnhcpbibga [2016-02-02]CHR Extension: (Twitch Now) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk [2016-02-02]CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-02]CHR Extension: (100,000 Stars) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\odkpogjemoijmdgemngpdohpcclgegjg [2016-02-02]CHR Extension: (Send from Gmail (by Google)) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2016-02-02]CHR Extension: (Gmail) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-02]CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)R2 Airtostrong; C:\ProgramData\\Airtostrong\\Airtostrong.exe [530944 2016-02-02] () [File not signed]R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [342336 2014-05-15] (IObit)S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)S4 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116104 2009-08-06] (Toshiba Europe GmbH)R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)R3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [36432 2008-03-26] (DemoForge, LLC)R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-07-17] (Disc Soft Ltd)S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-02] (Malwarebytes)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)S3 SDGame; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit)S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [38664 2013-03-07] (Spotflux, Inc)S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)S3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex) [File not signed]S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2015-05-25] (SplitmediaLabs Limited)S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\PlayClaw4\WinRing0x64.sys [X]S3 X6va006; \??\C:\Users\Miguel\AppData\Local\Temp\00664B5.tmp [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)  ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-02-02 23:36 - 2016-02-02 23:38 - 00030083 _____ C:\Users\Miguel\Downloads\FRST.txt2016-02-02 23:36 - 2016-02-02 23:36 - 00000000 ____D C:\FRST2016-02-02 23:35 - 2016-02-02 23:36 - 02370560 _____ (Farbar) C:\Users\Miguel\Downloads\FRST64.exe2016-02-02 19:57 - 2016-02-02 19:57 - 03255653 _____ () C:\Program Files\Common Files\lt3nyslc.exe2016-02-02 19:57 - 2016-02-02 19:57 - 00002393 _____ C:\Windows\SysWOW64\findit.xml2016-02-02 19:57 - 2016-02-02 19:57 - 00000000 ____D C:\ProgramData\Airtostrongs2016-02-02 12:58 - 2016-02-02 13:11 - 00002218 _____ C:\Users\Miguel\Desktop\Gangsta - Chrome.lnk2016-01-30 23:18 - 2016-01-31 03:47 - 00000094 _____ C:\Users\Miguel\Documents\skyrim missing enchantments.txt2016-01-29 12:34 - 2016-02-02 19:57 - 00002253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk2016-01-29 12:34 - 2016-02-02 19:57 - 00002230 _____ C:\Users\Public\Desktop\Google Chrome.lnk2016-01-23 23:20 - 2016-01-23 23:20 - 00000000 ____D C:\Users\Miguel\AppData\Roaming\Thumbnail me2016-01-23 23:20 - 2016-01-23 23:20 - 00000000 ____D C:\Users\Miguel\AppData\Local\Thumbnail me2016-01-21 00:07 - 2016-01-21 00:07 - 01048576 _____ C:\Users\Miguel\Desktop\Red251.gbc2016-01-20 19:57 - 2016-01-20 19:57 - 03712763 _____ () C:\Program Files\Common Files\5auruufb.exe2016-01-19 19:57 - 2016-01-19 19:57 - 03712861 _____ () C:\Program Files\Common Files\wqunjb0n.exe2016-01-17 00:40 - 2016-01-18 04:00 - 00000483 _____ C:\Users\Miguel\Documents\skyrim female altmer.txt2016-01-16 19:57 - 2016-02-02 19:57 - 00000000 ____D C:\ProgramData\Airtostrong2016-01-16 19:54 - 2016-01-16 19:54 - 00003388 _____ C:\Windows\System32\Tasks\w3mjvdoh2016-01-16 19:54 - 2016-01-16 19:54 - 00000000 ____D C:\Program Files\Common Files\cbdgv10z2016-01-16 19:00 - 2016-01-16 19:00 - 00003566 _____ C:\Windows\System32\Tasks\{C4E7A09C-04FC-4722-830D-BC27605F42B3}2016-01-16 18:54 - 2016-01-16 18:54 - 00041472 _____ C:\Users\Miguel\AppData\Local\jaytechno.dat2016-01-16 18:54 - 2016-01-16 18:54 - 00000187 _____ C:\Users\Miguel\AppData\Local\jaytechno.exe.config2016-01-13 22:32 - 2016-01-13 22:32 - 16777216 _____ C:\Users\Miguel\Desktop\pokemon extreme randomized.gba2016-01-13 12:28 - 2015-12-11 18:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2016-01-13 12:28 - 2015-12-08 21:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll2016-01-13 12:28 - 2015-12-08 19:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll2016-01-13 12:28 - 2015-11-16 20:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll2016-01-13 12:28 - 2015-11-13 23:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll2016-01-13 12:28 - 2015-11-13 23:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll2016-01-13 12:28 - 2015-11-13 23:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe2016-01-13 12:28 - 2015-11-13 22:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll2016-01-13 12:28 - 2015-11-13 22:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll2016-01-13 12:28 - 2015-11-13 22:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe2016-01-13 12:27 - 2015-12-23 23:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2016-01-13 12:27 - 2015-12-23 22:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2016-01-13 12:27 - 2015-12-12 18:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2016-01-13 12:27 - 2015-12-12 18:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2016-01-13 12:27 - 2015-12-12 18:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2016-01-13 12:27 - 2015-12-12 18:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2016-01-13 12:27 - 2015-12-12 18:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2016-01-13 12:27 - 2015-12-12 18:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2016-01-13 12:27 - 2015-12-12 18:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2016-01-13 12:27 - 2015-12-12 18:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2016-01-13 12:27 - 2015-12-12 18:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2016-01-13 12:27 - 2015-12-12 18:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2016-01-13 12:27 - 2015-12-12 18:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2016-01-13 12:27 - 2015-12-12 18:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2016-01-13 12:27 - 2015-12-12 18:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2016-01-13 12:27 - 2015-12-12 18:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2016-01-13 12:27 - 2015-12-12 18:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2016-01-13 12:27 - 2015-12-12 18:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2016-01-13 12:27 - 2015-12-12 18:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2016-01-13 12:27 - 2015-12-12 18:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2016-01-13 12:27 - 2015-12-12 17:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2016-01-13 12:27 - 2015-12-12 17:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2016-01-13 12:27 - 2015-12-12 17:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2016-01-13 12:27 - 2015-12-12 17:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2016-01-13 12:27 - 2015-12-12 17:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2016-01-13 12:27 - 2015-12-12 17:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2016-01-13 12:27 - 2015-12-12 17:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2016-01-13 12:27 - 2015-12-12 17:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2016-01-13 12:27 - 2015-12-12 17:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2016-01-13 12:27 - 2015-12-12 17:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2016-01-13 12:27 - 2015-12-12 17:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2016-01-13 12:27 - 2015-12-12 17:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2016-01-13 12:27 - 2015-12-12 17:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll2016-01-13 12:27 - 2015-12-12 17:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2016-01-13 12:27 - 2015-12-12 17:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2016-01-13 12:27 - 2015-12-12 17:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2016-01-13 12:27 - 2015-12-12 17:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2016-01-13 12:27 - 2015-12-12 17:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2016-01-13 12:27 - 2015-12-12 17:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2016-01-13 12:27 - 2015-12-12 17:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2016-01-13 12:27 - 2015-12-12 17:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll2016-01-13 12:27 - 2015-12-12 17:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2016-01-13 12:27 - 2015-12-12 17:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2016-01-13 12:27 - 2015-12-12 17:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2016-01-13 12:27 - 2015-12-12 17:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2016-01-13 12:27 - 2015-12-12 17:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2016-01-13 12:27 - 2015-12-12 17:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2016-01-13 12:27 - 2015-12-12 17:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2016-01-13 12:27 - 2015-12-12 17:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2016-01-13 12:27 - 2015-12-12 17:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2016-01-13 12:27 - 2015-12-12 17:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2016-01-13 12:27 - 2015-12-12 17:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2016-01-13 12:27 - 2015-12-12 17:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll2016-01-13 12:27 - 2015-12-12 17:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2016-01-13 12:27 - 2015-12-12 17:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2016-01-13 12:27 - 2015-12-12 17:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2016-01-13 12:27 - 2015-12-12 17:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2016-01-13 12:27 - 2015-12-12 17:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2016-01-13 12:27 - 2015-12-12 17:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2016-01-13 12:27 - 2015-12-12 16:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2016-01-13 12:27 - 2015-12-12 16:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2016-01-13 12:27 - 2015-12-12 16:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2016-01-13 12:27 - 2015-12-12 16:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2016-01-13 12:27 - 2015-12-12 16:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2016-01-13 12:27 - 2015-12-08 21:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll2016-01-13 12:27 - 2015-12-08 21:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL2016-01-13 12:27 - 2015-12-08 21:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL2016-01-13 12:27 - 2015-12-08 21:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL2016-01-13 12:27 - 2015-12-08 21:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL2016-01-13 12:27 - 2015-12-08 21:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL2016-01-13 12:27 - 2015-12-08 21:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll2016-01-13 12:27 - 2015-12-08 21:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL2016-01-13 12:27 - 2015-12-08 21:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL2016-01-13 12:27 - 2015-12-08 21:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL2016-01-13 12:27 - 2015-12-08 21:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL2016-01-13 12:27 - 2015-12-08 21:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL2016-01-13 12:27 - 2015-12-08 21:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll2016-01-13 12:27 - 2015-12-08 21:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll2016-01-13 12:27 - 2015-12-08 21:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll2016-01-13 12:27 - 2015-12-08 21:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL2016-01-13 12:27 - 2015-12-08 21:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL2016-01-13 12:27 - 2015-12-08 21:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll2016-01-13 12:27 - 2015-12-08 21:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2016-01-13 12:27 - 2015-12-08 21:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll2016-01-13 12:27 - 2015-12-08 21:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL2016-01-13 12:27 - 2015-12-08 21:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll2016-01-13 12:27 - 2015-12-08 21:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL2016-01-13 12:27 - 2015-12-08 21:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL2016-01-13 12:27 - 2015-12-08 21:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL2016-01-13 12:27 - 2015-12-08 21:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll2016-01-13 12:27 - 2015-12-08 21:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax2016-01-13 12:27 - 2015-12-08 21:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL2016-01-13 12:27 - 2015-12-08 21:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll2016-01-13 12:27 - 2015-12-08 21:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL2016-01-13 12:27 - 2015-12-08 21:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll2016-01-13 12:27 - 2015-12-08 21:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll2016-01-13 12:27 - 2015-12-08 21:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe2016-01-13 12:27 - 2015-12-08 21:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe2016-01-13 12:27 - 2015-12-08 21:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll2016-01-13 12:27 - 2015-12-08 21:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll2016-01-13 12:27 - 2015-12-08 19:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll2016-01-13 12:27 - 2015-12-08 19:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll2016-01-13 12:27 - 2015-12-08 19:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL2016-01-13 12:27 - 2015-12-08 19:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL2016-01-13 12:27 - 2015-12-08 19:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL2016-01-13 12:27 - 2015-12-08 19:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll2016-01-13 12:27 - 2015-12-08 19:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll2016-01-13 12:27 - 2015-12-08 19:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll2016-01-13 12:27 - 2015-12-08 19:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL2016-01-13 12:27 - 2015-12-08 19:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL2016-01-13 12:27 - 2015-12-08 19:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL2016-01-13 12:27 - 2015-12-08 19:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll2016-01-13 12:27 - 2015-12-08 19:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll2016-01-13 12:27 - 2015-12-08 19:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL2016-01-13 12:27 - 2015-12-08 19:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL2016-01-13 12:27 - 2015-12-08 19:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL2016-01-13 12:27 - 2015-12-08 19:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL2016-01-13 12:27 - 2015-12-08 19:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll2016-01-13 12:27 - 2015-12-08 19:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2016-01-13 12:27 - 2015-12-08 19:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL2016-01-13 12:27 - 2015-12-08 19:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL2016-01-13 12:27 - 2015-12-08 19:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll2016-01-13 12:27 - 2015-12-08 19:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll2016-01-13 12:27 - 2015-12-08 19:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll2016-01-13 12:27 - 2015-12-08 19:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL2016-01-13 12:27 - 2015-12-08 19:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll2016-01-13 12:27 - 2015-12-08 19:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL2016-01-13 12:27 - 2015-12-08 19:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL2016-01-13 12:27 - 2015-12-08 19:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL2016-01-13 12:27 - 2015-12-08 19:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll2016-01-13 12:27 - 2015-12-08 19:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL2016-01-13 12:27 - 2015-12-08 19:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL2016-01-13 12:27 - 2015-12-08 19:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll2016-01-13 12:27 - 2015-12-08 19:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll2016-01-13 12:27 - 2015-12-08 19:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe2016-01-13 12:27 - 2015-12-08 19:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll2016-01-13 12:27 - 2015-12-08 19:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax2016-01-13 12:27 - 2015-12-08 19:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe2016-01-13 12:27 - 2015-12-08 19:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll2016-01-13 12:27 - 2015-12-08 18:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys2016-01-13 12:27 - 2015-12-08 18:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys2016-01-13 12:27 - 2015-12-08 18:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys2016-01-13 12:27 - 2015-12-08 17:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2016-01-13 12:26 - 2015-12-30 19:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2016-01-13 12:26 - 2015-12-30 19:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2016-01-13 12:26 - 2015-12-30 19:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys2016-01-13 12:26 - 2015-12-30 19:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2016-01-13 12:26 - 2015-12-30 19:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll2016-01-13 12:26 - 2015-12-30 19:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll2016-01-13 12:26 - 2015-12-30 19:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll2016-01-13 12:26 - 2015-12-30 19:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2016-01-13 12:26 - 2015-12-30 19:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2016-01-13 12:26 - 2015-12-30 19:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll2016-01-13 12:26 - 2015-12-30 19:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll2016-01-13 12:26 - 2015-12-30 19:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll2016-01-13 12:26 - 2015-12-30 19:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2016-01-13 12:26 - 2015-12-30 19:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll2016-01-13 12:26 - 2015-12-30 19:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll2016-01-13 12:26 - 2015-12-30 19:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll2016-01-13 12:26 - 2015-12-30 19:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll2016-01-13 12:26 - 2015-12-30 19:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll2016-01-13 12:26 - 2015-12-30 18:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2016-01-13 12:26 - 2015-12-30 18:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2016-01-13 12:26 - 2015-12-30 18:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll2016-01-13 12:26 - 2015-12-30 18:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2016-01-13 12:26 - 2015-12-30 18:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll2016-01-13 12:26 - 2015-12-30 18:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll2016-01-13 12:26 - 2015-12-30 18:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2016-01-13 12:26 - 2015-12-30 18:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll2016-01-13 12:26 - 2015-12-30 18:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll2016-01-13 12:26 - 2015-12-30 18:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll2016-01-13 12:26 - 2015-12-30 18:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2016-01-13 12:26 - 2015-12-30 18:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll2016-01-13 12:26 - 2015-12-30 18:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll2016-01-13 12:26 - 2015-12-30 18:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2016-01-13 12:26 - 2015-12-30 18:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2016-01-13 12:26 - 2015-12-30 18:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2016-01-13 12:26 - 2015-12-30 18:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2016-01-13 12:26 - 2015-12-30 18:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll2016-01-13 12:26 - 2015-12-30 18:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2016-01-13 12:26 - 2015-12-30 18:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2016-01-13 12:26 - 2015-12-30 18:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2016-01-13 12:26 - 2015-12-30 18:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2016-01-13 12:26 - 2015-12-30 18:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll2016-01-13 12:26 - 2015-12-30 18:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2016-01-13 12:26 - 2015-12-30 18:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2016-01-13 12:26 - 2015-12-30 18:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2016-01-13 12:26 - 2015-12-30 18:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2016-01-13 12:26 - 2015-12-30 18:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2016-01-13 12:26 - 2015-12-30 18:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll2016-01-13 12:26 - 2015-12-30 18:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll2016-01-13 12:26 - 2015-12-30 18:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2016-01-13 12:26 - 2015-12-30 18:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2016-01-13 12:26 - 2015-12-30 18:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll2016-01-13 12:26 - 2015-12-30 18:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll2016-01-13 12:26 - 2015-12-30 18:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 17:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe2016-01-13 12:26 - 2015-12-30 17:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe2016-01-13 12:26 - 2015-12-30 17:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe2016-01-13 12:26 - 2015-12-30 17:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe2016-01-13 12:26 - 2015-12-30 17:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys2016-01-13 12:26 - 2015-12-30 17:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys2016-01-13 12:26 - 2015-12-30 17:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys2016-01-13 12:26 - 2015-12-30 17:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe2016-01-13 12:26 - 2015-12-30 17:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe2016-01-13 12:26 - 2015-12-30 17:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2016-01-13 12:26 - 2015-12-30 17:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2016-01-13 12:26 - 2015-12-30 17:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2016-01-13 12:26 - 2015-12-30 17:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2016-01-13 12:26 - 2015-12-30 17:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll2016-01-13 12:26 - 2015-12-30 17:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 17:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 17:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll2016-01-13 12:26 - 2015-12-30 17:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll2016-01-13 12:26 - 2015-12-08 21:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll2016-01-13 12:26 - 2015-12-08 19:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-02-02 23:26 - 2009-11-03 11:47 - 00003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C2CFCBE3-0465-44C4-8FBF-27A3BFD198B7}2016-02-02 23:06 - 2015-09-07 22:06 - 00000996 _____ C:\Windows\Tasks\VkYoEGaZpE.job2016-02-02 23:04 - 2010-01-31 21:20 - 00000000 ____D C:\Users\Miguel\AppData\Roaming\Skype2016-02-02 23:00 - 2013-10-26 22:11 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2016-02-02 22:55 - 2015-10-17 15:44 - 00001008 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2016-02-02 22:55 - 2015-10-17 15:44 - 00001004 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2016-02-02 22:37 - 2015

