1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

FreeFileViewer Remover

Discussion in 'Virus & Other Malware Removal' started by Zello, Feb 6, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. Zello

    Zello Thread Starter

    Joined:
    Mar 22, 2012
    Messages:
    79
    Hello all,

    I've installed freefileviewer onto my pc this morning in order to read a winmail.dat file. Well, now I'm getting all kinds of pop up windows and ads. I'd like to remove freefile viewer, but before I do anything and make things worse, I thought I'd ask how to do it here in hopes that I can be advised how to do it safely.

    I'm running Windows 7 Professional (64 bit).

    Any help would be greatly appreciated!

    Zello
     
  2. Nevan

    Nevan

    Joined:
    Jan 26, 2015
    Messages:
    216
    Hello, Zello. My nickname is Nevan and I will be helping you getting your system back on its electronic feet.

    Before we get started, please keep these things in mind:

    • Always read every part of my post carefully. If you don't, you may do something wrong and there could be more problems to solve.
    • If your security programs give you any warnings when using tools I asked you to, don't be afraid. Every tool I provide to you is 100% safe.
    • Only run tools that I ask you to. Some of them can be dangerous to your system as they have much power.
    • You should save or print my instructions. It is possible that we will be using Safe mode, which will cut you off from your internet connection and without access to them, you might be stuck.
    • Malware removal is a complicated process that takes multiple steps to be completed. Don't give up, be patient.
    • The tools we are going to use and your software may cause unwanted interactions. Because of that, I recommend you to make backups of any important files from your machine before proceeding as they might be lost.
    • I recommend you to stay with me until I tell you that we are done. It is important because when your system does not show any bad symptoms anymore it does not mean that it is 100% clean.
    • Every program I ask you to download should be saved to and run from desktop. If you don't know how to choose the direction of where a download is saved, check this site. You can also just copy these programs to your desktop manually and then run them from there.
    • Remember that the fixes I give you are only for your machine. Using it on other systems may (and probably will) cause problems.
    • Finally, if you have any questions or are unsure about something, just ask. I will not blame you for it. It is better to ask rather than regret it later.
    Also, please note that I'm currently in training, so my answers to you will have to be checked first by an experienced helper before I can post them. This can lengthen the time between my answers to you, but in return you will have an extra person reviewing your log.

    Let's get started :)



    First, I'd like to have a look at your system. Please, do the following:

    FRST Scan

    1. Download Farbar Recovery Scan Tool and save it to your Desktop.
    2. Right click FRST64.exe and click Run as administrator. When the tool opens click Yes to disclaimer.
    3. Make sure that Addition.txt is checked and press the Scan button.
    4. It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
    5. Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.


    Things that should appear in your next post:

    • FRST.txt log content
    • Addition.txt log content
     
  3. Zello

    Zello Thread Starter

    Joined:
    Mar 22, 2012
    Messages:
    79
    First of all, thank you for the quick response! Please see below the attached FRST and Addition log contents. Thank you for your help!

    Zello


    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015
    Ran by Felicia (administrator) on ZEFERINA-THINK on 06-02-2015 09:02:47
    Running from C:\Users\Felicia\Documents
    Loaded Profiles: Felicia (Available profiles: Felicia)
    Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Lenovo.) C:\Windows\System32\ibmpmsvc.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
    (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Lenovo.) C:\Windows\System32\TpShocks.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIBE.EXE
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    (Intel Corporation) C:\Windows\System32\igfxext.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    () C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
    () C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\PluginContainer.exe
    () C:\Program Files (x86)\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce\Updater.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    () C:\Program Files (x86)\PerforMax Cleaner\PerforMax Cleaner.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
    (Trusted Software ApS) C:\Program Files (x86)\File Type Assistant\tsassist.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11049576 2010-07-14] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2731304 2011-03-24] (Synaptics Incorporated)
    HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-01-14] (Lenovo.)
    HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [54632 2011-01-14] (Lenovo Group Limited)
    HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
    HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
    HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
    HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395616 2014-09-03] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-09-03] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [PerforMax Cleaner] => C:\Program Files (x86)\PerforMax Cleaner\PerforMax Cleaner.exe [1589760 2014-12-05] ()
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1021047743-4109810985-2817472021-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-14] (Google Inc.)
    HKU\S-1-5-21-1021047743-4109810985-2817472021-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIBE.EXE [283232 2013-03-13] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-1021047743-4109810985-2817472021-1000\...\Run: [WeatherBug] => C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe [146736 2014-09-23] ()
    HKU\S-1-5-21-1021047743-4109810985-2817472021-1000\...\RunOnce: [Adobe Speed Launcher] => 1423224092
    HKU\S-1-5-21-1021047743-4109810985-2817472021-1000\...\MountPoints2: {5bfd765b-e671-11e1-a69f-806e6f6e6963} - Q:\LenovoQDrive.exe
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-1021047743-4109810985-2817472021-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad
    HKU\S-1-5-21-1021047743-4109810985-2817472021-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
    HKU\S-1-5-21-1021047743-4109810985-2817472021-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://binkiland.com/?f=1&a=bnk_ir_...tGyC0CyDtBzzzyyC0FyBtB0CyE2Q&cr=249423420&ir=
    HKU\S-1-5-21-1021047743-4109810985-2817472021-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
    SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtAzy0C0BtDzyzzyC0C0FtDtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDtB0Fzy0E0B0CyDtGtCyDyEyBtGyDtD0CtBtG0E0ByByBtGtCyDyC0D0A0A0BtA0DzyzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0FtDzy0E0DtBtCtGyB0C0DtBtGyE0A0F0FtG0ByD0EzytGyC0CyDtBzzzyyC0FyBtB0CyE2Q&cr=249423420&ir=
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtAzy0C0BtDzyzzyC0C0FtDtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDtB0Fzy0E0B0CyDtGtCyDyEyBtGyDtD0CtBtG0E0ByByBtGtCyDyC0D0A0A0BtA0DzyzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0FtDzy0E0DtBtCtGyB0C0DtBtGyE0A0F0FtG0ByD0EzytGyC0CyDtBzzzyyC0FyBtB0CyE2Q&cr=249423420&ir=
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1021047743-4109810985-2817472021-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS500
    SearchScopes: HKU\S-1-5-21-1021047743-4109810985-2817472021-1000 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS500
    SearchScopes: HKU\S-1-5-21-1021047743-4109810985-2817472021-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS500
    SearchScopes: HKU\S-1-5-21-1021047743-4109810985-2817472021-1000 -> {AFF9B440-4BDD-460C-8849-DC8680953BEE} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=6EC8AF03-C173-4981-9112-C4A5FD712FA2&apn_sauid=EE145563-01AE-4F38-AAAC-1DB74E4930B6
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll (Symantec Corporation)
    BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Strong Signal -> {c723a437-2eaf-466d-a95b-3fa0966bf88c} -> C:\Program Files (x86)\Strong Signal\Extensions\c723a437-2eaf-466d-a95b-3fa0966bf88c.dll ()
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-1021047743-4109810985-2817472021-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

    FireFox:
    ========
    FF ProfilePath: C:\Users\Felicia\AppData\Roaming\Mozilla\Firefox\Profiles\y4u55iyo.default
    FF DefaultSearchEngine: Google
    FF SearchEngineOrder.1: Ask.com
    FF SelectedSearchEngine: Binkiland
    FF Homepage: hxxp://binkiland.com/?f=1&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtAzy0C0BtDzyzzyC0C0FtDtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDtB0Fzy0E0B0CyDtGtCyDyEyBtGyDtD0CtBtG0E0ByByBtGtCyDyC0D0A0A0BtA0DzyzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0FtDzy0E0DtBtCtGyB0C0DtBtGyE0A0F0FtG0ByD0EzytGyC0CyDtBzzzyyC0FyBtB0CyE2Q&cr=249423420&ir=
    FF Keyword.URL:
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF user.js: detected! => C:\Users\Felicia\AppData\Roaming\Mozilla\Firefox\Profiles\y4u55iyo.default\user.js
    FF SearchPlugin: C:\Users\Felicia\AppData\Roaming\Mozilla\Firefox\Profiles\y4u55iyo.default\searchplugins\askcom.xml
    FF SearchPlugin: C:\Users\Felicia\AppData\Roaming\Mozilla\Firefox\Profiles\y4u55iyo.default\searchplugins\Binkiland.xml
    FF Extension: Zotero - C:\Users\Felicia\AppData\Roaming\Mozilla\Firefox\Profiles\y4u55iyo.default\Extensions\[email protected] [2013-08-15]
    FF Extension: Strong Signal - C:\Users\Felicia\AppData\Roaming\Mozilla\Firefox\Profiles\y4u55iyo.default\Extensions\{629ac51d-702d-4c48-8a56-6d6a5061a41f}.xpi [2015-02-06]
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-01-26]
    FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn
    FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn [2012-09-06]
    FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn
    FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn [2015-02-06]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-07]