A: I am infected by safe search finder please help me.

Welcome to Bleeping Computer's Malware Removal Logs area. My name is Sintharius. I will assist you with your problem.Please give me some time to review your logs and I will be back with instructions.Meanwhile please post the Addition.txt log that comes with FRST.txt the first time FRST is ran on your computer.

5 more replies
Answer Match 58.38%

Having torrid time trying to remove this safe finder / feed sonic search from my pc.
It landed yesterday preumsbaly with some free stuff I was downloaoidng for Microsoft FSX.
I have scanned and cleaned with the stuff listed above but then the thing returns when I restart the pc or restart the broewser.
Can't bear the thought of having to use FIREFOX instead.

HELPPPP>

POS. I'm a silver surfer, so be kind.
 

A:Safe Finder / Feed Sonic

Hello,
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.

It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

2 more replies
Answer Match 58.38%

March 24, 2016

I have a safe search infiltration taking over my firefox browser. It happened when I downloaded from a free site a gif to mp4 conversion tool. Please assist.
Bless you and Thank you for your assistance.
Anne Terri

email removed
 

A:Assistance in removing Safe Finder

Hello Anne,

Please do not put your email like that online. Spammers just wait to send you fake emails.
Do you have Addition.txt report?
 

1 more replies
Answer Match 57.54%

Hi everyone,

I'm looking for a reliable and safe duplicate file finder utility that maybe identifies " EXACT DUPLICATES " and maybe even color codes them for removal. Something that at least tells you the ones that are safe to remove. I have a Dell Computer, Home Edition, SP2, 120GB HD, 2.8GHz processor, and 1024GB of Ram. I appreciate all your help in advance.
 

A:Looking for safe duplicate file finder utility

Welcome to TSG.

Please only start one thread per problem. You have a reply in your other thread, so I have closed this one.
 

2 more replies
Answer Match 57.54%

Hi everyone,

I'm looking for a reliable and safe duplicate file finder utility that maybe identifies " EXACT DUPLICATES " and maybe even color codes them for removal. Something that at least tells you the ones that are safe to remove. I have a Dell Computer, Home Edition, SP2, 120GB HD, 2.8GHz processor, and 1024GB of Ram. I appreciate all your help in advance.
 

A:Looking for safe duplicate file finder utility

9 more replies
Answer Match 57.12%

I lost my product key. I upgraded to windows 10 last week & I don't like it. Want to go back to windows 7 but having big time problems. After reading others in the same situation, I realize I need to do a clean install. I have my Windows 7 Recovery Disc but not the product key. I know you can find by downloading a Product Key Finder software. My question: Can I download a product key finder software in safe mode? Will I be able to find my product key in safe mode?
 

A:Can I download a product key finder software in safe mode?

7 more replies
Answer Match 56.7%

My computer is infected with a search hijacker. I've tried malwarebytes, trend micro and super-antispyware, but haven't been able to remove it. Now, windows won't even start - it gets hung up after the initial window xp screen, leaving just a blank black screen; i.e. the desktop never comes up. Thanks for the help. Here is the DDS log:DDS (Ver_09-12-01.01) - NTFSx86 NETWORK Run by Joe at 20:43:06.21 on Tue 12/15/2009Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.721 [GMT -5:00]AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\rundll32.exeC:\Documents and Settings\Joe\Desktop\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.com/uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0�... Read more

A:Infected with search hijacker; now windows doesn't open except in safe mode

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

13 more replies
Answer Match 55.86%

Sorry ahead of time - I'm not sure what the actual malware is.I cannot reach gmail (or if I can, it is very sporadic) - the page displays with the following error:Not FoundThe requested URL /accounts/ServiceLogin was not found on this server.Apache/2.2.3 (Red Hat) Server at www.google.com Port 443I am also not able to get to google reader - it brings me to google itself, and the header image doesn't load.Search results in google and yahoo do not resolve either, but redirect to another site with ads (such as searchclick8.com/....)Finally, if I try to reboot into safe mode, the system reboots again, so if I continue to go to safe mode, it's just a loop of failure and disappointment.I have downloaded combofix but have not yet run it, and I'm including my DDS and GMER logs in this post. Sorry I couldn't give more information, but I'd be happy to look into anything that could further clarify the issue.Thanks!Sorry! Forgot my DDS.txt log:DDS (Ver_09-12-01.01) - NTFSx86 Run by Matt Kowalski at 20:38:18.28 on Wed 02/17/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.231 [GMT -5:00]AV: avast! Antivirus *On-access scanning enabled* (Updated) Copyright Information 5============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files... Read more

A:Infected with malware - no gmail, search results do not resolve, and safe mode loop

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

17 more replies
Answer Match 52.5%

im trying to find an old friends email address & ive seen lots of people finder web sites.Can anyone suggest a FREE site that can help me find their email address?

More replies
Answer Match 48.3%

i cannot seem to get rid of this bleeping browser virus.  anyone have a tip?  thanks in advance!

A:search snacks, safe search has hijacked my browser

Hello bcsalzerWhich browser is that?Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....ADW CleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double-click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-cli... Read more

1 more replies
Answer Match 47.04%

I'd like to force google (and other popular search engines) to use strict safe search for parental control reasons via the hosts file, so if anyone knows the correct ip address's/domains i'd appreciate it.