    Chrome:
    =======
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll No File
    CHR Plugin: (Norton Confidential) - C:\Users\Felicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll (Symantec Corporation)
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll No File
    CHR Plugin: (Java(TM) Platform SE 6 U17) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
    CHR Profile: C:\Users\Felicia\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Norton Security Toolbar) - C:\Users\Felicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-09-06]
    CHR Extension: (Google Wallet) - C:\Users\Felicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-13]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-01]
    CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\Extensions\Chrome.crx [2012-08-14]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-01] (AVAST Software)
    S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
    R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
    R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [138760 2011-08-10] (Symantec Corporation)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-14] (Realtek Semiconductor)
    R2 Service Mgr StrongSignal; C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\plugincontainer.exe [549624 2015-02-06] ()
    R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
    R2 Update Mgr StrongSignal; C:\Program Files (x86)\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce\updater.exe [351992 2015-02-05] ()
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-01] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-01] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-01] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-01] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-21] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-01] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-01] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-01] ()
    R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [1385120 2012-09-04] (Symantec Corporation)
    R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys [167048 2011-08-08] (Symantec Corporation)
    R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-10-06] (Symantec Corporation)
    R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2014-01-24] (EldoS Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-09-09] (Symantec Corporation)
    R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121005.002\IDSvia64.sys [513184 2012-09-07] (Symantec Corporation)
    S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121006.007\ENG64.SYS [126112 2012-10-06] (Symantec Corporation)
    S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121006.007\EX64.SYS [2084000 2012-10-06] (Symantec Corporation)
    S3 SRTSP; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSP64.SYS [729720 2011-08-02] (Symantec Corporation)
    R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSPX64.SYS [37496 2011-08-02] (Symantec Corporation)
    R3 SymDS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)
    R3 SymEFA; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS [1084536 2011-07-28] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-08-14] (Symantec Corporation)
    R3 SymIRON; C:\Windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS [189560 2011-07-25] (Symantec Corporation)
    R3 SymNetS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS [401016 2011-07-25] (Symantec Corporation)
    R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] ()
    R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [205952 2009-11-23] (SMI)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-06 09:02 - 2015-02-06 09:04 - 00028990 _____ () C:\Users\Felicia\Documents\FRST.txt
    2015-02-06 09:02 - 2015-02-06 09:02 - 00000000 ____D () C:\FRST
    2015-02-06 09:01 - 2015-02-06 09:01 - 02131968 _____ (Farbar) C:\Users\Felicia\Documents\FRST64.exe
    2015-02-06 07:36 - 2015-02-06 08:58 - 00000000 ____D () C:\Users\Felicia\AppData\Local\FreeFileViewer
    2015-02-06 07:33 - 2015-02-06 07:33 - 00554961 _____ () C:\Users\Felicia\Documents\winmail.dat
    2015-02-06 07:24 - 2015-02-06 07:38 - 00000000 ____D () C:\Users\Felicia\AppData\Local\FileTypeAssistant
    2015-02-06 07:24 - 2015-02-06 07:24 - 00003580 _____ () C:\Windows\System32\Tasks\ProgramRefresh-ATFST
    2015-02-06 07:24 - 2015-02-06 07:24 - 00002407 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerforMax Cleaner.lnk
    2015-02-06 07:24 - 2015-02-06 07:24 - 00002401 _____ () C:\Users\Public\Desktop\PerforMax Cleaner.lnk
    2015-02-06 07:24 - 2015-02-06 07:24 - 00000000 ____D () C:\Program Files (x86)\PerforMax Cleaner
    2015-02-06 07:23 - 2015-02-06 07:34 - 00000000 ____D () C:\Program Files (x86)\File Type Assistant
    2015-02-06 07:23 - 2015-02-06 07:23 - 00003914 _____ () C:\Windows\System32\Tasks\ProgramUpdateCheck
    2015-02-06 07:23 - 2015-02-06 07:23 - 00000000 ____D () C:\Users\Felicia\AppData\Local\IsolatedStorage
    2015-02-06 07:23 - 2015-02-06 07:23 - 00000000 ____D () C:\ProgramData\Package Cache
    2015-02-06 07:22 - 2015-02-06 07:22 - 00003106 _____ () C:\Windows\System32\Tasks\FreeFileViewerUpdateChecker
    2015-02-06 07:22 - 2015-02-06 07:22 - 00000406 _____ () C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
    2015-02-06 07:22 - 2015-02-06 07:22 - 00000000 ____D () C:\Users\Felicia\AppData\Local\Binkiland
    2015-02-06 07:21 - 2015-02-06 07:22 - 00000000 ____D () C:\Program Files (x86)\FreeFileViewer
    2015-02-06 07:21 - 2015-02-06 07:21 - 00001890 _____ () C:\Users\Felicia\AppData\Roaming\Microsoft\Windows\Start Menu\WeatherBug®.lnk
    2015-02-06 07:21 - 2015-02-06 07:21 - 00001866 _____ () C:\Users\Felicia\Desktop\WeatherBug®.lnk
    2015-02-06 07:21 - 2015-02-06 07:21 - 00001100 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\FreeFileViewer.lnk
    2015-02-06 07:21 - 2015-02-06 07:21 - 00001094 _____ () C:\Users\Felicia\Desktop\FreeFileViewer.lnk
    2015-02-06 07:21 - 2015-02-06 07:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherBug®
    2015-02-06 07:21 - 2015-02-06 07:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileViewer
    2015-02-06 07:21 - 2015-02-06 07:21 - 00000000 ____D () C:\Program Files\Earth Networks
    2015-02-06 07:20 - 2015-02-06 07:21 - 00000000 __HDC () C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}
    2015-02-06 07:20 - 2015-02-06 07:20 - 00000000 ____D () C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce
    2015-02-06 07:20 - 2015-02-06 07:20 - 00000000 ____D () C:\Program Files (x86)\WSE_Binkiland
    2015-02-06 07:20 - 2015-02-06 07:20 - 00000000 ____D () C:\Program Files (x86)\Strong Signal
    2015-02-06 07:20 - 2015-02-06 07:18 - 18816752 _____ (Bitberry Software ) C:\Users\Felicia\Downloads\FreeFileViewerSetup.exe
    2015-02-06 07:17 - 2015-02-06 07:17 - 00798016 _____ (Web App Generic ) C:\Users\Felicia\Documents\FreeFileViewerDMSetup.exe
    2015-02-06 06:48 - 2015-02-06 06:48 - 00554961 _____ () C:\Users\Felicia\Documents\Guillermo.dat
    2015-02-04 22:30 - 2015-02-04 22:31 - 00000000 ____D () C:\116b5a665cd05f6991d2
    2015-02-04 19:00 - 2015-02-04 19:00 - 05070512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2015-02-01 16:10 - 2015-02-01 16:10 - 00000000 ___RD () C:\Users\Felicia\Documents\SlideShow
    2015-02-01 15:47 - 2015-02-01 15:58 - 3756270023 _____ () C:\Users\Felicia\Documents\New Compressed (zipped) Folder.zip
    2015-02-01 15:44 - 2015-02-01 15:44 - 00000000 ____D () C:\Users\Felicia\Documents\InterVideo
    2015-02-01 15:38 - 2015-02-01 15:38 - 00000000 ____D () C:\Users\Felicia\AppData\Roaming\InterVideo
    2015-01-26 21:00 - 2015-01-26 21:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-01-22 14:52 - 2015-01-22 14:52 - 02992209 _____ () C:\Users\Felicia\Documents\ExpeditionSertao.zip
    2015-01-22 14:31 - 2015-01-22 20:58 - 46366973 _____ () C:\Users\Felicia\Documents\Dissertation Chapter Articles on Quilombos.zip
    2015-01-13 16:37 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-13 16:37 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-13 16:37 - 2014-12-11 11:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-13 16:37 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-13 16:37 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-01-13 16:37 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-01-13 16:36 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-13 16:36 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-01-13 16:36 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-01-13 16:36 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-01-13 16:36 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-01-13 16:36 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-01-13 16:36 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-06 09:03 - 2009-07-13 22:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-06 09:03 - 2009-07-13 22:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-06 09:00 - 2012-09-09 06:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-02-06 08:30 - 2012-08-14 19:10 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-06 08:29 - 2012-08-14 18:40 - 02086816 _____ () C:\Windows\WindowsUpdate.log
    2015-02-06 06:01 - 2012-08-14 19:10 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-06 05:48 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-06 05:47 - 2009-07-13 22:51 - 00150156 _____ () C:\Windows\setupact.log
    2015-02-05 09:59 - 2009-07-13 23:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
    2015-02-04 22:37 - 2014-02-25 23:30 - 00775124 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2015-02-04 22:37 - 2009-07-13 23:13 - 00775124 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-04 19:01 - 2012-09-09 06:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-02-04 19:00 - 2012-09-09 06:06 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-02-04 19:00 - 2012-09-09 06:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-02-04 06:11 - 2012-10-07 05:15 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2015-02-03 18:14 - 2012-08-14 19:10 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-02-03 18:14 - 2012-08-14 19:10 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-02-01 16:05 - 2013-08-02 13:03 - 00000000 ____D () C:\Users\Felicia\AppData\Local\CrashDumps
    2015-02-01 15:37 - 2012-08-14 19:02 - 00000000 ____D () C:\ProgramData\InterVideo
    2015-01-27 06:06 - 2012-09-09 05:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-01-24 05:49 - 2014-10-12 13:22 - 00000000 ____D () C:\Users\Felicia\AppData\Local\Adobe
    2015-01-13 22:33 - 2013-08-01 21:30 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-13 22:24 - 2012-09-09 20:57 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-11 20:15 - 2013-03-22 15:19 - 00000000 ____D () C:\Users\Felicia\Documents\Felicia Ann Bradley

    Some content of TEMP:
    ====================
    C:\Users\Felicia\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8gmcbp.dll
    C:\Users\Felicia\AppData\Local\Temp\edsetup.exe
    C:\Users\Felicia\AppData\Local\Temp\ffsetup.exe
    C:\Users\Felicia\AppData\Local\Temp\i4jdel0.exe
    C:\Users\Felicia\AppData\Local\Temp\ose00000.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-26 07:12

    ==================== End Of Log ============================





    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2015
    Ran by Felicia at 2015-02-06 09:05:27
    Running from C:\Users\Felicia\Documents
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Registry Patch to arrange icons in Device and Printers folder of Windows 7 (HKLM\...\W7DevOR) (Version: 1.00 - )
    Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
    Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.200.13 - Citrix Systems, Inc.)
    Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
    Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
    Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
    Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
    CRON-O-METER 0.9.9 (HKLM-x32\...\CRON-O-METER) (Version: 0.9.9 - spaz.ca)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
    Dropbox (HKU\S-1-5-21-1021047743-4109810985-2817472021-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
    Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - )
    Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
    Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    EPSON XP-400 Series Printer Uninstall (HKLM\...\EPSON XP-400 Series) (Version: - SEIKO EPSON Corporation)
    Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
    File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: 2014.3.25.0 - ) <==== ATTENTION
    Free File Viewer 2014 (HKLM-x32\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    Integrated Camera (HKLM\...\Integrated Camera) (Version: 5.50.2.7 - Silicon Motion)
    Integrated Camera (HKLM-x32\...\{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}) (Version: 5.50.2.7 - Silicon Motion)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2125 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.199 - InterVideo Inc.)
    InterVideo WinDVD 8 (x32 Version: 8.0.20.199 - InterVideo Inc.) Hidden
    iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
    Java(TM) 6 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
    Java(TM) 6 Update 35 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.350 - Oracle)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
    Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
    Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
    Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
    Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
    Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0004.00 - Lenovo)
    Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo)
    LTCM Client (HKLM-x32\...\LTCM Client) (Version: - Leader Technologies Inc.)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Mobile Broadband (HKLM-x32\...\{4330AAE7-1893-42F9-BC38-539A1A60530B}) (Version: 3.6.0034 - Lenovo)
    Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Norton Internet Security (HKLM-x32\...\NIS) (Version: 19.1.0.28 - Symantec Corporation)
    On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.60.03 - )
    Online Plug-in (x32 Version: 14.1.200.13 - Citrix Systems, Inc.) Hidden
    PerforMax Cleaner (HKLM-x32\...\{918813b3-de2f-404c-9f62-4652a8493f2c}) (Version: 1.0.0.0 - OneBit IT)
    PerforMax Cleaner (x32 Version: 1.0.0.0 - OneBit IT) Hidden
    Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0010 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6146 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)
    Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
    Self-service Plug-in (x32 Version: 4.1.200.588 - Citrix Systems, Inc.) Hidden
    Software Updater (HKLM-x32\...\{A3B308B9-BE96-4334-816F-3D82B19A7DE2}) (Version: 4.1.7 - SEIKO EPSON CORPORATION)
    Strong Signal (HKLM-x32\...\Strong Signal) (Version: 2.0.5514.42369 - Strong Signal)
    System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
    ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.60.0.4 - )
    ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.30 - )
    ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.19.0 - )
    ThinkPad Wireless LAN Adapter Software (HKLM-x32\...\{9D3D2C60-A55F-4fed-B2B9-17311226DF01}) (Version: 1.00.0029.5 - REALTEK Semiconductor Corp.)
    ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.74 - Lenovo)
    ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 1.43 - Lenovo)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    WeatherBug® (HKLM-x32\...\WeatherBug®) (Version: 10.0.7.4 - Earth Networks, Inc.)
    Windows Driver Package - Intel (iaStor) hdc (01/15/2010 9.5.7.1002) (HKLM\...\C39A7AFB5CAF49F10B9573FFE2E981F1AB2074B6) (Version: 01/15/2010 9.5.7.1002 - Intel)
    Windows Driver Package - Intel hdc (06/04/2009 7.0.0.1013) (HKLM\...\1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31) (Version: 06/04/2009 7.0.0.1013 - Intel)
    Windows Driver Package - Intel System (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
    Windows Driver Package - Intel System (10/28/2009 9.1.1.1022) (HKLM\...\573C3C32A1DB5625CA00E633E584E8A0E6383672) (Version: 10/28/2009 9.1.1.1022 - Intel)
    Windows Driver Package - Intel System (10/28/2009 9.1.1.1022) (HKLM\...\D94DFF1289C7A7BEBA126E4CDADE0E85B99E60F1) (Version: 10/28/2009 9.1.1.1022 - Intel)
    Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020) (HKLM\...\A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9) (Version: 08/20/2009 9.1.1.1020 - Intel)
    Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (HKLM\...\114EB224AD576F278686036AA9E1EFB7847E3935) (Version: 11/18/2009 1.60.0.4 - Lenovo)
    Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (06/29/2010 6.0.1.6146) (HKLM\...\03A7DBDC77B53F52C7EA041F531310CFC5E2AD9E) (Version: 06/29/2010 6.0.1.6146 - Realtek Semiconductor Corp.)
    Windows Driver Package - Synaptics (SynTP) Mouse (03/24/2011 15.2.19.0) (HKLM\...\5DF942712DC7660AE4A1B04809A1C3F67B0CA27C) (Version: 03/24/2011 15.2.19.0 - Synaptics)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    WSE_Binkiland (HKLM-x32\...\WSE_Binkiland) (Version: - WSE_Binkiland)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-1021047743-4109810985-2817472021-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felicia\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1021047743-4109810985-2817472021-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felicia\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1021047743-4109810985-2817472021-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felicia\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1021047743-4109810985-2817472021-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felicia\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    13-01-2015 16:35:48 Windows Update
    13-01-2015 22:22:33 Windows Update
    20-01-2015 06:34:08 Windows Update
    27-01-2015 03:56:31 Windows Update
    30-01-2015 05:39:36 Windows Update
    03-02-2015 03:06:58 Windows Update
    04-02-2015 22:29:01 Windows Update
    06-02-2015 05:55:42 Windows Update
    06-02-2015 07:20:33 PerforMax Cleaner