More replies
Answer Match 44.94%

Logfile of random's system information tool 1.06 (written by random/random)Run by Naitik Bhatt at 2009-06-29 14:10:11Microsoft Windows XP Professional Service Pack 2System drive C: has 17 GB (46%) free of 38 GBTotal RAM: 2038 MB (57% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:10:15 PM, on 6/29/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16850)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.ex... Read more

A:Infected with trojan malware, google search redirected (search-tracker.net)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 44.52%

Hi.My problem is each time I open my IE Explorer I get a pop up on my desktop tray that gives varied messages: Examples:SYSTEM ERROR FOUND, SCAN YOUR PC NOW! or WARNING ERROR DETECTED, FIX IT NOW! If I click on this popup on my desktop tray it takes me to www.search-daily.com.Likewise when I try to use Google or MSN or Yahoo search engines, and clck on any link, it redirects me to www.search-daily.com.Prior to posting this message I followed your guidlines. I ran Ad-Aware, SpyBot, Bit Defender, and McAfee Avert Stinger. Everything says my system is clean. However as soon as I opened my IE Browser to come back to this site, I got another pop message on my desktop tray from www.search-daily.com - SYSTEM ERROR FOUND, SCAN YOUR PC NOW! - so I know my system is still infected with search-daily redirect.Here is my hijack log. Thank you in advance for all your help. - LindaLogfile of Trend Micro HijackThis v2.0.2Scan saved at 3:30:02 PM, on 11/10/2007Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:&... Read more

A:Infected With Ie Browser Search Engine Redirect To Search-daily.com

Welcome to the BleepingComputer HijackThis Logs and Analysis forum limelight My name is Richie and i'll be helping you to fix your problems.Download and run Fixwareout from the link below: http://www.bleepingcomputer.com/files/lonny/Fixwareout.exePost the contents of the logfile C:\fixwareout\report.txt in your next reply.Download SDFix.exe and save it to your desktop:http://downloads.andymanchesta.com/RemovalTools/SDFix.exe* Double click on SDFix on your desktop,and install the fix to C:\ Please then reboot your computer into Safe Mode by doing the following:* Restart your computer* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;* Instead of Windows loading as normal, a menu with options should appear;* Select the first option, to run Windows in Safe Mode, then press "Enter".* Choose your usual account.* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.* Type Y to begin the script.* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.* Press any Key and it will restart the PC.* Your system will take longer that normal to restart as the fixtool will be running and removing files.* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.* Finally open the SDFix folder on... Read more

15 more replies
Answer Match 44.1%

Hi,
 
I have my sons computer and he seems to have a few different issues I am seeing delta search and conduit search and tried removing them through control panel add remove but they are still present.  Please advise.
 
Thanks,
 
Justin

A:Infected with delta search and conduit search malware please help

Hello Justin I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", ... Read more

13 more replies
Answer Match 42.84%

I know this topic has been posted many times. Normally, I'm careful when downloading, but somehow Safe Search has been installed and I can't get rid of it! I have scanned my computer with Malware Bytes, but it's still there. My computer is running slow, hanging up and my homepage is always changing to Bing. So, please guide me through the process!!!!

A:SAFE SEARCH HAS TAKEN OVER!!!

First off, see if you can see this "Safe Search" (which I assume is Conduit Safe Search) in the Control Panel under "Uninstall a Program" or something like that. If it is there, go ahead and download IOBit Uninstaller. Then uninstall "Safe Search" and run a Powerful Scan afterwards. After that, disable/remove any browser extensions in your browser related to "Safe Search". 
 
IOBit Uninstaller; http://www.majorgeeks.com/files/details/iobit_uninstaller.html

6 more replies
Answer Match 42%

Hi i have been using AVG free for about 2 years now but over the last 4 weeks i think since the last update  i keep getting the AVG Nation search engine  when i open a new tab in firefox ver 27.0.1 i did what it said on AVG help and support  and uninstalled using control panel  also in control panel is AVG pc tune up but when i try to uninstall i get an error message saying missing file so AVG safe search/Nation is no longer showing in control panel but when i open a new tab after closing and restarting firefox i still get the AVG nation search page  and if i search  the address does not show in the navigation bar  it just says search. so i used the special program AVG says on thier support page to remove  avg nation  but still it is on firfox all that program did was wipe out my chrome browser so i had to reinstall chrome. i searched  looking for an answer  to this problem and found awdcleaner so i used that and it found AVG nation  so i cleaned but still avg naqtion is on firefox but if i go into tools/options on firefox and press HELP a new firfox start page opens and if i open a new tab  on that no avg nation but if i open firefox from the shortcut on my destop/start menu  avg nation is back again HELP PLease

A:Hi i got a problem with AVG safe search

AVG Security Toolbar and AVG Secure Search (created by the makers of AVG Anti-virus) are optional add-ons when installing their anti-virus product if you choose "Customized" install instead of "Express". Since most folks choose an Express install they usually are not aware these options are also being installed as they are pre-checked by default during installation. Some users have also reported that after AVG auto-updates, it will install the toolbar as a browser add-on without input from the user.AVG Security Toolbar and AVG Secure Search are also commonly bundled as an option with other free software users may download and install. Many folks overlook that option since it is pre-checked by default and they unknowingly install it. For example, the toolbar is bundled with PDFCreator.So even if you decline the option to use these add-ons when installing AVG anti-virus, you may still end up finding them on your system some point after an AVG update or by unknowingly downloading and installing another program where they have been bundled. This also explains how those who never used AVG anti-virus also sometimes find AVG Secure Search and the Security Toolbar installed. Be careful what you download and read everything during the installation.* How To Disable AVG Secure Search Provider In Browsers* How to uninstall AVG Secure Search in Firefox, Internet Explorer and Chrome* How To Disable AVG Search From New Tab* How to remove AVG Toolbar, Homepage and Secure Search from your bro... Read more

7 more replies
Answer Match 42%

How do you disable Google "safe search filtering"?
Every time I browse the net, the bloody thing comes up even though I click on it and save the setting!

A:Safe search filtering

Firefox > Tools tab > Add on's > disable or remove
Internet Explorer > Tools > Manage add on's

5 more replies
Answer Match 42%

i just restored my computer back to factory state and downloaded my subscription for norton internet security but now when i search google the little checkmark from norton does not show up to tell me how safe a site is. how do i fix this?
running windows 7

A:norton safe search

Norton Safe Search ? New and Improved AnnouncementNorton Safe Search is completely optional...We originally rolled out Norton Safe Search in March as an update to Norton Internet Security 2009 and Norton 360v3. We quickly learned that users wanted to be given the choice to add the Norton Safe Search feature or not. We took immediate action to respond to these concerns by turning off the feature by default.I cannot find Norton Safe Search in my Web browserThe option to enable Norton Safe Search appears when you first perform a search in your Web browser.Perform a search in your Web browser, and when you get the alert to enable Norton Safe Search, click OK.Q. Can I disable or enable Norton Safe Search?A. Yes. You can disable or enable Norton Safe Search manually via the Norton Toolbar menu. To disable or enable Norton Safe Search, click on the Norton logo on the Norton Toolbar and select disable/enable Norton Safe Search from the drop-down menu.This link includes screenshots of Norton Internet Security settings to include the Toolbar.

3 more replies
Answer Match 42%

I use Firefox as my default browser and all works well.

When I set my Google Search settings on Firefox to "No filtering" it sticks and that is that. When I do the same on Chrome it says it saves my decisions and all is OK on the session, but when I next open Chrome it shows "Moderate". Big Brother is trying to protect me from the evil world.

I am a big boy and can take everything the net can throw at me and still enjoy my meal at the end of it.
Whilst I respect the gullible and feeble minded attitude of some people in our society, I do not appreciate this mentality trying to protect me from all life's evils, I am quite capable of doing this myself.

So, How can I disable Google`s Safe Search and consign it to the dustbin where in my world it belongs ? AND why does Firefox accept and retain my personal needs whilst Chrome ignores them and insists on filtering my browsing to the level of a Granny`s garden party?

One thing I cannot accept in my life is censorship. I am more than capable of censoring what confronts me myself and will not collapse in a heap whatever the subject matter may be.

I am an adult and adults should have the mental ability to look after themselves, not expect to be nursemaid-ed through life by puritanical minders.

A:Google Safe Search

Are you saving the cookies related to safe search in chrome?

5 more replies
Answer Match 42%

I have used the following programs to attempt to remove "SAFESEARCH" from my Google Browser including numerous reinstalls of the google browser itself.

Malware Antimalware --- SpyHunter --- Stopzilla --- Advance System Care --- Google Removal Tool --- Avast --- CC Cleaner - Hijack This --- MS Malicious Software Tool --- Slim Cleaner --- Windows Defender.

Where do I go from here folks?

A:Safe search nightmare

Remove SafeSearch toolbar and safesearch.net (Uninstall Guide)

- have you tried that?

0 more replies
Answer Match 42%

I operate Windows XP with AVG 2013, PrivateFirewall and Sandboxie. My PC is perfectly clean and free from infections of any kind.

Weekly scan checks are carried out manually, using either AVG, MBAM or Emsisoft AM. I rarely get any infections found and of those only minor issues. Never had anything serious. Even when infections have been found, 90% are false positives.

My web surfing is as unrestricted as I can get it - no filters accepted - I go where I want to and nothing has got through my security combo. Sandboxie is as near perfect protection as you can get.

Question ?
Google has a search filter and a Safe Search plugin, AVG has a Safe Search linked to a dreadful nuisance of a toolbar, plus another Secure Search plugin, I believe Firefox plays at it too, WOT is popular and a selection of other players endeavor to protect us from Pandora`s Box of ills and being shocked to the core by the sight of a naked backside or uncouth language etc.

I consider all these "Safe Search" extra`s a complete waste of time and to me, an infringement on my level of intelligence. Being unshockable and with my security minders, I have no need at all for any of them.

My security package keeps me perfectly safe from hackers, bugs and other infections, so what are these vendors trying to do ? Ensure that we maintain a pristine and unblemished soul to take to Heaven when our boat comes in ? The last thing I need is somebody else`s opinion on moral purity and conservation, my Halo fe... Read more

A:Safe Search Gimmicks

Hi, WOT, McAfee SiteAdvisor, AVG SafeSearch, etc can give you a good second opinion on an unknown website. There have been many times when I stumble upon a sketchy looking online store with very good prices which I believe to be scams. A quick google search or look at the WOT bar reveals that these sites are indeed legit. However, there have been cases with companies using tactics to get a green WOT rating by cheating the system basically.

9 more replies
Answer Match 41.58%

I looked at most of the forums pertaining to this and i have spybot search and destroy (which i lurve) and malwarebytes anti malware, but it hasnt gotten rid of the virus, even when i reboot. I've tried the Stopzilla, but it tells me that one or more other users are logged in when i only have my account on this computer (I'm running Windows 7)

DDS txt log:
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Admin at 21:53:41.65 on Fri 05/06/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2240 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
... Read more

A:infected with search.search-star.net

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

5 more replies
Answer Match 41.58%

Hi, hav just removed above invitation to use from IE opening page by removing download from downloads page!
 

A:Solved: removing avg safe search

12 more replies
Answer Match 41.58%

[I am done using AVG for this insidious cr-p]

I can not get rid of AVG's "Safe Search" to get off my home page {Intrnet Explorer}
edit "Secure Search" not safe search
i have done the usual methods,IE tools,resetting this and that, removed AVG virus software,used a Uninstaller......AVG Safe Search still control's my homepage

edit "Secure Search" not safe search
.
 

A:AVG'S AVG Safe Search ...REFUSING TO LEAVE

3 more replies
Answer Match 41.58%

I was downloading a communications app for gaming (raidcall). Which had all this junk on it that I didnt know about.
 

A:safe search take over of internet explorer

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

4 more replies
Answer Match 41.58%

Hello, I was wondering if anyone knew how to completely uninstall/stop AVG safe search it's very annoying because I like their anti-virus but I hate safe seach.

Thanks,
-Rick

A:AVG safe search complete removal?

Hi Rick99

See if these links help

Firefox: Can’t Uninstall AVG Safe Search Extension Because Uninstall is Grayed Out
http://www.avg.com/ww-en/secure-search-uninstall

7 more replies
Answer Match 41.58%

Please anyone, can you tell me how to remove the Safe search in Viewzi!! I feel like a prisoner!! LOL PLease help!

Thanks and Happy Thanksgiving! A~
 

More replies
Answer Match 41.58%

When I search for something in Viewzi.com, a small messsage is displayed that says "safe search is on". But I can find no where to turn it off.

Can anyone tell me where to turn off Safe Search in Viewzi ?

Thanks!
 

More replies
Answer Match 41.58%

Help, I did a dumb thing, I downloaded AVG and a pop up asked if I wanted to make safe search my default browser. now that I have read what a stupid thing that was to do, how do I get rid of it?

A:I just downloaded AVG and said yes to safe search - woops

What is AVG Secure SearchAVG Secure Search alerts you before you visit dangerous webpages...AVG Secure Search provides an additional security layer while searching and surfing to protect you from infected websites. It checks every page before you even click on a link to make sure your identity, your personal information and your PC are protected...What is AVG Security ToolbarThe AVG Security Toolbar is a tool that works together with the LinkScanner component and checks the search results of supported Internet search engines (Yahoo!, Google, Bing, Baidu, Yandex, Ask.com, AOL, Seznam.cz)...How to uninstall AVG Secure Search in Firefox, Internet Explorer and ChromeHow to remove AVG Toolbar, Homepage and Secure Search from your browser with AVG Toolbar Remover tool.

1 more replies
Answer Match 41.58%

Hi I was recently having some issues with my internet history and favorites about the wrong logos appearing beside the website that I posted about in another section. So I downloaded Spybot Search and Destroy to see if it was spyware but nothing was found then I did an immunilization and I checked the logos in the start menu and they went back to be the correct ones.

But what I would like to now is Spybot search and destryy safe? I've heard of fake ones that are actually spyware and virus. And where should I download it at? I was on their site but they give you a list of sites from where to download this progarm. Are all of those safe? I just would like to make sure so I don't download something that ruins my computer. Thanks for the help.

A:Could someone tell me if Spybot Search and Destroy safe?

Originally Posted by jinnstarkiller


Hi I was recently having some issues with my internet history and favorites about the wrong logos appearing beside the website that I posted about in another section. So I downloaded Spybot Search and Destroy to see if it was spyware but nothing was found then I did an immunilization and I checked the logos in the start menu and they went back to be the correct ones.

But what I would like to now is Spybot search and destryy safe? I've heard of fake ones that are actually spyware and virus. And where should I download it at? I was on their site but they give you a list of sites from where to download this progarm. Are all of those safe? I just would like to make sure so I don't download something that ruins my computer. Thanks for the help.



J

Spybot is safe to run when you get it from a safe site. It is far from the be all, end all for virus andspywear. what are you using for those?

Ken

6 more replies
Answer Match 41.58%

Is Search.mymapsxp.com safe, i am always redirected to it. I search it on the Internet, there are many posts about the details and removal guides like http://windowsproblemshelpcenter.bl... But i need the one that is of no cost. who can give me free guides

A:Is Search.mymapsxp.com a safe website

Here are the first 2 steps, there will be more steps needed, after I see the results of these logs.Run them in this order.Step 1: Run AdwCleaner http://www.softpedia.com/get/Antivi...http://www.raymond.cc/blog/adwclean...http://www.bleepingcomputer.com/dow...Author's sitehttp://general-changelog-team.fr/en...Tutorialhttp://general-changelog-team.fr/en...Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Clean.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please Copy & Paste the contents of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[S1].txt as well.http://i.imgur.com/r3PoAEG.gifStep 2: Run Junkware Removal Toolhttp://www.softpedia.com/get/Securi...http://www.bleepingcomputer.com/dow...http://thisisudax.org/http://thisisudax.blogspot.com.au/2...Download Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.Warning! Once the scan is complete JRT will shut down your browser with NO warning.Shut down your protection software now to avoid potential conflicts.Temporarily disable your antivirus and any antispyware real time protection before performing a scan.Click this link to see a list of security programs that should be disabled and how to disable them.http://www.bleepingcomputer.com/for...http://www.techsupportforum.com/for... Run the tool by do... Read more

3 more replies
Answer Match 41.58%

How do you turn Google Safe Search off? I did
the preference,and checked do not filter my
search results. Then hit save. The next time I
try, the preference has gone back to use mode-
rate setting. Any help would be appreciated.
Thank You
 

A:Turn off Google Safe Search

Go to http://www.google.co.uk/
Then go to the Images tab and search anything.
Look where is says SafeSearch is On, and use the arrow and select Moderate (I recommend that) or turn Search Content Filter Off (this shows pornographic and dangerous content).

If this helped you, please mark this thread as solved
 

2 more replies
Answer Match 41.16%

Hi when I downloaded AVG virus protection I accidentally forgot to unclick the yahoo safe search toolbar.  Now I have yahoo safe search taking over every search I do in google chrome. Please help me remove it.Edit: Topic moved from Windows 8 to AII. ~ Computerxpds

A:Need help deleting yahoo safe search off my computer. Please

Hi ColFrogfoot Yahoo! Safe Search can be removed without a lot of effort. Let's just do it the proper way:MiniToolBoxDownload MiniToolBox and move the executable file to your Desktop;Execute MiniToolBox and check the following options:List Installed Programs;List Last 10 Event Viewer Errors;Once this is done, click on Go and wait for the scan to complete;Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

26 more replies
Answer Match 41.16%

Avira Operations GmbH & Co. KG introduced today Avira Safe Search a new Search product.
Avira Safe Search will be expanded with additional functionalities, helping you to find the best offers, travel deals and weather information. Avira Safe Search will also enhance your protection by adding appropriate security information to every search result.

In case you don't want to install the Avira Safe Search extension you can simply go to the SafeSearch homepage and start exploring: https://safesearch.avira.com/

Download Avira Safe Search - English: http://www.avira.com/en/avira-safesearch
Download Avira Safe Search - German: http://www.avira.com/de/avira-safesearch

Source: http://blog.anti-virus4u.com/2014/05/download-install-avira-safe-search.html
 

A:New Avira Safe Search on English & German

You will basically get with this the same search results as with Google Search ..... I never understood why something like this is need it, but there might be a few out there that like this product. And as long as they don't start bundle this program with other installers, then its fine.



FYI, this product is basically a browser extension, so its easy to remove.. (that's a plus)

 

2 more replies
Answer Match 41.16%

Hi all, I have a laptop here that I've been struggling with to get clean. The search keeps getting reset to Trovi, I've seen conduit somewhere in it, and I had a service.exe in a pcreg folder in Program Files keep trying to startup, which identified it as coming from Safer Search Inc. (I have since deleted the pcreg folder.) For all I know there are much more deeply hidden infections as well.
 
Normally I would just throw the kitchen sink at it (tdsskiller, malwarebytes, adwcleaner, hitmanPro, etc) and see whether that worked, but having found this site search for solutions, I thought I would try this more focused route instead. I am hoping to have the computer cleaned and done within 24 hours.
 
So, I know you guys will need a log of some kind to start with, what log would be most helpful, and where should I get the program to generate it?
 
Thanks!
 
Edit: Win 8.1 laptop, chrome and IE browsers, Windows Defender antivirus/firewall.

A:Conduit/Trovi/Safe Search Inc issues and maybe more - help?

I appreciate all the assistance and well wishing I've gotten on this topic the last six hours, but I went ahead and threw the kitchen sink at it and so far so good. Please don't think I was ignoring your advice. I simply couldn't sit on my hands any longer.
 
Thanks

5 more replies
Answer Match 41.16%

About a month ago Windows Defender notified me that I had a virus and supposedly removed it. Then Google started redirecting, and eventually the Google page woundn't load at all. Now no search engine works. Every time I try to boot in normal mode it gets to the desktop and ten seconds later I get the BSOD, except instead of the usual white writing, there are only white streaks. I've run AVG (it came up with agent_r), Malwarebytes (found 9 infected registry keys that were adware and 2 infected registry values: Trojan.Agent and Rogue.OpenCloudSecurity), and TDSSKiller (found a hidden file). Please tell me what I need to do to fix this as I am out of ideas! Thanks!

Logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by Kelley at 18:07:25 on 2011-10-18
Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.1790.1229 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k Loca... Read more

A:Can only boot in safe mode, no search engine

Hello kcwal,

Welcome to Bleeping computer.

Please update me on the current condition of your computer.

Use F8 at startup to get to Advanced Boot Options. Tell me if you have "Repair your computer" option.

Please tell me if you have a Windows install DVD.

44 more replies
Answer Match 41.16%

I too, have been bit by the redirect bug. strangely, though, the computer also won't boot in safe mode (blue screen stop). it boots into norma mode fine and the only major effect I see is the first couple pages of search engine results get redirected to random shopping type sites. attached are my scan files per your request.

I'm running a 1.7ghz Pentium M with 1gb RAM on WinXP Pro SP2.

Thank you so much for any help. i've tried Norton, Mcafee, Malware, superantispyware and all have id'd stuff, said they cleaned it, but I still have the problem.



DDS (Ver_09-10-26.01) - NTFSx86
Run by Nav at 21:09:27.62 on Sun 11/15/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.448 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program... Read more

A:Search engine redirects & no safe mode

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. The logs that you will be posting can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.


If you follow these instructions, everything should go smoothly.


Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

=================

P2P Warning!

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

BitTorrent

P2P programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been case... Read more

1 more replies
Answer Match 41.16%

I did a Search for *.gif* and found tons of pics from My Pictures file...many. many, many that I had deleted years ago (Hurricane Katrina for example). My instinct was to delete everyone of them but I then saw current pics that I have not deleted and still have in My Pictures file. My main question is: Can I safely delete the pics that I "thought" were already deleted? And can I return some of them to My Pictures file? OH..sudden thought...will the deleted pics just go hide somewhere else?
I realize that nothing is ever really deleted from a pc..(especially Norton & Symantec..biting tongue) but I need the space/memory since I have an older pc and am running low. (I have a HP Pavilion 305 desktop...256MB...yeah, I know, I know.) Am I deluding myself to think that getting rid of pics and music will help? I keep up with disk cleaner..defrag...CCleaner (love it..found out about it while lurking here on BC..ta dummm) in my efforts to maintain my old, slow pc.
I fear that I know just enough about pc's as to be dangerous to the plastic marvel. I have "learned" a thing or two from coming to this site and pilfering around the forums...thank you much! However, I am having trouble finding anything about my question..ergo..am speaking instead of lurking. I hope I have been able to speak clearly....deep breath here.
I will appreciate any info, help or suggestions... short of saying "Get a new pc"...(small attempt at humor.)
Rose, in the throes

A:Is It Safe For Me To Delete Pics Found In A Search Of *.gif*

Using the Search function to find files...leads to many items which are not necessarily files but references to files.

You say that you found .gif files which you had deleted...I would suggest that you doublecheck that.

Unless you currently have Symantec products installed (which have a hidden Recycle Bin), anything deleted and dumped from the Recycle Bin...should have been history.

Louis

15 more replies
Answer Match 41.16%

Thank you for reading this. About three weeks ago I started getting redirected on google and bing searches. I've used Chrome, IE, and Opera and it happens in all browsers. It even happens when I start in safe mode! I've run Symantic Anti-virus, Malware Bytes, Windows Defender, TDSKiller, and others and nothing seems to spot the issue! I don't have a system restore point that goes back that far so I can't do that...my only option after this is to format and reinstall Windows 7 (64 bit). I've posted the DDS log below which I ran in safe mode -- I thought this would be ok since the issue happens in safe mode as well. Additionaly, randomly hiddien iexplore.exe processes get started with the 'SYSTEM' as the user. I don't notice them until they start to TALK. They play audio ads...it is very annoying. So I kill the proccesses (7-8 by this time) and then randomly 10 min or 2 hours later there they are again! It seems as though I get redirected through some ad website and then land on 'monstermarketplace dot com' or 'topdaofinder dot com'. Any help would be greatly appreciated!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421
Run by ddine at 8:28:05 on 2012-05-23
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.8075.6400 [GMT -3:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68... Read more

A:Search Engine Redirect -- even in safe mode

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At t... Read more

37 more replies
Answer Match 41.16%

Unfortunately this no longer solves the issue. Norton should be ashamed of themselves. They are as much Malware as the things they claim to prevent.

Anyone know how to do this? I have removed Norton Toolbar, turned off safe search in the toolbar settings. That didn't work, even after a browser restart. I disabled the toolbar, still there.

how do I get rid of Norton Malware?

A:Re: How Can I Disable Norton Safe Search On Firefox?

Hi and Welcome to TSF!

How did you go about remove Norton from your system?