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0E3C52FB-1906-4B01-97E3-AEA335AFE10F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-01] (AVAST Software)
    Task: {296E9BC3-83AC-438A-907B-5653540B342A} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2013-03-25] (Bitberry Software) <==== ATTENTION
    Task: {2AAB3896-61F7-47C2-B778-9816B6A7A954} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe [2014-03-25] (Trusted Software ApS) <==== ATTENTION
    Task: {6393F978-80E0-45BE-97A6-10B8A28FDDBB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
    Task: {8D0B83D9-641B-4DE8-B166-45FF8D19796C} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27] ()
    Task: {A84CAFF7-E262-4467-A507-356430F91EC5} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files (x86)\File Type Assistant\tsasetup.exe [2014-04-04] ( ) <==== ATTENTION
    Task: {BBD6B603-E9DD-48B3-AEB2-B36FFE38F1EB} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe [2011-08-11] (Symantec Corporation)
    Task: {D9DC515C-ABD9-4AF4-BA8F-7BE00EA03FB8} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2010-08-24] (Lenovo Group Limited)
    Task: {DA5CB106-9CF8-4192-AD88-2DD53AA720F0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {DF409233-10D1-442D-BB79-E9CE3DA06826} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe [2011-08-11] (Symantec Corporation)
    Task: {E6CB1F34-6B0E-46F8-98EA-4646698B2F46} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\WSCStub.exe [2011-08-13] (Symantec Corporation)
    Task: {F0414682-A427-4B96-A535-B4A0C24B4D01} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
    Task: {FB38E73F-1F50-4568-9188-7B5DFC1B8882} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2012-08-14 18:51 - 2010-08-24 12:30 - 00038912 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
    2012-08-14 18:24 - 2011-03-24 04:48 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
    2010-11-29 03:34 - 2010-11-29 03:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2009-05-27 23:09 - 2009-05-27 23:09 - 00049976 _____ () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
    2015-02-06 00:32 - 2015-02-06 00:32 - 00549624 ____N () C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\plugincontainer.exe
    2015-02-05 23:32 - 2015-02-05 23:32 - 00351992 ____N () C:\Program Files (x86)\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce\updater.exe
    2014-12-05 03:36 - 2014-12-05 03:36 - 01589760 _____ () C:\Program Files (x86)\PerforMax Cleaner\PerforMax Cleaner.exe
    2014-08-01 04:18 - 2014-08-01 04:18 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
    2015-02-05 18:55 - 2015-02-05 18:55 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020501\algo.dll
    2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-08-01 04:18 - 2014-08-01 04:18 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2015-01-26 21:00 - 2015-01-26 21:00 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    2015-02-04 19:00 - 2015-02-04 19:00 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
    2012-08-14 18:46 - 2009-10-23 19:50 - 00326144 _____ () C:\Windows\system32\370prop.ax
    2015-02-06 07:23 - 2008-10-15 16:44 - 00205312 _____ () C:\Program Files (x86)\File Type Assistant\itdownload.dll
    2012-09-23 19:43 - 2012-09-23 19:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
    2012-12-18 13:08 - 2012-12-18 13:08 - 14588632 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\NPSWF32.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Registry Areas =====================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1021047743-4109810985-2817472021-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Felicia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1021047743-4109810985-2817472021-500 - Administrator - Disabled)
    Felicia (S-1-5-21-1021047743-4109810985-2817472021-1000 - Administrator - Enabled) => C:\Users\Felicia
    Guest (S-1-5-21-1021047743-4109810985-2817472021-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1021047743-4109810985-2817472021-1002 - Limited - Enabled)

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/06/2015 08:11:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 16442

    Error: (02/06/2015 08:11:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 16442

    Error: (02/06/2015 08:11:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (02/06/2015 08:11:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 15397

    Error: (02/06/2015 08:11:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 15397

    Error: (02/06/2015 08:11:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (02/06/2015 08:11:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 14399

    Error: (02/06/2015 08:11:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 14399

    Error: (02/06/2015 08:11:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (02/06/2015 08:11:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 13400


    System errors:
    =============
    Error: (02/06/2015 08:29:02 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.

    Error: (02/06/2015 08:28:18 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Lenovo.VIRTSCRLSVC service.

    Error: (02/05/2015 10:15:58 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

    Error: (02/05/2015 10:15:51 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}

    Error: (02/05/2015 10:15:24 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

    Error: (02/05/2015 01:46:03 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

    Error: (02/05/2015 01:45:36 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}

    Error: (02/05/2015 01:45:01 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

    Error: (02/05/2015 03:57:41 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 10:37:25 PM on &#8206;2/&#8206;4/&#8206;2015 was unexpected.

    Error: (02/04/2015 10:28:43 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}


    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
    Percentage of memory in use: 87%
    Total physical RAM: 1908.55 MB
    Available physical RAM: 241.8 MB
    Total Pagefile: 3817.1 MB
    Available Pagefile: 1307.5 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB

    ==================== Drives ================================

    Drive c: (Windows7_OS) (Fixed) (Total:284.91 GB) (Free:207.54 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive q: (Lenovo_Recovery) (Fixed) (Total:11.72 GB) (Free:3.16 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: B70F5310)
    Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=284.9 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  4. Nevan

    Nevan

    Joined:
    Jan 26, 2015
    Messages:
    216
    A short question before we proceed...

    I've noticed that you have both Norton Internet Security and Avast installed, but Norton seems to be disabled. Does it mean that your paid subscription on it has ended? If so, do you plan on renewing it? Or maybe you want to stick with Avast?
     
  5. Zello

    Zello Thread Starter

    Joined:
    Mar 22, 2012
    Messages:
    79
    I think that I intend to stick with Avast (I'm not sure which is better, I'm just used to Avast by now).
     
  6. Nevan

    Nevan

    Joined:
    Jan 26, 2015
    Messages:
    216
    Hello, Zello.

    Please tell me if the infection is still present after performing the following instructions.

    Step #1
    Uninstalling Norton Security Suite

    1. Please, download Norton Removal Tool to your desktop.
    2. Double-click Norton_Removal_Tool.exe and follow the on-screen instructions.
    3. After the uninstalling process is complete, restart your computer.



    Step #2
    FRST Fix

    1. Download attached fixlist.txt file to your desktop.
      >> fixlist.txt <<
      NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    2. Right click FRST64.exe on your desktop and click Run as administrator. When the tool opens click Yes to disclaimer.
    3. Press the Fix button just once and wait.
      NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
    4. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    5. When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.