Did you use their uninstall tool from here:

https://support.norton.com/sp/en/us/...rProfile_en_us

7 more replies
Answer Match 41.16%

Another problem is is that there are like three blank drivers. And last night when I tried going into safe mode, it wouldn't go, it'd get stuck on like mup.sys

Also, I'll post what my friend's friend wrote out for me (not my typing)
Well im going to bed its 3am and im having internet issues.
Before I do i wanted to leave you a note, You had Vundo and I got rid of it
But it had infected your MagicTune instalation, so you're gunna need to reinstall that if you care about it.
I also tracked down whats causing the virus blocked warnings, your svchost.exe is infected with something.
And it is trying to update itself -.-
I haven't found a solution but if you remind me ill look tomarrow.
Anyways a few others I found:

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
This is spyware, and should be removed, though not that important

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
One of the reasons your web browser search queries are being hijacked.
Removal instructions: http://www.iamnotageek.com/a/430-p1.php

[PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
One of the reasons your web browser search queries are being hijacked.
I couldn't find removal instructions, but i didn't look hard.

[ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
Another browser hijacker.
There were a few other registry issues and s***, but i cleaned em up.
As for your drivers, I am not going to touch them but non... Read more

More replies
Answer Match 41.16%

Hello,

New to forum and looking for assistance. I recently contracted what seems to be the popular search engine redirect malware and can't get rid of it. Looking for help in doing so. Have run Malwarebytes, McAfee antivirus, CCleaner to no effect. Also can't enter safe mode. I was going to run GMer from there but get blue screen lock up before getting to safe mode.

Any assistance would be appreciated. Next steps to try?

Thanks,

A:Search engine redirect & no safe mode

Hello, Did MalwareBytes find anything? Please post that log.Next... After installing it..Instructions below this..SUPERAntiSypware has a built in "Repairs" feature to fix policy restrictions and certain Windows settings which are sometimes targeted by malware infection. To use this feature, launch SUPERAntiSypware.Click the Repairs tab.Click on (highlight) "Repair broken SafeBoot key" and then click the Repair button.You may be asked to reboot your computer for the changes to take effect.Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point... Read more

29 more replies
Answer Match 40.74%

How can I disable Norton Safe Search in Firefox? I was prompted by Norton to add it to Firefox, and I answered too quickly! Now, I can't get rid of the damned thing. I've tried everything I know, so I am open to suggestions.

Thanks ...

A:[SOLVED] How Can I Disable Norton Safe Search On Firefox?

Well, I found the answer ... finally! All you have to do is click on the 3 asterisks on the tool bar. Then you can disable the thing.

4 more replies
Answer Match 40.74%

McAfee safe search icon stays green for a while then turns grey and does not work at all on any browsing. ant ieas would be great.

More replies
Answer Match 40.74%

McAfee safe search icon stays green for a while then turns grey and does not work at all on any browsing. ant ieas would be great.

More replies
Answer Match 40.74%

Hi,I have been working with boopme for several days and we have downloaded and scanned my system to this point. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/304662/help-computer-infected-problem-running-spyware-tools/ ~ OBAt the start, many popups and redirects, several apps would not run including malware tools. Things are MUCH Better.Now, the only symptems are...1. Still get redirected when using search engines. 2. Cannot get the latest windows xp security update to install. 3. During the course of cleaning up my infection, the last step I began to not get to safe mode. It worked the first time, but once I tried to run DrWeb as suggested, it quit working, and restarts. Saying windows failed to start. My computer boots normally and everything with the exception of the above mentioned problems appears to be fine.Not sure how to attach another thread, but please see my thread starting Mar 24 from the last few days to see the History of how boopme has helped me get to this point. Attached are the logs etc from following your guide.Thanks so much for your help, looking forward to hearing back from you.DDS (Ver_10-03-17.01) - NTFSx86 Run by Dad at 18:35:59.17 on Tue 03/30/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.308 [GMT -5:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-8... Read more

A:Browser Search Redirect - Cant boot into Safe Mode

Hi,BearShareLimeWireAbove listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.Please visit this webpage for download links, and instructions for running ComboFix tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully first.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, linkRemember to re-enable them afterwards.Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system:C:\ComboFix.txtNew dds log.A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

15 more replies
Answer Match 40.74%

Hello all,

I've unfortunately encountered a redirect/hijack program that I can't seem to get rid of. In the past I've been able to take care of any problems with a boot into Safe Mode and the use of MBAM (with helpful insight from this and other forums). However, when I try to boot into safe mode, it stops at the mup.sys driver and I get a BSOD with only a dash and a question mark before the computer restarts (it looks like a hyphen with a curved end followed immediately by a question mark).

I'll try to give as much useful information as possible:

Initially a bogus antivirus program downloaded itself and changed my desktop background to an alert (green backround with a black box in the middle saying I was infected). The program also placed an icon in the taskbar (red circle with an "X") and would send constant popup warnings. I've encountered similar programs before and have had success removing them with MBAM, so I didn't pay it much attention. I scanned my system and removed infections, but the problems continued. I was able to change my Desktop background image back, but I noticed that the "Folder Options" folder was missing from the Control Panel (just a empty space between the two adjacent folders) and that system restore was disabled. Also, the System Restore Tab was completely removed from System Properties. I was able to get the System Restore enabled after another scan, but all my restore points have seemingly ... Read more

More replies
Answer Match 40.74%

My computer can only boot in Safe Mode. Also when I click on the results of a search, the links are redirected to other sites. I had an Antivirus Live infection in the past and more recently an Antivirus XP 2010 infection. I believe the Safe Mode boot up and the link redirects occurred after the Antivrus XP 2010 infection. I ran Malwarebytes' Anti-Malware and it removed the Antivirus XP 2010 infection and a recent (a day before this post) scan indicated that the PC is clean, yet I am still experiencing the conditions I described above.Other Issues:I de-installed McAfee, as it did not not catch any of the infections I listed, but I when tried to install AVG free version 9.0, a "MSVC Redistributables Installation Failed" message displayed. This may be a error specific to AVG, as I have read that other users had similar experiences.I attempted to install TurboTax but the installation failed due to the install program not being able to find Windows Installer or the Windows Installer was corrupted. I downloaded Windows Installer from the MicroSoft website, but the TurboTax installation failed again. I attempted all of this in Safe Mode. I am not sure if that caused the failed installation. I would appreciate any help you could provide in resolving these issues. Thank you.I attached the Attach.txt and ark.txt files and here is the DDS Log:DDS (Ver_09-12-01.01) - NTFSx86 NETWORK Run by Kappy at 21:09:22.81 on Sat 03/13/2010Internet Explorer: 7.0.5730.13 Bro... Read more

A:Booting up only in Safe Mode + Search Links Redirected

Hi kgtrojan,Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.In case the issue is not resolved please update me on the current condition of your computer. In case you are still unable to boot to normal mode give me precise feedback about what happens when you try to boot normally.

25 more replies
Answer Match 40.74%

Edge Browser Hijacked by MPC Safe Navigation - search MPC. I tried a few of the suggestions for removal I found on-line. Most ask me to check "services" or "background service" but I could not find the program anywhere. Apparently it does have it's own uninstaller, if you could find it. Any suggestions are greatly appreciated

A:Edge Browser Hijacked by MPC Safe Navigation - search MPC

A couple of things come to mind, if you have Ccleaner installed, check under "Tools" >>>"Startup" to see if you can find it's startup and then you can disable or delete it. Then, go to the "Uninstall" tab and see if you can find the program and uninstall it.
You then should run MBAM and your AV after.

1 more replies
Answer Match 40.32%

Norton keeps finding a phantom file tdlwsp.dll (it' not there when I look in the windows/system32... path listed.)
Web search links all point to a autoforwarding site.
I've attached the log from the dds.scr and root repeal scans.
Any help would be greatly appreciated.
- Bob

A:search engine redirect, tdlwsp.dll, and safe mode broken

New development - After I booted the computer Saturday, 14 Nov, saw that Norton was switched off. I used the start menu links to restart Norton, and its icon is back in the task bar.

17 more replies
Answer Match 40.32%

Greetings everyone. Hope everyone is feeling better than I do. I feel like I have caught the new variant of double trouble. Sigh. I was browsing the internet and got the Internet 2010 malware. My Windows was not able to go into safe mode. I did the Windows recovery restore which deleted all my non-Windows softwares except the culprit. I don't have those fake antivirus pop-ups all over my desktop but whenever I do a web search (Google, Yahoo, Bing, Msn), I get sent to Ad links. Windows still refuse to go to Safe Mode. There is one folder called HP_Administrator is locked and McAfee shows there is a malware inside that folder. McAfee also shows the following viruses in quarantined:Adware-Url.genPortScan-AdvancedRemAdm-PSKill54814C9Fd01 (Exploit-PDF.q.gen!stream)IS2010.EXE (FakeAlert-KS.a)Internet Security 2010 (FakeAlert-KS!Ink)atapi.sys (Patched-SYSFile.a)Thank you in advance. Always any help is much appreciated.DDS (Ver_09-12-01.01) - NTFSx86 Run by HP_Administrator at 21:44:03.07 on Wed 01/20/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.387 [GMT -8:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\... Read more

A:Search Engine Redirects & Windows unable to go to Safe Mode

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

3 more replies
Answer Match 40.32%

Hello, I was told to check with the experts here before tampering with the entries listed below. I am running on Vista Home Premium and using IE 7. The bottom two entries don't even have anything assigned to them, is it safe to delete them?Also, there are two HP links that I never use below, are they safe to delete?Thank you, if this isn't the right place for this log then let me know and I will delete it and put it in the proper place. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

A:Is It Safe To Remove These Search Assistants And Unknown Start Urls?

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.When posting your logs please post them directly into the reply. Do not attach them.Also make sure you have already followed the steps outlined below:Preparation Guide For Use Before Posting A Hijackthis LogThank you for your patience.

1 more replies
Answer Match 40.32%

Hi,
 
I recently was infected by .scr virus from csgolounge, where a user posted a link to a knife "screenshot". I then clicked on the link assuming it was safe and it downloaded a .scr & ran it. It then started to control my mouse and attempted to access my gmail accounts for steam, to trade off my skins. Luckily my gmail was protected and stopped the person (russian ofc) from accessing my account. It did however get my passwords (quickly changed) and managed to send a trade offer to another account. However I had steam email confirmation security so nothing was taken. Here are the steps I took:
 
1. Deleted the .scr file
2. Changed passwords
3. Restarted (was still active, moving my mouse, typing etc.)
5. Turned my computer off, turned off my internet connection.
6. Restarted (without internet), no sign of it being active.
7. Ran antivirus (windows defender, full scan, didn't find anything)
9. Did a system restore
 
Even after these steps I'm still unsure whether i'm totally safe. It had a keylogger so i don't want to type any passwords etc. I don't know if it has infected any registry stuff or whether it is still present (defender didn't find anything).
 
Can anybody help me?
 
BTW I live in Australia (UTC/GMT +9:30), so I might be quite late with replies (1am here atm) etc. 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-08-2015
Ran by Kyle (administrator) on BELLABOO (27-08-2015 23:57:36)
Running from C:\Users\Ky... Read more

A:Infected with .scr & not sure if safe :(

Double post, sorry.

1 more replies
Answer Match 39.9%

Yesterday I believe I got a virus (from a file I downloaded I would guess - it happened right after I ran the file - a music instrument synthesizer called "Waves"). Pretty much right away, the computer shut off and then would only run for about 10 seconds in regular mode, but works in safe mode with networking.

EDIT: Oh, the first thing I did, was uninstall what I thought was the virus-causing program and then did a system restore for one week prior. This did not help with the virus at all.

Other symptoms are that when I click on my search results they are sometimes redirected to bogus pages (multiple search engines, at least bing and google). I would say, other than my computer not working in regular mode, this is the only symptom.

The first thing I noticed (after my best guess of when infection began) was that a Microsoft file called ctfmon.exe was running, so I did some research and found that this file can be infected, so I took care of deleting that from my PC as well as the registry (because I never use it anyway). So that is no longer running, but that did not take care of the problem, the virus still persists. I have run Trend Micro House Call as well as Spybot, and neither took care of the issue. When I try to install Norton, the installer opens and closes repeatedly - I don't know if this is a symptom of the virus, or because I am in safe mode.