    Step #3
    Uninstall programs

    Go to Start Menu>Control Panel>Programs>Uninstall a program (or Control Panel>Programs and Features if using icon view) and remove the following programs:

    • File Type Assistant
    • Free File Viewer 2014
    • PerforMax Cleaner
    • PerforMax Cleaner (there should be two of them - if there's only one, uninstall it)
    • Strong Signal
    • WSE_Binkiland

    Optional programs to uninstall:

    • WeatherBug® (if you don't know what it is)



    Things that should appear in your next post:

    • Fixlog.txt log content
    • Please tell me if you have successfully installed all the programs I've asked you to uninstall (including Norton)
    • Please tell me if the infection is still present
     

    Attached Files:

  7. Zello

    Zello Thread Starter

    Joined:
    Mar 22, 2012
    Messages:
    79
    Nevan,

    Please find below the fixlog content, followed by a recounting of the current status of the computer. Thank you.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-02-2015
    Ran by Felicia at 2015-02-06 19:20:38 Run:1
    Running from C:\Users\Felicia\Documents
    Loaded Profiles: Felicia (Available profiles: Felicia)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    HKLM-x32\...\Run: [PerforMax Cleaner] => C:\Program Files (x86)\PerforMax Cleaner\PerforMax Cleaner.exe [1589760 2014-12-05] ()
    C:\Program Files (x86)\PerforMax Cleaner
    HKU\S-1-5-21-1021047743-4109810985-2817472021-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://binkiland.com/?f=1&a=bnk_ir_1...=249423420&ir=
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1QzuyByE0EyDy EtAzy0C0BtDzyzzyC0C0FtDtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyE tBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDtB0Fzy0E0B0CyDtGtCyDyEyBtGyDtD0CtBtG0 E0ByByBtGtCyDyC0D0A0A0BtA0DzyzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0FtDzy0E0DtBtC tGyB0C0DtBtGyE0A0F0FtG0ByD0EzytGyC0CyDtBzzzyyC0FyBtB0CyE2Q&cr=249423420&ir=
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL
    SearchScopes: HKU\S-1-5-21-1021047743-4109810985-2817472021-1000 -> {AFF9B440-4BDD-460C-8849-DC8680953BEE} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_ dtid=OSJ000&apn_uid=6EC8AF03-C173-4981-9112-C4A5FD712FA2&apn_sauid=EE145563-01AE-4F38-AAAC-1DB74E4930B6
    BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll (Symantec Corporation)
    C:\Program Files (x86)\Norton Internet Security
    BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll (Symantec Corporation)
    BHO-x32: Strong Signal -> {c723a437-2eaf-466d-a95b-3fa0966bf88c} -> C:\Program Files (x86)\Strong Signal\Extensions\c723a437-2eaf-466d-a95b-3fa0966bf88c.dll ()
    C:\Program Files (x86)\Strong Signal
    FF SelectedSearchEngine: Binkiland
    FF Homepage: hxxp://binkiland.com/?f=1&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtAzy0C0BtDzyzzyC0C0FtDtN0D 0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2 Y1L1Qzu2SyDtB0Fzy0E0B0CyDtGtCyDyEyBtGyDtD0CtBtG0E0ByByBtGtCyDyC0D0A0A0BtA0D zyzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0FtDzy0E0DtBtCtGyB0C0DtBtGyE0A0F0FtG0ByD0 EzytGyC0CyDtBzzzyyC0FyBtB0CyE2Q&cr=249423420&ir=
    FF user.js: detected! => C:\Users\Felicia\AppData\Roaming\Mozilla\Firefox\Profiles\y4u55iyo.default\ user.js
    FF Extension: Strong Signal - C:\Users\Felicia\AppData\Roaming\Mozilla\Firefox\Profiles\y4u55iyo.default\ Extensions\{629ac51d-702d-4c48-8a56-6d6a5061a41f}.xpi [2015-02-06]
    FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn
    FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn [2012-09-06]
    FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn
    FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn [2015-02-06]
    CHR Plugin: (Norton Confidential) - C:\Users\Felicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npco plgn.dll (Symantec Corporation)
    CHR Extension: (Norton Security Toolbar) - C:\Users\Felicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-09-06]
    CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\Extensions\Chrome.crx [2012-08-14]
    R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [138760 2011-08-10] (Symantec Corporation)
    R2 Service Mgr StrongSignal; C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\plugincontainer.exe [549624 2015-02-06] ()
    C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce
    R2 Update Mgr StrongSignal; C:\Program Files (x86)\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce\updater.exe [351992 2015-02-05] ()
    C:\Program Files (x86)\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce
    R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [1385120 2012-09-04] (Symantec Corporation)
    R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys [167048 2011-08-08] (Symantec Corporation)
    R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-10-06] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-09-09] (Symantec Corporation)
    R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121005.002\IDSvia64.sys [513184 2012-09-07] (Symantec Corporation)
    S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121006.007\ENG64.SYS [126112 2012-10-06] (Symantec Corporation)
    S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121006.007\EX64.SYS [2084000 2012-10-06] (Symantec Corporation)
    S3 SRTSP; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSP64.SYS [729720 2011-08-02] (Symantec Corporation)
    R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSPX64.SYS [37496 2011-08-02] (Symantec Corporation)
    R3 SymDS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)
    R3 SymEFA; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS [1084536 2011-07-28] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-08-14] (Symantec Corporation)
    R3 SymIRON; C:\Windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS [189560 2011-07-25] (Symantec Corporation)
    R3 SymNetS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS [401016 2011-07-25] (Symantec Corporation)
    2015-02-06 07:36 - 2015-02-06 08:58 - 00000000 ____D () C:\Users\Felicia\AppData\Local\FreeFileViewer
    2015-02-06 07:24 - 2015-02-06 07:38 - 00000000 ____D () C:\Users\Felicia\AppData\Local\FileTypeAssistant
    2015-02-06 07:24 - 2015-02-06 07:24 - 00003580 _____ () C:\Windows\System32\Tasks\ProgramRefresh-ATFST
    2015-02-06 07:24 - 2015-02-06 07:24 - 00002407 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerforMax Cleaner.lnk
    2015-02-06 07:24 - 2015-02-06 07:24 - 00002401 _____ () C:\Users\Public\Desktop\PerforMax Cleaner.lnk
    2015-02-06 07:24 - 2015-02-06 07:24 - 00000000 ____D () C:\Program Files (x86)\PerforMax Cleaner
    2015-02-06 07:23 - 2015-02-06 07:34 - 00000000 ____D () C:\Program Files (x86)\File Type Assistant
    2015-02-06 07:23 - 2015-02-06 07:23 - 00003914 _____ () C:\Windows\System32\Tasks\ProgramUpdateCheck
    2015-02-06 07:23 - 2015-02-06 07:23 - 00000000 ____D () C:\Users\Felicia\AppData\Local\IsolatedStorage
    2015-02-06 07:23 - 2015-02-06 07:23 - 00000000 ____D () C:\ProgramData\Package Cache
    2015-02-06 07:22 - 2015-02-06 07:22 - 00003106 _____ () C:\Windows\System32\Tasks\FreeFileViewerUpdateChecker
    2015-02-06 07:22 - 2015-02-06 07:22 - 00000406 _____ () C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
    2015-02-06 07:22 - 2015-02-06 07:22 - 00000000 ____D () C:\Users\Felicia\AppData\Local\Binkiland
    2015-02-06 07:21 - 2015-02-06 07:22 - 00000000 ____D () C:\Program Files (x86)\FreeFileViewer
    2015-02-06 07:21 - 2015-02-06 07:21 - 00001890 _____ () C:\Users\Felicia\AppData\Roaming\Microsoft\Windows\Start Menu\WeatherBug®.lnk
    2015-02-06 07:21 - 2015-02-06 07:21 - 00001100 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\FreeFileViewer.lnk
    2015-02-06 07:21 - 2015-02-06 07:21 - 00001094 _____ () C:\Users\Felicia\Desktop\FreeFileViewer.lnk
    2015-02-06 07:21 - 2015-02-06 07:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileViewer
    2015-02-06 07:20 - 2015-02-06 07:21 - 00000000 __HDC () C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}
    2015-02-06 07:20 - 2015-02-06 07:20 - 00000000 ____D () C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce
    2015-02-06 07:20 - 2015-02-06 07:20 - 00000000 ____D () C:\Program Files (x86)\WSE_Binkiland
    2015-02-06 07:20 - 2015-02-06 07:20 - 00000000 ____D () C:\Program Files (x86)\Strong Signal
    2015-02-06 07:20 - 2015-02-06 07:18 - 18816752 _____ (Bitberry Software ) C:\Users\Felicia\Downloads\FreeFileViewerSetup.exe
    2015-02-06 07:17 - 2015-02-06 07:17 - 00798016 _____ (Web App Generic ) C:\Users\Felicia\Documents\FreeFileViewerDMSetup.exe
    Task: {296E9BC3-83AC-438A-907B-5653540B342A} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2013-03-25] (Bitberry Software) <==== ATTENTION
    C:\Program Files (x86)\FreeFileViewer
    Task: {2AAB3896-61F7-47C2-B778-9816B6A7A954} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe [2014-03-25] (Trusted Software ApS) <==== ATTENTION
    Task: {A84CAFF7-E262-4467-A507-356430F91EC5} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files (x86)\File Type Assistant\tsasetup.exe [2014-04-04] ( ) <==== ATTENTION
    Task: {BBD6B603-E9DD-48B3-AEB2-B36FFE38F1EB} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe [2011-08-11] (Symantec Corporation)
    Task: {DF409233-10D1-442D-BB79-E9CE3DA06826} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe [2011-08-11] (Symantec Corporation)
    Task: {E6CB1F34-6B0E-46F8-98EA-4646698B2F46} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\WSCStub.exe [2011-08-13] (Symantec Corporation)
    Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
    2014-12-05 03:36 - 2014-12-05 03:36 - 01589760 _____ () C:\Program Files (x86)\PerforMax Cleaner\PerforMax Cleaner.exe
    2015-02-06 07:23 - 2008-10-15 16:44 - 00205312 _____ () C:\Program Files (x86)\File Type Assistant\itdownload.dll
    EmptyTemp:
    CMD: bitsadmin /reset /allusers
    *****************

    Processes closed successfully.
    Restore point was successfully created.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\PerforMax Cleaner => value deleted successfully.
    C:\Program Files (x86)\PerforMax Cleaner => Moved successfully.
    HKU\S-1-5-21-1021047743-4109810985-2817472021-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
    HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL => Value not found.
    "HKU\S-1-5-21-1021047743-4109810985-2817472021-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFF9B440-4BDD-460C-8849-DC8680953BEE}" => Key deleted successfully.
    HKCR\CLSID\{AFF9B440-4BDD-460C-8849-DC8680953BEE} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => Key not found.
    HKCR\Wow6432Node\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => Key not found.
    "C:\Program Files (x86)\Norton Internet Security" => File/Directory not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => Key not found.
    HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found.
    HKCR\Wow6432Node\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c723a437-2eaf-466d-a95b-3fa0966bf88c}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{c723a437-2eaf-466d-a95b-3fa0966bf88c}" => Key deleted successfully.
    C:\Program Files (x86)\Strong Signal => Moved successfully.
    Firefox SelectedSearchEngine deleted successfully.
    Firefox homepage deleted successfully.
    C:\Users\Felicia\AppData\Roaming\Mozilla\Firefox\Profiles\y4u55iyo.default\ user.js not found.
    C:\Users\Felicia\AppData\Roaming\Mozilla\Firefox\Profiles\y4u55iyo.default\ Extensions\{629ac51d-702d-4c48-8a56-6d6a5061a41f}.xpi not found.
    HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB} => Value not found.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn not found.
    HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} => Value not found.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn not found.
    C:\Users\Felicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npco plgn.dll not found.
    C:\Users\Felicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk => Moved successfully.
    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk => Key not found.
    "C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\Extensions\Chrome.crx" => File/Directory not found.
    NIS => Service not found.
    Service Mgr StrongSignal => Service deleted successfully.
    C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce => Moved successfully.
    Update Mgr StrongSignal => Service deleted successfully.
    C:\Program Files (x86)\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce => Moved successfully.
    BHDrvx64 => Service not found.
    ccSet_NIS => Service not found.
    eeCtrl => Service not found.
    EraserUtilRebootDrv => Service not found.
    IDSVia64 => Service not found.
    NAVENG => Service not found.
    NAVEX15 => Service not found.
    SRTSP => Service not found.
    SRTSPX => Service not found.
    SymDS => Service not found.
    SymEFA => Service not found.
    SymEvent => Service not found.
    SymIRON => Service not found.
    SymNetS => Service not found.
    C:\Users\Felicia\AppData\Local\FreeFileViewer => Moved successfully.
    C:\Users\Felicia\AppData\Local\FileTypeAssistant => Moved successfully.
    C:\Windows\System32\Tasks\ProgramRefresh-ATFST => Moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerforMax Cleaner.lnk => Moved successfully.
    C:\Users\Public\Desktop\PerforMax Cleaner.lnk => Moved successfully.
    "C:\Program Files (x86)\PerforMax Cleaner" => File/Directory not found.
    C:\Program Files (x86)\File Type Assistant => Moved successfully.
    C:\Windows\System32\Tasks\ProgramUpdateCheck => Moved successfully.
    C:\Users\Felicia\AppData\Local\IsolatedStorage => Moved successfully.
    C:\ProgramData\Package Cache => Moved successfully.
    C:\Windows\System32\Tasks\FreeFileViewerUpdateChecker => Moved successfully.
    C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => Moved successfully.
    C:\Users\Felicia\AppData\Local\Binkiland => Moved successfully.
    C:\Program Files (x86)\FreeFileViewer => Moved successfully.
    C:\Users\Felicia\AppData\Roaming\Microsoft\Windows\Start Menu\WeatherBug®.lnk => Moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\FreeFileViewer.lnk => Moved successfully.
    C:\Users\Felicia\Desktop\FreeFileViewer.lnk => Moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileViewer => Moved successfully.
    C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6} => Moved successfully.
    "C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce" => File/Directory not found.
    C:\Program Files (x86)\WSE_Binkiland => Moved successfully.
    "C:\Program Files (x86)\Strong Signal" => File/Directory not found.
    C:\Users\Felicia\Downloads\FreeFileViewerSetup.exe => Moved successfully.
    C:\Users\Felicia\Documents\FreeFileViewerDMSetup.exe => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{296E9BC3-83AC-438A-907B-5653540B342A}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{296E9BC3-83AC-438A-907B-5653540B342A}" => Key deleted successfully.
    C:\Windows\System32\Tasks\FreeFileViewerUpdateChecker not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FreeFileViewerUpdateChecker" => Key deleted successfully.
    "C:\Program Files (x86)\FreeFileViewer" => File/Directory not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2AAB3896-61F7-47C2-B778-9816B6A7A954}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2AAB3896-61F7-47C2-B778-9816B6A7A954}" => Key deleted successfully.
    C:\Windows\System32\Tasks\ProgramUpdateCheck not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramUpdateCheck" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A84CAFF7-E262-4467-A507-356430F91EC5}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A84CAFF7-E262-4467-A507-356430F91EC5}" => Key deleted successfully.
    C:\Windows\System32\Tasks\ProgramRefresh-ATFST not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramRefresh-ATFST" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BBD6B603-E9DD-48B3-AEB2-B36FFE38F1EB}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBD6B603-E9DD-48B3-AEB2-B36FFE38F1EB}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Norton Internet Security\Norton Error Analyzer => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Analyzer" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF409233-10D1-442D-BB79-E9CE3DA06826}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF409233-10D1-442D-BB79-E9CE3DA06826}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Norton Internet Security\Norton Error Processor => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Processor" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6CB1F34-6B0E-46F8-98EA-4646698B2F46}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6CB1F34-6B0E-46F8-98EA-4646698B2F46}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Norton WSC Integration => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton WSC Integration" => Key deleted successfully.
    C:\Windows\Tasks\FreeFileViewerUpdateChecker.job not found.
    "C:\Program Files (x86)\PerforMax Cleaner\PerforMax Cleaner.exe" => File/Directory not found.
    "C:\Program Files (x86)\File Type Assistant\itdownload.dll" => File/Directory not found.

    ========= bitsadmin /reset /allusers =========


    BITSADMIN version 3.0 [ 7.5.7601 ]
    BITS administration utility.
    (C) Copyright 2000-2006 Microsoft Corp.

    BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
    Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

    Unable to cancel {1CE9A54F-B5EC-4BD2-AE9B-4131FBE601FF}.
    0 out of 1 jobs canceled.