Does anyone have any idea what I can do next to identify/get rid of this virus/trojan? Any help would be ... Read more

A:Trying to get rid of virus which redirects search links & won't let me start computer in non-safe mode

Hello and welcome.Please run these ,post the logs and let me know.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make chan... Read more

1 more replies
Answer Match 39.9%

Hi Helpers:

This what I am working on:
OS Name Microsoft® Windows Vista™ Home Basic
Version 6.0.6000 Build 6000
Dell System Model Inspiron 531s
System Type X86-based PC
Processor AMD Athlon(tm) 64 X2 Dual Core Processor 4000+, 2109 Mhz, 2 Core(s), 2 Logical Processor(s)
Available Physical Memory 477.36 MB
Total Virtual Memory 2.13 GB
Available Virtual Memory 1.75 GB

Sometimes I can boot normally, but IE7 will not launch. When I run AVG, Trend Penicillin, it goes into the blue death mscreen. I ran AVG on SAfe Mode and quaranteed a few trojan viruses. I am able to launch IE in Safe mode. Random redirects upon search in google.

Somewhere I got an error code: 0x8007043c and disk cleanup listed
Program File (E2883E8F-427F-4FBO-9522-AC9BF37916A7
Type: ActivexControl
code base: http://platformdl.adobe.com/NOS/getPlusPlus/1.

I was able to download HijackThis and I have received the following log report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:11:45 AM, on 8/11/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Softwa... Read more

More replies
Answer Match 39.9%

Please help! I am exhauseted trying to find a fix for this problem. I have tried all kinds of things with limited results. It is above my knowledge level and capabilities to resolve. I need somone with professional skills to help me resolve this problem.I did a bunch of s/w and driver updates and somehow my system became infected. It may have also been from Limewire / Frostwire (since removed). Also, I recall being prompted to install a plug-in or update a codec or something for Quicktime because my sytem was unable to process a file. After the download nothing happened, at least nothing appeared to have happened, but something else was installed. I think I have fixed part of the problem but have not been able to resolve everything. I removed Quicktime but have had nothing but problems since this download incident.I started getting random window pop-ups. Then I noticed that search results from from Google were getting redirected to marketing sites, alternative search engines, etc. I was using Internet Explore so decided to try Firefox in case it was only IE Explorer that was affected. Firefox had the same problem with Google search results getting redirected. I decided to try a malware removal software but needed to boot into safe mode to use it effectively. This was when discovered I could no longer boot into safe mode. Every time I select safe mode (no network) it appears to start listing a bunch of files but then stops and goes back to rebooting again which brings ... Read more

A:Google & Firefox search results redirected plus can't boot into safe mode

Hello and and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since resolved your issues I would appreciate if you would let me no so I can close this topic.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%SYSTEMDRIVE%\*.exenetsvcsmsconfig/md5startproquota.exeeventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.sys/md5stopCREATERESTOREPOINTPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedThanks

12 more replies
Answer Match 39.9%

Safe Transactions with Infected PCs (2 web pages).

This is an interesting technology making its way to market. It is launching to 6 million customers of an undisclosed online broker in the near future.

The method is that it uses a rootkit to burrow into your OS - Windows only for now on IE and Firefox browsers, but they are working on Linux, Mac and Safari browser versions.

I am not sure that they can guarantee that their rootkit burrows deeper than any malware based rootkit (in order to provide the deepest protection as they seem to make in their claim).

On my WinXP Pro SP2 I used a free anti-keylogger that drilled into the system ahead of everything else (services) so that it was the first to execute before any system services. If they could do it - my assertion is that the malware authors can also - and the anti-keylogger was so proficient that I remember one member did not like it being so low-level and uninstalled it - but, it did its job very well.

The way I confirmed that the anti-keylogger was first to execute was a tool from Microsoft Technet SysInternals toolset here that listed the order of execution at boot time of system services.

As with any software, try it at your own risk - and if you do - please post your review in this thread.

-- Tom
 

A:Safe Transactions with Infected PCs

If my PC was infected, I wouldn't even risk it. I'd be using extremely personal details and I'd only enter them on a PC I know is clean.
 

1 more replies
Answer Match 39.9%

I've got a gig fixing a friend of a friend's laptop. It essentially won't boot. The laptop itself is like, God probably like 10 years old! Most likely has some form of virus or malware on it. (I'm ashamed to say my friends think they either "don't need AV," or "I can't afford [free] AV." )

Anyway, I was thinking to hot swap the hd into my rig, and scan it.
I'm running:
-full Webroot Internet Security Suite
-full Norton 360
-free Avast!
-free Avira

Obviously I won't be trying to boot from this drive until everything says it's ok. I did this last week without even thinking twice, with a different definitely-known-to-be-infected drive, and no real-time shields picked up anything. But really, how safe is this? Is it even possible for anything to try to start messing with me?

A:Hot-swapping infected hd: Is it safe?

FWIW: you might want to use one of those small <$20 external USB drive connectors that support the laptops drive and then run malware bytes and your AV against it.

I have done this and cleaned up drives without a lot of aggrivation.

rich

4 more replies
Answer Match 39.9%

I'm at the end of my rope here. A "friend" gave me her computer to clean up. The thing was so full of malware it was unbeliveable. I've got most of it, but there is this one nasty bit of adware "Cool Web Search" that remains... I've tried running the latest versions of Ad aware, Spybot, and CWShredder. They seem to find and remove the cool web stuff, but when I shut down and start up again, it's back. I've gone to the trend micro site, but I keep getting a .dll error when I start downloading the definition files.

When I shut down, the machine hangs and tells me that it is waitng for a response from "Win Min".

It also occasionally freezes on startup, leaving me with a blue screen and a mouse pointer stuck in the middle. (This seems to be mitigated somewhat if I move the mouse around during startup!)

The log file from this machine is as follows.

Logfile of HijackThis v1.99.1
Scan saved at 10:03:03 PM, on 25/04/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DE... Read more

A:Infected Windows Me PC Hangs on Shutdown - "Win Min" infected with Cool Web Search

Hi and Welcome
It may help you if you print out or copy this page for easy reference.. Make sure to work through the fixes in the exact order its listed..These instructions only apply to HJT v1.99.1

Please Keep your browser and all open programs closed (except firewalls and antivirus) when you are carrying out the fixes.

Download any of the required programs before attempting to start any of the fixes.


Turn off System Restore instructions (WinXP)
Rightclick My Computer | Properties | System Restore | check ?Turn off System Restore?, <Apply>, <OK>. Reboot. When we have confirmed that your log file is clean, you may renable System Restore and create a new restore point.

SHOW HIDDEN FILES AND FOLDERS.
To show hidden files instructions (WinXP)
Doubleclick My Computer | Tools | Folder Options | View tab
Select Show Hidden Files and Folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended)
Select Apply to All Folders | Yes | Apply | OK
------------------------------------------------------------------

Download and run CWShredder (check for updates) for a preliminary cleanup first.Some files below may not be present after running the above programs.Full instructions below.


How to install and run CWShredder

Download CWShredder
Choose the stand alone version. This is free.
Save cwshredder.exe into its own directory, NOT in a TEMPorary folder or on the DESKTOP.
I recommend, c:/... Read more

15 more replies
Answer Match 39.48%

I'm sorry but I do not know the name(s) of what I have. My virus started with strange, unrelated redirects when searching on Google. Then random popups even with popup blocker enabled. It's done something to make Spybot not work. I tried to start the computer in safe mode several times, and got nothing but a blue screen each time. Downloaded and ran Malwarebytes and it found and removed 8 items - names included popcaploader and vundo. Search engine redirects and popups still continued though. Twice today I followed instructions from this site's preparation guide, all was fine until I tried to save the GMER file after a 2+ hour scan each time. At that point the computer locked up each time. I was unable to access task manager, or anything at all and could not even shut down without unplugging the computer.DSS Log:DDS (Ver_09-12-01.01) - NTFSx86 Run by Teri R at 21:58:52.45 on Tue 02/09/2010Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2613 [GMT -7:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Common Files\Roxio Shared\9.0\Shar... Read more

A:Search Engine Redirects, Popups, Safe Mode Disabled, Unknown virus

I forgot to mention that the logs above were re-generated new after having to reboot, and that before doing anything I made Spybot unresident.

30 more replies
Answer Match 39.48%

When I use Internet Explorer, it re-routes me to websites I have not requested. These websites are sometimes opened in the current tab, and often in new tabs. (The same thing happened with Safari and Firefox, but both have been uninstalled.) I reinstalled IE8, but this did not solve the problem. Occasionally I'll actually get the proper home page and if I type a web address directly into the address bar, I have more luck, but not often. And if I click on a link, it almost never takes me to the proper page.

Also, Google and other search engines direct me to bogus sites. Clicking on any links on the search results page always takes me to bogus pages.

Also, I am unable to use System Restore - it runs through the process but then tells me that the restore cannot be completed. I am also unable to start my computer in Safe Mode.

I have used Malwarebytes, Spybot Search & Destroy, and Ad-Aware, but they have not found the problem.

I have tried my best to follow the instructions for posting/attaching. If anything is missing, please let me know. Thanks very much.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Eric Marton at 16:29:34.20 on Mon 12/07/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.264 [GMT -8:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Pr... Read more

A:Internet Exolorer and Google Search Hijacked; No System Retore/Safe Mode

Hi,My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
/md5stop
CREATERESTOREPOINT
Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedThen please post back here with the following logs: OTL.txt Extra.txtThanks

2 more replies
Answer Match 39.48%

Yesterday night my brother decided to download the Paladin Anti Virus ( Along with other viruses ) which have caused alot of issues, that i am still having trouble fixing. Search results in google and yahoo do not resolve either, but redirect to another site with ads. ( Using FireFox )Also, anything i tried to DL it wouldn't let me. It let me download it, but it like download nothing. All the files were 0.0mbFinally, if I try to reboot into safe mode, the system reboots again.Here are the log files.Any help would be greatly appreciated.GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-02-22 16:57:23Windows 5.1.2600 Service Pack 3Running: 638vlp6p.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kwtdrpow.sys---- Kernel code sections - GMER 1.0.15 ----.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xBA747780].text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB90B6360, 0x37388D, 0xE8000020]---- Devices - GMER 1.0.15 ----AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [BA73AB3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}Device \Driver&... Read more

A:Safe Mode Restarts Computer / Search Site Redirects. ( OTL/GMER/MBA LOGS )

Hello, and to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!If you have since resolved the original problem you were having, we would appreciate you letting us know.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your ... Read more

12 more replies
Answer Match 39.48%

Hi, last fri I received an email via my yahoo account from UPS ( which I now now is not). I think this is a nasty virus has worms too.Avira scanned the file before I unzipped it, I did not get any warning, even though I had updated avira files before, then it went spirling downhill!!I had so many windows opening up, I immediately disconnected from the net then proceded to virus scan with Avira. At the end of the scan, it could not help as it was infected. I could not open the report, even though there were warnings.I tried Spybot scan which found a majority of problems which I allowed the fix. I did not think it wise to go on the net as I kept getting Internet Explorer pages opening up.All during this time I was getting Norton virus updates and warnings - I dont have nortons so ignored them and did not open any of the files. Just closed at the X them and made sure i was disconnected from net.After spybot cleaned up, I used ATF to clean my temp files and then turned off and re-started.Since then I can not log on to windows, even in safe mode and adminstrator. I tried and logging on a number of times in a variety of ways but it keeps logging me out. I am not getting past the log on page.I cannot seem to get into windows and think I must have messed up somewhere. I have my external drive plugged in and was about to back up my monthly documents but decided to reply to my emails before! Hence now cannot access anything. I have spent the weekend reading forums and page... Read more

A:infected with UPS virus. Cannot log on even in safe mode

I tried ... logging on a number of times in a variety of ways but it keeps logging me out. I am not getting past the log on page.I have spent the weekend reading forums and pages and pages of advise. I read this forum thread as well as thread: http://thinkinginpixels.com/quick-fixes/fi...onlog-off-loop/I really need my documents and cannot afford to loose them as there are files I need to send to my mortgage lender asap.mandyRe: LogOn/LogOff LoopGo ahead with the thinkinginpixels instructions: That is your best chance to get back in to Windows. It will take several hours to complete, and you should then be able to use Windows and retrieve the documents that you need. The instructions provide a series of logical steps that are relatively easy to follow and should lead to a positive result. Any problems, let us knowShould that fail (unlikely) we can help you get those documents by another means.Let us know how you are getting on.'Alien

81 more replies
Answer Match 39.48%

I would be very grateful for some help sorting out a friend's PC please.