    ========= End of CMD: =========

    EmptyTemp: => Removed 1.8 GB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 19:24:49 ====






    As for the uninstall, I uninstalled the programs you asked me to (including weatherbug), but for most of them, a message came up saying that the program had already been uninstalled and asking if I wanted to remove the name from the program list, so I removed them.

    I then rebooted the computer and the desktop icons for performax and file viewer are gone, and the binkiland home page no longer comes up. However, I do still get the strong ad pop ups and any time I click on a search term, it opens in a new tab. So it would appear that the infection isn't totally gone.
     
  8. Nevan

    Nevan

    Joined:
    Jan 26, 2015
    Messages:
    216
    Hello, Zello.

    Let's try something else. Please tell me if that gets rid of the problem.

    Step #1
    Junkware Removal Tool

    1. Download Junkware Removal Tool to your Desktop
    2. Close any open windows
    3. Disable your Antivirus program (click here if you don't know how to do this)
    4. Double click JRT.exe on your desktop to run it
    5. Click any button to start the scan
    6. Wait for Junkware Removal Tool to finish the scan
    7. When the scan is finished, JRT.txt will be saved to your desktop and it will automatically open
    8. Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.



    Step #2
    AdwCleaner

    1. Download AdwCleaner to your Desktop.
    2. Close any open windows
    3. Double click AdwCleaner.exe on your desktop to run it
    4. Click the [​IMG] button
    5. Wait for AdwCleaner to finish the scan
    6. When the scan is finished, there will be "Pending. Please uncheck elements you don't want to remove" message. Leave everything as it is and click [​IMG] button.
    7. When the cleaning is finished, the program will ask you to reboot the system. Please do so.
    8. Once your machine has rebooted, a Notepad window will be opened. If it won't, you can find it in C:\AdwCleaner. The report will be saved as AdwCleaner[S0].txt.
    9. Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.

    Remember to enable your Antivirus program once you're done!



    Things that should appear in your next post:

    • JRT.txt log content
    • AdwCleaner[S0].txt log content
    • Are the popups still appearing?
     
  9. Zello

    Zello Thread Starter

    Joined:
    Mar 22, 2012
    Messages:
    79
    Nevan,

    Here are the logs...



    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.2 (02.02.2015:1)
    OS: Windows 7 Professional x64
    Ran by Felicia on Sat 02/07/2015 at 10:22:18.51
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\weatherbug



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\partner"
    Successfully deleted: [Folder] "C:\ProgramData\ask"
    Successfully deleted: [Empty Folder] C:\Users\Felicia\appdata\local\{33CCF1B6-DEE2-44E9-B30E-7F18CE05D0DA}
    Successfully deleted: [Empty Folder] C:\Users\Felicia\appdata\local\{5BF85700-B6FA-4C47-883A-2A26565369B6}
    Successfully deleted: [Empty Folder] C:\Users\Felicia\appdata\local\{A6582981-AAB9-4BB2-B81B-6FC0DA43FC9C}
    Successfully deleted: [Empty Folder] C:\Users\Felicia\appdata\local\{C2DBD031-67C9-472C-BE43-6B333058387C}



    ~~~ FireFox

    Successfully deleted: [File] C:\Users\Felicia\AppData\Roaming\mozilla\firefox\profiles\y4u55iyo.default\user.js
    Successfully deleted: [File] C:\Users\Felicia\AppData\Roaming\mozilla\firefox\profiles\y4u55iyo.default\searchplugins\askcom.xml
    Successfully deleted the following from C:\Users\Felicia\AppData\Roaming\mozilla\firefox\profiles\y4u55iyo.default\prefs.js

    user_pref("browser.search.hiddenOneOffs", "Binkiland,Amazon.com,Ask.com,DuckDuckGo,eBay,Twitter");
    user_pref("browser.search.order.1", "Ask.com");
    Emptied folder: C:\Users\Felicia\AppData\Roaming\mozilla\firefox\profiles\y4u55iyo.default\minidumps [480 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 02/07/2015 at 10:28:15.89
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






    # AdwCleaner v4.110 - Logfile created 07/02/2015 at 10:34:51
    # Updated 05/02/2015 by Xplode
    # Database : 2015-02-05.2 [Server]
    # Operating system : Windows 7 Professional Service Pack 1 (x64)
    # Username : Felicia - ZEFERINA-THINK
    # Running from : C:\Users\Felicia\Desktop\AdwCleaner.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
    Key Deleted : HKCU\Software\Bitberry Software
    Key Deleted : HKCU\Software\Bitberry
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\FileTypeAssistant
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKLM\SOFTWARE\Conduit
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17496


    -\\ Mozilla Firefox v35.0.1 (x86 en-US)


    -\\ Google Chrome v40.0.2214.111

    [C:\Users\Felicia\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Felicia\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [2005 bytes] - [07/02/2015 10:33:02]
    AdwCleaner[S0].txt - [1728 bytes] - [07/02/2015 10:34:51]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1787 bytes] ##########



    As for the pop up ads, they're still happening. I get Strong ads pop ups as well as a list of Strong ads at the top of my google search results page.

    Thank you for your help.
     
  10. Nevan

    Nevan

    Joined:
    Jan 26, 2015
    Messages:
    216
    Hello, Zello.

    Could you tell me if the problem occurs only with Google Chrome or with all browsers?

    Let's try something different. As always, please inform me if the popups are still appearing after performing the following instructions.

    Step #1
    Malwarebytes Anti-Malware

    1. Download Malwarebytes Anti-Malware to your Desktop
    2. Double click the file to open it. Install the program.
    3. Before you click Finish, make sure that:
      • Enable free trial of Malwarebytes Anti-Malware Premium is unchecked
      • Launch Malwarebytes Anti-Malware is checked
    4. In Database version section, click Update Now
    5. Once the update is done, click Settings>Detection and Protection
    6. Make sure that all three boxes under Detection Options are checked
      [​IMG]
    7. Go back to Dashboard and click the big, green Scan Now button.
    8. Wait for Malwarebytes Anti-Malware to finish the scan
    9. If the program will detect anything, click the [​IMG] button. The program might want to reboot the system. Allow it it wants to.
    10. Once the deletion is done (or after reboot), go to History and double click the last Scan Log.
    11. Click the [​IMG] button.
    12. Paste (CTRL+V) the log into your next reply.



    Step #2
    ESET Online Scanner

    • Note: This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox

    1. Disable your Antivirus program (click here if you don't know how to do this).
    2. Visit ESET site
    3. Click [​IMG]
    4. When using:
      • Internet Explorer:
        • Accept the Terms of Use and click Start
        • Allow the running of add-on
      • Other browsers:
        • Download esetsmartinstaller_enu.exe that you'll be given link to
        • Double click esetsmartinstaller_enu.exe
        • Allow the Terms of Use and click Start
    5. Make sure that:
      • Enable detection of potentially unwanted applications is checked
      • In Advanced Settings: Remove found threats is unchecked. Scan archives, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked
      [​IMG]
    6. Click Start
    7. The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
    8. When completed, the program will begin to scan. This may take several hours. Please, be patient.
    9. Do not do anything on your machine as it may interrupt the scan
    10. When the scan is done, click Finish
    11. A log.txt file will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
    12. Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.

    Remember to enable your Antivirus program once you're done!



    Things that should appear in your next post:

    • Malwarebytes Anti-Malware log content
    • ESET Online Scanner log content
    • Please tell me if the popups are still appearing. If they are, what browsers are affected?
     
  11. Zello

    Zello Thread Starter

    Joined:
    Mar 22, 2012
    Messages:
    79
    Nevan,

    The pop ups are still here (by Strong Ads), but only seem to affect Mozilla Firefox. I don't see them in Chrome or Internet Explorer.

    Here are the logs...