I've read the First Steps page but cannot carry out all of the suggested scans.

When I boot the PC normally, it works very slowly loading XP Home, then suddenly reboots itself before getting to the login screen. I discovered that it will run in Safe Mode with Networking and I'm using it now to create this thread!

I've run dds.scr and the scan result is pasted below. (Attach.txt is included here in a zipped file). When I try to run GMER nothing happens. The egg timer appears for a few seconds but nothing more. I have downloaded SPTDinst-v162-x86.exe. Executing this file results in a popup stating "No SPTD version was detected". The Uninstall button was greyed-out but the Install button looked inviting, so I clicked it and was prompted to re-start Windows. I restarted XP in Safe Mode and it appeared to load SPTD.sys.

Before looking at this forum I was going to attempt a Windows re-install and backed up My Documents onto a USB memory stick, which I then scanned with Avira on a another laptop. This revealed 16 music files, which had been downloaded with Limewire (I presume), all containing the same virus - EXP/ASF.GetCodec.Gen. I've uninstalled LimeWire now.

I have tried to install Avira AntiVir Personal (in Safe Mode) but, after extracting a load of files to a Temp folder, it gets part way through 'Preparing Installation...' then crashes(?).

I don't know what to try n... Read more

A:Infected PC only works in Safe mode - Help please

Please close this thread - I have wiped the system and re-installed XP. It seemed like the smartest thing to do...

1 more replies
Answer Match 39.48%

Hi there
 
Out of the blue today when I started up chrome my normal tab opened (I use new tab redirect) and another tab called easylife.search opened up as well.
I ran malwarebytes and it kept blocking the program over and over but to no avail.
After wards I ran rougekiller and when it popped up as PUP i deleted it (this was in chrome) it was gone, however i was signed out of chrome and I need to stay signed into chrome for work purposes. When I signed back in it was back and now when I run rougekiller it will not disappear.
 
I went to C:/ProgramData and tried to delete the DLL files there however that didn't work either.
In my control panel there is a random program called Fast and Safe by Gtgroup however when I try deleting it it comes up with an error message stating:
There was a problem starting C:\PROGRA~3\FASTAN~1\FASTAN~1.DLL The specified module could not be found
 
I believe it is referring to the files I tried to delete earlier
 
I really am at a lose as to what to do and require some assistance!
 
Here are the DDS LOGS
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.55.2
Run by Kossi at 14:26:09 on 2014-06-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.12248.8078 [GMT 10:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
S... Read more

A:Infected with Safe and Easy malware and cannot get rid of it!

Please stick to one thread here. Thanks.

1 more replies
Answer Match 39.48%

Hi there
 
Out of the blue today when I started up chrome my normal tab opened (I use new tab redirect) and another tab called easylife.search opened up as well.
I ran malwarebytes and it kept blocking the program over and over but to no avail.
After wards I ran rougekiller and when it popped up as PUP i deleted it (this was in chrome) it was gone, however i was signed out of chrome and I need to stay signed into chrome for work purposes. When I signed back in it was back and now when I run rougekiller it will not disappear.
 
I went to C:/ProgramData and tried to delete the DLL files there however that didn't work either.
In my control panel there is a random program called Fast and Safe by Gtgroup however when I try deleting it it comes up with an error message stating:
There was a problem starting C:\PROGRA~3\FASTAN~1\FASTAN~1.DLL The specified module could not be found
 
I believe it is referring to the files I tried to delete earlier
 
I really am at a lose as to what to do and require some assistance!
 
Here are the DDS LOGS
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.55.2
Run by Kossi at 14:26:09 on 2014-06-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.12248.8078 [GMT 10:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
S... Read more

A:Infected with Safe and Easy malware and cannot get rid of it!

Hi Littlegreen, to Bleeping Computer.
My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.
Some things to remember while we are working together.
Do not run any other tool untill instructed to do so!
Please do not attach logs or put logs in code or quote boxes (unless explicitly asked to)
Tell me about any problems that have occurred during the fix.
Tell me of any other symptoms you may be having as these can also help.
Do not run anything while running a fix.
If you don't understand a step, please ask for clarification before continuing with any future steps.
In the upper right hand corner of the topic you will see the Follow This Topic button. Click on this then choose Receive Notification Immediately and then click Follow This Topic and you will be sent an email once I have posted a response and make the cleaning process faster.Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.adwCleaner
Please download AdwCleaner by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where ... Read more

4 more replies
Answer Match 39.48%

Hi guys. I just joined this site and this is my first post. My desktop has been infected with Malware/Viruses and won't boot in any mode (safe, safe + networking, last good setting, or normal mode). The closest thing I get is when i go to safe mode and i get a total black screen with no start button or taskbar and on each of the four corners says "safe mode". However, I cannot do anything else on the screen. (Using laptop right now due to desktop being down)

After some research on the web I found that I could try the Avira Rescue CD and would hopefully remove the malware/virus. It's been almost a week but if memory suits me right, the virus was called Cleanup Antivirus. I also was experiencing google redirects. I have already finished most of the steps on the following Avira rescue cd instructions website:

http://forum.avira.com/wbb/index.php?page=Thread&threadID=82163

I am currently stuck on step 7 part 2&3. The reason for this is because in the command line, I type exactly what is instructed but the only thing it does is in the next line says:

"Devices" (text is in a neon greenish-blue font) (This is when i type in "ls /mnt")
When i type in " /mnt " it then says "/bin/ash: /mnt: Permission denied"

Not sure what to do because I have already restarted my computer and tried all modes including safe and normal but am still unable to get my normal computer settings.

I would get my log files with Hijack ... Read more

More replies
Answer Match 39.48%

Browser keeps crashing and PC still very slow. I couldn't do anything unless I was in safe mode. Initially, the icons on desktop were almost completely gone. System is 7 Premium, 3 GB RAM, AMD processor. Thanks for getting me started on getting out of this nightmare.

A:Slow Infected PC; ran JRT and ADW from safe mode

Let's start with a scan using DDS. See if you can get into 'safe mode with networking' :

Download DDS from one of these links:
DDS.com

DDS.pifDisable any script blocking protection
Double click the dds icon to run the tool.
When done, DDS will open two (2) logs: DDS.txt
Attach.txt <--- will be minimized in the task tray

Save both reports to your desktop.
Include the contents of both logs in your next post.

The scan will instruct you to post Attach.txt as an attachment.

9 more replies
Answer Match 39.48%

Microsoft did a scan in safe mode, but my computer is still running slow. i cant figure it out. i have one care as my anti virus, and malware bytes. i've ran both and nothing is showing up, any suggs would be greatly appreated.

thanks,
Lindaga35

A:am i still infected? scanned in safe mode already

Please reboot your computer and update Malwarebytes. This time do a FULL scan and post the new log here

5 more replies
Answer Match 39.48%

I am trying to fix my father's desktop computer, which he seems to have sufficiently filled with Malware. I am having a very hard time dealing with this, and am hoping for some help. Here are some of the things I know so far: It is a Dell running XP. Currently, I cannot run task manager, either in normal or safe mode. I cannot install Hijack This, MalwareBytes, or any other program in an effort to remove anything. Some of the names I have run across are "AntiMalware Doctor", "Security Tool", as well as the "Microsoft Security Essentials Alert" (particularly when I try to run taskmgr or regedit in the normal mode). I have been able to access regedit when in Safe Mode with Command Prompt... That is as far as I have gotten. I found some junk that seems to be related, but each restart brings me the same "Microsoft Security Essentials Alert" when I reboot and try for the taskmanager. As I can't seem to run anything on the desktop, I am using my laptop to try to download any potentially useful programs and move them over with a jump drive, but nothing will load. Any thoughts or recommendations would be greatly appreciated!!!!!!!I was just able to run TDSS Killer in Safe Mode from the Command Prompt, which appeared to be successful. Here is the log... I hope I copied it in right, as it appears huge! TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:442010/09/25 10:48:32.0734 ===============... Read more

A:Computer infected can't even run in Safe Mode!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

2 more replies
Answer Match 39.48%

(See attached)

My Firefox download progress bar has decided to take a dislike to MGlogs.zip from the malware forum.
How can I sort this out please? So sick of software thinking it's being 'useful' !
 

A:Something Deciding Safe Files Are Infected...

That could be Firefox' baked-in Google Safe Browsing/Phishing Protection (or w/e its called now), see if you can find a likely pref from this page to add/modify from about:config: https://wiki.mozilla.org/Safe_Browsing
 

1 more replies
Answer Match 39.48%

I finally have PC-cillin reinstalled on my pc. I have been through hell with a bot that replicated hundreds of trogans onto my pc. It nuetered PC-cillin, so I couldn't load it. D: Then downloaded AVG7, HiJack This, and Sysclean to finally get rid of everything....so I thought. Went trough heck to uninstall AVG7, then uninstall PC-cillin, then reinstall PC-cillin. I did another scan and suprise! I had more trojans. >.>` Now, I log on again, and a virus opens with one of my system files, spits out two trojans in the process. Now that PC-cillin is operational, it caught the trojans and cleaned them. But, the virus is in PCCGUIDE.EXE and PC-cillin is unable to clean or quarantine the infected file.Can I chunk it into file 13? In otherwords, delete it? I see that it's an exe file, which means I shouldn't touch it without asking first. Oh, and the orignal infection was in EXPLORER.EXE D: Evil!Did I miss anything? ;pYes, the virus is PE_TRATS.A I only remember AGOBOT from before, but I know there was a worm and two other viruses aside from the bajillion trojans.

A:Pccguide.exe Infected. Safe To Delete?

So...I searched the file, and they are part of PC-cillin itself. There were six files total. I scanned them all individually and none showed a virus, yet PC-cillin just told me there was one. *so lost*

5 more replies
Answer Match 39.48%

I have an infection in my DropBox.
I am hoping i disconnected before it got to my local box, but cannot tell because, I logged off/shutdown the system.
Windows 7, booting up, trying to go into Safe Mode, with networking.
As soon as it comes up, I try to log in (Still disconnected from the network, and it reboots the system.
Is this something new, or maybe unrelated?

A:Lucky Infected and No Safe Mode now?

Welcome to BC...
 
This is the second time this week that someone has posted not being able to boot into safe mode. Please
start a new topic in the Malware Removal forum and let the pros see if it is a new malware or just a coincidence.
 
Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.
If you cannot complete a step, then skip it and continue with the next.
In Step 6 there are instructions for downloading and running FRST which will create two logs.
When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.
After doing this, please reply back in this thread with a link to the new topic so we can close this one.
 
DO NOT bump your new topic. Wait for a response from one of the Team Members.

1 more replies
Answer Match 39.48%

I have Wxp Pro on a Dell pc. I get no pop-ups, but programs are slow to open and slow to run. I can't start the pc in safe mode by using F2, F8, F12, etc. When those keys are used, the pc ignores it and starts normally.
When a browser window is open, I can open a site, can scroll thru the site, but can't click on any links or buttons. It acts as if it is just a graphic.
One strange thing, if I minimize the browser window, then maximize it again, I can then surf inside the site.

I have run Ccleaner and Ada-ware. I then ran Rkill, then SuperAnti-spyware and Malwarebytes. Running a full scan on both. SuperAnti found 53 items, quarantined all, but no help. Malware did not find any issues.
I've tried a system restore, but keep getting "can't restore system.......".

Any fast help is appreciated, this is for a school secretary's pc.
Phil

A:Am I infected? Can't start Wxp in safe mode

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C... Read more

9 more replies
Answer Match 39.48%

I'm not able to use internet in regular mode of windows xp. If i restart in safe mode with network support I can access the internet.I have checked everything concerning driver issues etc. The ip is correctly assigned. I have done several scans wit MBAM, I've used registry cleaners, etc. It all started a couple weeks ago when the pc started working very slow. I did a disk cleanup, defragmented the harddisk, did registry cleans, scanned for viruses etc. It was a bit better but not too much. After a few days the internet stopped working on my pc.Is there any solution to fix this problem?Hereby the DDS.txt log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Zjefne at 13:56:09,23 on vr 24/09/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.447.221 [GMT 2:00]AV: Panda Antivirus Pro 2010 *On-access scanning enabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcsC:\Program Files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2010\WebProxy.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\A... Read more

A:Infected? No internet, just in safe mode

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

3 more replies
Answer Match 39.48%

Hi, I had McAfee running and it found a trojan, so i removed it right? For some odd reason my PC restarted(blue screen of death, something about memory) Every time i try to boot normally it gives me the blue screen. so now im in safe mode typing this. I've done multiple full scans on Mcafee and it still says one or more errors could not be fixed because of an error. anyways it been like this all day. I just downloaded avast version 4.8 and currently scanning my system. Any suggestions of help? I'd rather not delete the entire contents of my hard drive and reinstall vista.

I tried downloading Malwarebytes but when i try to run it, it won't open.

Edit 1-avast! Virus Cleaner Tool - version 1.0.211 Ansi

Edit 2- Currently scanning with AVG 8.5 Free Trial Safe Mode

Edit-3 It seems that AVG has cleaned my computer right, i can now boot up normally and my mcafee says im secure.tt

Edit-4 Mcafee is on overload again, my computer got blue screen again. and i am currently scanning with mcafee.

Edit-5 Mcafee has been uninstalled by me and now running avg once more

A:Help, infected laptop, currently in safe mode.

Please help anyone?

10 more replies
Answer Match 39.48%

- On a small Peer-to-Peer network...
- One PC is infected
- Setup is: Cable Modem connected to small Linksys Router connected to a few PC's

1 - Is it a concern that the malware could spread to other PC's in the small Workgroup?
2 - If so will this fix it while still allowing the infected PC net access...
.. turn off all clean PC's
.. remove the infected PC from the Workgroup
.. turn on the clean PC's
This way the infected PC is not in the Peer-To-Peer Workgroup but it is still sharing the same router...

Right now I'm turning off (or disconnecting) all clean PC's from the network before turning on the infected PC. This is a problem for other users.

Thanks for any help.

A:Safe to have infected PC online - But not in Workgroup?

Are the clean PCs fully patched and are there no Windows accounts on those clean PCs with weak passwords?

3 more replies
Answer Match 39.06%

I am sorry but I am very computer illiterate but completely stuck. I had a problem logging on to google, my system is an old VISTA. I ended up going back to a previous saved point I think it was called and ran all scans and it appeared to work again. Next day, start up is slow as always but then unable to open google search or firefox to access the web. However if I go to safe mode with network connection it seems to open the google search with no problem.

I recently installed an extension? on a game called Illyriad. Can anyone make any very simple step by step suggestions as I am doing this on my own and with a poor grasp of the computer. Sorry ( they all groan lol)

I realise this is not a lot to go on.
 

A:Solved: Failing to connect to any search engines in normal mode, but OK in "safe made

8 more replies
Answer Match 39.06%

Hello,

I'm really hoping someone out there can help me plz.

My computer is redirecting all seach from google links to other sites. This problem seem to be happening no matter which browser I use. I have ran AVG, malwarebytes, super anti-spyware and Mcafee. They all detected some Trojan and deleted it but i still seem to have the problem. Now its gotten to a point that i can't get into normal windows and therefore accessing through safe mode

Some one PLZZ help me.

Thankss

A:Please Help ME, each time i search something in google the links redirecting to false websitess - now can only access in safe mode

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies
Answer Match 39.06%

Hello I'm new here and I am having an issue I believe. Nod32 detected this variant Win32/Kryptik.AVM trojan in C:\Windows\SysWOW64\dllhost.exe and C:\WINDOWS\SYSWOW64\CRYPT3232.DLL and as well MWBAM detected something along same line I think I removed it but after another scan MWBAM had a log with a reg key hijacked reg.key noactivedesktop hkey_local_machine software microsoft windows current version policies explorer. Here is HJT logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 10:13:25 PM, on 11/16/2009Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exeC:\Program Files (x86)\Java\jre6\bin\jusched.exeC:\Windows\SysWOW64\rundll32.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exeC:\Program Files (x86)\Ultra ISP\dialer.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Users\BWK\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ultraisp.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Intern... Read more

A:Malwarebytes detected this is it safe to remove am I infected?

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

2 more replies
Answer Match 39.06%

I am visiting my kids and my ex-in laws got scammed by a FakeAV.  The person they talked to installed windows 8 and now it boots only to safe mode. 
 
Here are the Hijack This logs, DDS logs.
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 12:12:54 PM, on 8/29/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17028)

Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Ron and Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\89NEVL99\HijackThis.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSear... Read more

A:Not exactly sure what computer is infected with but boots only to safe mode

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/546184 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Answer Match 39.06%

A user came to me with a laptop that does not connect to the internet at all in normal mode. (Wired or wireless, DHCP or static IP, IPv4 or IPv6)
Connects to the network perfectly fine, but no internet connection.
Unless in safe mode then the internet works just fine. (which led me to think malware was the root of the problem)
Nothing else appears to be wrong/off; just lost internet connection.

disable/enable adapter... nothing
ipconfig /release /renew... nothing
ipconfig /dnsflush /dnsregister... nothing
Tried new drivers... nothing
reset winsock... nothing
Scanned with McAfee... Clean
Scanned with MBAM... Clean
rkill... clean
tdsskiller... clean
running a hjt now, but thought I would post here first and see if it may well be something else.

NOTE: If you think this should be posted in networking then let me know and i'll gladly create a new thread there. I will not post my HJT until recommended, and that will go into the appropriate thread

Thanks in advance for your help. I've been using this site for years, first time I couldn't find a fix and need to post.

A:Internet Connection In safe mode only. Am I infected?

Uninstall your antivirus and let us know if you can connect

1 more replies
Answer Match 39.06%

Today, my laptop became infected with the FBI malware.  It has disable my ability to use Safe Mode in any way. 
 
Through reading on this site and Norton, I found initial instructions on downloading FARBAR Recovery Scan Tool.
 
I urgently need assistance.   Thanks.
 

A:Infected with FBI Virus - Safe Mode is not accessible

Hello anewbie1! Welcome to BleepingComputer Forums! My name is Georgi and and I will be helping you with your computer problems.Before we begin, please note the following:I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.The logs can take some time to research, so please be patient with me.Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.Instructions that I give are for your system only!Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received. If you can't understand something don't hesitate to ask.Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions. Please download Farbar Recovery Scan Tool and save it to a flash drive.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Plug the flashdrive into the infected PC. If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.If you are using... Read more

3 more replies
Answer Match 39.06%

I'm fixing someone's computer and I scanned with malware byte's anti malware. They have a few registry keys but one registry value.Is it safe to remove?

A:Registry Keys Infected. It Is It Safe To Delete Them?

What's the full path for this registry value?

13 more replies
Answer Match 39.06%

Hi all,

I had a Windows 7 installation on my old hard drive which got infected with rootkit.0access. I tried removing it with malwarebytes but it kept coming back. Also originally MB did get rid of a few other infections (successfully it seems). Anyway, I decided to abandon the windows installation and start again on a new solid state drive.

I've had the old HD unplugged since I did the new install. Is it safe to plug it in, boot to my new HD, do a scan, and start picking my files out? Obviously I won't run any programs from it...

Thanks peeps.

A:Old infected hard drive, safe to access?

It'll be safer to put that old hard drive in USB hard drive enclosure.Then..Install Panda USB Vaccine, or BitDefender?s USB Immunizer on your computer to protect it from any infected USB device.Now you'll be safe to plug USB enclosure in and scan the drive with your AV program.

1 more replies
Answer Match 39.06%

my computer is showing odd behaviour,menus keep blinking and it is difficult to watch a video because it gets forwarded on its own.suspecting a virus infection,i used combofix without supervision.however the problems i had earlier persists.is it safe to uninstall combofix without taking any action?

A:is it safe to uninstall combofix if your computer is infected?

Since you already ran Combofix due to malware infection, its log should be thoroughly reviewed by trained experts in order to ascertain what was detected/removed and what malware you're dealing with. A log should have been created and saved to the root directory, usually C:\ComboFix.txt.If I provide instructions on how to remove ComboFix, all that information will be lost and make it more difficult to disinfect your computer.Please follow the instructions in the Preparation Guide For Requesting Help starting at Step 6.When you have done that, start a new topic and post the required logs to include your ComboFix log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts.After doing this, please reply back in this thread with a link to the new topic so we can closed this one.

3 more replies
Answer Match 39.06%

Hi,
My computer is running windows 7 64bit and got infected with win32.sality.bh. I am not able to run any program except kaspersky. I had a full scan and removed all threats it could find but apparently the so called anti virus is not as powderful as it described. i still cant open any program. I tried to run in safe mode but cant do it without msconfig. any idea how can i run in safe mode? thanks in advance.

More replies
Answer Match 39.06%

Hello,

I'm using a spare computer to try and resolve an issue with my laptop.

Earlier I was using Firefox but Internet Explorer suddenly began to pop up. After a few tries using Task Master, I was able to shut off IE. But I wanted to search for any trojans or viruses and attempted to scan using Malwarebytes. This program shut down after a few seconds of scanning. When I attempted again, it said "Windows cannot access the specified device, path, or file."

I tried to run HijackThis in Safe Mode to try and get a log but got the exact same message as above about Windows not being able to access.

Any assistance would be GREATLY appreciated!
 

A:Badly Infected - Cannot Run HijackThis in Safe Mode

16 more replies
Answer Match 39.06%

I am available Mon - Thur, but will monitor my post and go to the computer if necessary over the weekend. This is an elderly woman's laptop done as a volunteer project and I will receive no compensation for my services.
 
I get redirected trying to go to bleeping computer and had to use safe mode to download and post.
 
Here is my log:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.17344
Run by Judy Gilman at 9:28:45 on 2014-11-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4008.3250 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\wbem\wmiprvse.exe... Read more

A:Win 7 infected with redirect. Can only use Chrome in safe mode.

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554855 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Answer Match 39.06%

Hi all,

My computer started running verrrrrrrrrrrrry slowly two days ago. It's so slow that nothing is usable. I tried to do a system restore, but all restore points are gone before April 30. Restoring the April 30 restore point fails with an error.

Tried various spyware and rootkit removal software and nothing helps. Desperate...

Here's my HijackThis log:

Thanks! Bob

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:33:35 PM, on 5/10/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intuit\QuickBooks 2009\QBW32.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http... Read more

A:Computer infected? Only runs OK in safe mode

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as... Read more

2 more replies
Answer Match 39.06%

Hi Guys,

My WinXP Sony Vaio VGN-215M has been infected by what the Dr. Web demo identified as 'NTRootkit.83'. The first symptom I noticed was .EXE files starting to disappear, including my Norton Antivrus. Another problem I noticed is my wireless network connection has disappeared (no networks show up anymore).

I have tried a variety of tools including the McAffeee Rootkit tool beta, but it seems this one is still sticking around. Dr. Web support indicated I should reboot in safe mode and then run Dr. Web to remove it, BUT; when I try a reboot in any form of safe mode, it:

a) reboots
b) shows the loading screen, and then goes through a list of drivers on the bottom of the screen
c) reboots itself back into normal mode

So effectively I cannot reboot into safe mode.

I have output the following Hijackthis logfile, if this helps:

Logfile of HijackThis v1.99.1
Scan saved at 8:19:25 PM, on 16/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Apoint\Apoint.exe
C:\Programme\ATI Technologies\ATI Co... Read more

A:Infected with NTRookit.83 - Can't reboot in safe mode

Still getting nowhere.

Installed Dr. Web antivirus, and just like my Norton, the .exe files for the program disappear. This is one nasty litte trojan.. please help!
 

1 more replies