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 2/7/2015
    Scan Time: 7:07:18 PM
    Logfile:
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.02.08.01
    Rootkit Database: v2015.02.03.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Felicia

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 344340
    Time Elapsed: 28 min, 52 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 2
    PUP.Optional.StrongSignal.A, C:\Users\Felicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk, Quarantined, [8f83a377c2c8f6400be68ff659aa6997],
    PUP.Optional.StrongSignal.A, C:\Users\Felicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk\1.0.5513.30266_0, Quarantined, [8f83a377c2c8f6400be68ff659aa6997],

    Files: 7
    PUP.Optional.SoftPulse, C:\Users\Felicia\AppData\Local\Temp\X0BQfgYh.exe.part, Quarantined, [22f096842466a88e2d49e585b0509769],
    PUP.Optional.StrongSignal.A, C:\Users\Felicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk\1.0.5513.30266_0\background.js, Quarantined, [8f83a377c2c8f6400be68ff659aa6997],
    PUP.Optional.StrongSignal.A, C:\Users\Felicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk\1.0.5513.30266_0\content.js, Quarantined, [8f83a377c2c8f6400be68ff659aa6997],
    PUP.Optional.StrongSignal.A, C:\Users\Felicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk\1.0.5513.30266_0\icon.png, Quarantined, [8f83a377c2c8f6400be68ff659aa6997],
    PUP.Optional.StrongSignal.A, C:\Users\Felicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbclklbfcinjjelmpfncldpoempfmmk\1.0.5513.30266_0\manifest.json, Quarantined, [8f83a377c2c8f6400be68ff659aa6997],
    PUP.Optional.Binkiland.A, C:\Users\Felicia\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://binkiland.com/?f=1&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtAzy0C0BtDzyzzyC0C0FtDtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDtB0Fzy0E0B0CyDtGtCyDyEyBtGyDtD0CtBtG0E0ByByBtGtCyDyC0D0A0A0BtA0DzyzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0FtDzy0E0DtBtCtGyB0C0DtBtGyE0A0F0FtG0ByD0EzytGyC0CyDtBzzzyyC0FyBtB0CyE2Q&cr=249423420&ir=",), Replaced,[937f60baef9b171f5a4d49abc73ee020]
    PUP.Optional.Binkiland.A, C:\Users\Felicia\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://binkiland.com/?f=7&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtAzy0C0BtDzyzzyC0C0FtDtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDtB0Fzy0E0B0CyDtGtCyDyEyBtGyDtD0CtBtG0E0ByByBtGtCyDyC0D0A0A0BtA0DzyzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0FtDzy0E0DtBtCtGyB0C0DtBtGyE0A0F0FtG0ByD0EzytGyC0CyDtBzzzyyC0FyBtB0CyE2Q&cr=249423420&ir=", "http://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP" ],), Replaced,[de34fd1dbfcb8aac39700fe59b6ac13f]

    Physical Sectors: 0
    (No malicious items detected)


    (end)








    [email protected] as downloader log:
    all ok
    # product=EOS
    # version=8
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.7623
    # api_version=3.0.2
    # EOSSerial=c834ffffbb6e7b47b62fd1a3e98a6e90
    # engine=22359
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2015-02-08 12:03:40
    # local_time=2015-02-08 06:03:40 (-0600, Central Standard Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode_1='avast! Antivirus'
    # compatibility_mode=783 16777213 100 97 4783252 186899510 0 0
    # compatibility_mode_1=''
    # compatibility_mode=5893 16776573 100 94 0 174940470 0 0
    # scanned=157883
    # found=11
    # cleaned=0
    # scan_time=27515
    sh=CFBDCFE4395D68A5CABE198DAAF92E8E13991620 ft=1 fh=836931bc529fcb96 vn="a variant of Win32/BrowseFox.AD potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce\updater.bak"
    sh=FA399A74E1D037E836E0E386AF8FE62C1E14D0D9 ft=1 fh=c6b5d98ab23f6683 vn="Win32/FileTypeAssistant.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\File Type Assistant\ftacfg.exe"
    sh=DA54389EA063F8D7A26E3CB39AA09032E4DBD213 ft=1 fh=1513796eda21ce86 vn="a variant of Win32/FileTypeAssistant.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\File Type Assistant\TSASetup.exe"
    sh=E4B53197028C27F573FCC33643DE8BC78225A1FD ft=1 fh=80f3fc0f71a40278 vn="a variant of Win32/FileTypeAssistant.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\File Type Assistant\tsassist.exe"
    sh=328CA8A09C8AF77427C59B95083DFA4BF2A077EB ft=1 fh=2a35911cb49cb0f4 vn="a variant of Win32/BrowseFox.AD potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\plugincontainer.bak"
    sh=AEB6BBD2E5CDAA15AE20DDD0930ACE063A81E44F ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\WeatherBugSetup.res"
    sh=CD353E2AAD1CF34595C66864215E596693C93958 ft=1 fh=c0ad0c1f84a2c8e6 vn="a variant of Win32/InstallCore.WI potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Felicia\Documents\FreeFileViewerDMSetup.exe.xBAD"
    sh=2C64472CE377FB6C7E015F0844853BD896EAC2BA ft=1 fh=57a2d92182ab7f7c vn="a variant of Win32/FileTypeAssistant.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Felicia\Downloads\FreeFileViewerSetup.exe.xBAD"
    sh=1968E788F81CA6AACEA8C6F5E82BCBC85E2A7751 ft=1 fh=f141cbf262222e8c vn="a variant of Win32/SoftPulse.X potentially unwanted application" ac=I fn="C:\Users\Felicia\AppData\Local\Temp\0DQvZcRb.exe.part"
    sh=48FC850AD4755F5AA61BCEE5A51AD1D93ABC6D11 ft=1 fh=551945b511a984d1 vn="a variant of Win32/SoftPulse.X potentially unwanted application" ac=I fn="C:\Users\Felicia\AppData\Local\Temp\DPrujauZ.exe.part"
    sh=861BB8B71D9B991D1528E0ACEC1755E022384438 ft=1 fh=0eeaba6dba310044 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\Users\Felicia\Downloads\essetup.exe"
     
  12. Nevan

    Nevan

    Joined:
    Jan 26, 2015
    Messages:
    216
    Hello, Zello.

    As the infection seems to target Firefox only, we'll reset it. Please tell me if that gets rid of the problem.

    Step #1
    Resetting Firefox

    1. Click the menu button [​IMG], click help [​IMG] and select Troubleshooting Information.
    2. The Troubleshooting Information tab will open. At the right side of it, select Refresh Firefox. Click it once more when a small window appears.
    3. Firefox will close itself and will revert to its default settings. When its done, a window will list the information that was imported. Click Finish.



    Step #2
    FRST Scan

    1. Right click FRST64.exe and click Run as administrator. When the tool opens click Yes to disclaimer.
    2. Make sure that Addition.txt is checked and press the Scan button.
    3. It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
    4. Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.



    Step #3
    ZOEK scan

    1. Disable your Antivirus and antimalware programs (click here if you don't know how to do this)
    2. Download zoek.exe from here.
    3. Doubleclick zoek.exe to start the program.
    4. Copy and paste the following script in the code box:
      Code:
      standardsearch;
      NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    5. Close any open browsers.
    6. Click the "Run script" button and wait patiently.
    7. When finished the logfile will be opened in notepad. If a reboot is needed the logfile will be opened after reboot.
    8. The zoek-results.log can also be found on your systemdrive (C:\ by default). Please post the logfile in your next comment.



    Things that should appear in your next post:

    • Please tell me if resetting Firefox has got rid of the problem
    • FRST.txt log content
    • Addition.txt log content
    • Zoek-results log content
     
  13. Zello

    Zello Thread Starter

    Joined:
    Mar 22, 2012
    Messages:
    79
    Nevan,

    Will do, but does this mean that I need to export my bookmarks (I don't want to lose them)?
     
  14. Nevan

    Nevan

    Joined:
    Jan 26, 2015
    Messages:
    216
    According to Mozilla:
    So that means that they will stay as they are.
    Which doesn't mean that you can't copy them just in case they get deleted :)
     
  15. Zello

    Zello Thread Starter

    Joined:
    Mar 22, 2012
    Messages:
    79
    Nevan,

    Thanks. Will make a copy just in case and proceed with the steps outlined above!
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1142573

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice