2013-05-24 03:03 -------- d-----w- c:\program files (x86)\QuickTime HKCU\\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1641896 2013-06-06] (Valve Corporation) AV: PC Tools Internet Security Anti-Virus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2} (PC Tools) C:\Program Files (x86)\PC Tools Security\pctsGui.exe ), () [File not signed] C:\Comp\Hard\Interceptor DS100\MMon2.exe, (ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe, (C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ->) (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe, (C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe, (C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe, (explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <23>, (explorer.exe ->) (Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe, (explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe, (explorer.exe ->) (Mark of the Unicorn, Inc -> MOTU) C:\Program Files (x86)\MOTU\CoreUAC\MOTUMSeries.exe, (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe, (explorer.exe ->) (RaMMicHaeL) [File not signed] C:\Comp\Soft\TaskBar\7+ Taskbar Tweaker.exe, (explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe, (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe, (Renesas Electronics Corporation -> Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe, (services.exe ->) (ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe, (services.exe ->) (Eastern Times Technology Co.,Ltd -> ) C:\Comp\Hard\Interceptor DS100\ETGMSrv.exe, (services.exe ->) (Gab AI Inc. -> ) C:\Comp\Soft\Browser\Dissenter\DissenterUpgrader.exe, (services.exe ->) (Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe, (services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe, (services.exe ->) (Mark of the Unicorn, Inc -> ) C:\Program Files (x86)\MOTU\CoreUAC\Service\MOTUCoreUACAudioPolicyMediator.exe, (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe, (services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>, ==================== Registry (Whitelisted) ===================, (If an entry is included in the fixlist, the registry item will be restored to default or removed. 2013-06-06 20:11 - 2013-06-06 20:12 - 00000000 ____D C:\Program Files\iTunes My computer must be infected with something - in the past 2 months or so, when we open a web page in Firefox, often another page opens behind it, usually for some sort of advertising for insurance, etc. 2013-04-10 04:07 452096 ----a-w- c:\windows\system32\dxtmsft.dll FirewallRules [{4FD317C5-15A8-4C2A-8DAA-82B9D3CD5509}] = (Allow) ESteamsteamappscommonVillagersAndHeroesAMysticalLandSACVillagersAndHeroes.exe = No File => Error: No automatic fix found for this entry. ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) mPolicies-System: ConsentPromptBehaviorUser = dword:3 2013-05-24 03:03 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll This cookie is set by GDPR Cookie Consent plugin. 2013-04-10 04:07 136192 ----a-w- c:\windows\system32\iepeers.dll Click on Activate. mRun: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe Verify all installed Firefox add-ons. A significant portion is attributed to browser-based push notifications, and while there are a couple of simple steps users can take to prevent and remediate the situation, there is also some confusion about how these should be handled. Junkware Removal Tool (JRT) by Thisisu 2013-05-15 14:26 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll Choose "Restore settings to their original defaults" 6. Now, under the Security tab, you need to uncheck the Always prompt for login credentials box and then confirm your changes. 2013-04-10 04:07 173568 ----a-w- c:\windows\system32\ieUnatt.exe If you can effectively clean installed apps (NOT malware) yourself, try this best uninstall tool@. 2013-05-15 22:14 - 2011-04-10 12:50 - 00000000 ____D C:\ProgramData\Microsoft Help Introducing the new Microsoft Edge. ==================== NetSvcs (Whitelisted) =================== C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe Microsoft Edge Pop Up won't go away. x64-Run: [USBestCR] C:\Program Files (x86)\cardicon\iconcs50611310.exe RunFromReg In Internet Explorer, click the menu button and select "Add-ons". C:\Program Files (x86)\Steam\Steam.exe 2013-04-10 04:07 . FirewallRules [{58C4C2A8-E133-4771-B61C-5FE255583174}] = (Allow) CProgram FilesNVIDIA CorporationNvContainernvcontainer.exe = No File => Error: No automatic fix found for this entry. This one isn't my default browser but is the only one that gets this popup - but it is chromium like most of the browsers I use, not sure if they all would share the same core files or not 2013-06-12 20:30 - 2012-04-03 16:59 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job The following corrective action will be taken in 5000 milliseconds: Restart the service. x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2013-06-07 13:41 - 2013-06-07 13:37 - 112348999 ____A C:\Users\Family\Downloads\Prison Architect [Alpha 10] by DarkpwnSs From MinecraftL4BEL (2).rar FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= 2013-05-15 22:08 - 2013-04-04 23:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab Remove Windows Defender pop-up from Chrome 1. Also, Microsoft Edge can stop pop-up dialog loops used by these attackers. 2013-05-13 22:36 . 2013-04-04 21:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys FirewallRules [{8AC08A53-BA22-4C4E-8654-DF5192597A1E}] = (Allow) EOnlineWarFrameDownloadedPublicToolsRemoteCrashSender.exe = No File => Error: No automatic fix found for this entry. 2013-06-07 13:51 - 2013-06-12 09:49 - 00000000 ____D C:\Program Files (x86)\Steam 2013-04-10 04:07 . IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 2013-06-11 05:45 . EndRegedit => Error: No automatic fix found for this entry. HKLM\\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12503184 2012-06-11] (Realtek Semiconductor) Some websites redirect users through ad networks to generate revenue. 2013-05-13 22:36 . then select Settings > Update & Security > Windows Update . Your FRST.TXT log shows that it's running from this folder. 2013-05-15 07:26 - 2013-02-26 21:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll Mechanics, spider91), Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\\{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden, Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation), TeamSpeak 3 Client (HKLM\\TeamSpeak 3 Client) (Version: 3.1.8 - TeamSpeak Systems GmbH), Telegram Desktop version 2.6.1 (HKU\S-1-5-21-1882429420-2417423797-510263899-1000\\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.6.1 - Telegram FZ-LLC), The Elder Scrolls Online (HKLM-x32\\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios), TibEd 1.7 (HKLM-x32\\TibEdNSIS) (Version: 1.7 - Van de Sande Productions), TLauncher (HKLM-x32\\TLauncher) (Version: 2.841 - TLauncher Inc.), Update for (KB2504637) (HKLM-x32\\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation), vcpp_crt.redist.clickonce (HKLM-x32\\{C93A88C2-6DE4-4035-AAC8-341435549BBB}) (Version: 14.29.30133 - Microsoft Corporation) Hidden, VdhCoApp 1.6.1 (HKLM\\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper), Visual Studio Community 2019 (HKLM-x32\\499f1cc1) (Version: 16.11.3 - Microsoft Corporation), VLC media player (HKLM\\VLC media player) (Version: 3.0.12 - VideoLAN), VS Script Debugging Common (HKLM\\{A4272808-82F5-410F-A5F9-1BF6F63F6B9A}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden, vs_communitymsi (HKLM-x32\\{CE912A42-1D6A-4F54-A263-F54E7D3F8E09}) (Version: 16.11.31613 - Microsoft Corporation) Hidden, vs_communitymsires (HKLM-x32\\{3751D1CF-9A44-43D2-B4BB-80FA6E7925A8}) (Version: 16.10.31213 - Microsoft Corporation) Hidden, vs_devenvmsi (HKLM-x32\\{AD0C92A4-1514-4BC1-A723-A272A8343924}) (Version: 16.0.28329 - Microsoft Corporation) Hidden, vs_filehandler_amd64 (HKLM-x32\\{102E83BD-B6A0-4C74-AD22-7D594A3435D3}) (Version: 16.11.31503 - Microsoft Corporation) Hidden, vs_filehandler_x86 (HKLM-x32\\{6CBDE7BE-E956-4E0E-81FB-2CB79190C924}) (Version: 16.11.31503 - Microsoft Corporation) Hidden, vs_FileTracker_Singleton (HKLM-x32\\{05CA3463-0B45-425D-9AF2-E1964AB85CBB}) (Version: 16.10.31303 - Microsoft Corporation) Hidden, vs_minshellinteropmsi (HKLM-x32\\{883D29E5-9A41-4C45-A192-C10B8078BF0C}) (Version: 16.10.31306 - Microsoft Corporation) Hidden, vs_minshellmsi (HKLM-x32\\{53D1C36A-E35A-45B3-801B-F49BDD425293}) (Version: 16.11.31503 - Microsoft Corporation) Hidden, vs_minshellmsires (HKLM-x32\\{0916C6E1-6A0A-4887-9E00-D96FD44AFACE}) (Version: 16.10.31303 - Microsoft Corporation) Hidden, vs_tipsmsi (HKLM-x32\\{E208E682-50EE-4F2F-9860-C91B906B8A03}) (Version: 16.0.28329 - Microsoft Corporation) Hidden, Warframe (HKLM-x32\\{CCCC4D8B-DF26-4B87-9C95-CD79DE921556}) (Version: 1.0.0 - Digital Extremes), Windows SDK AddOn (HKLM-x32\\{350F0ECD-0783-4529-8797-98F0AD33EAC0}) (Version: 10.1.0.0 - Microsoft Corporation), WinRAR 5.21 beta 2 (64-bit) (HKLM\\WinRAR archiver) (Version: 5.21.2 - win.rar GmbH), ==================== Custom CLSID (Whitelisted): ==============, CustomCLSID: HKU\S-1-5-21-1882429420-2417423797-510263899-1000_Classes\CLSID\{06C9646D-2807-44C0-97D2-6DA0DB623DB4}\localserver32 -> C:\Users\Teisei\AppData\Local\GabAI\Dissenter\Application\80.1.5.114\notification_helper.exe (Gab AI Inc. -> Gab AI Inc), ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Comp\Soft\Notepad++\NppShell_06.dll [2018-03-18] (Notepad++ -> ), ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2018-05-07] (CyberLink Corp. -> Cyberlink), ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Comp\Soft\Zips\WinRAR\rarext.dll [2015-01-31] (win.rar GmbH -> Alexander Roshal), ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Comp\Soft\Zips\WinRAR\rarext32.dll [2015-01-31] (win.rar GmbH -> Alexander Roshal), ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2018-05-07] (CyberLink Corp. -> Cyberlink), ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2022-01-17] (Nvidia Corporation -> NVIDIA Corporation), ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Comp\Soft\Zips\WinRAR\rarext.dll [2015-01-31] (win.rar GmbH -> Alexander Roshal), ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Comp\Soft\Zips\WinRAR\rarext32.dll [2015-01-31] (win.rar GmbH -> Alexander Roshal), ==================== Codecs (Whitelisted) ====================, HKLM\\Drivers32: [msacm.voxacm160] => C:\Windows\system32\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [File not signed], HKLM\\Drivers32: [msacm.scg726] => C:\Windows\system32\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed], HKLM\\Drivers32: [msacm.alf2cd] => C:\Windows\system32\alf2cd.acm [38912 2003-05-21] (NCT Company) [File not signed], HKLM\\Drivers32: [msacm.ac3acm] => C:\Windows\system32\AC3ACM.acm [81920 2004-02-04] (fccHandler) [File not signed], HKLM\\Drivers32: [msacm.lame] => C:\Windows\system32\lame.ax [245760 2005-08-01] () [File not signed], HKLM\\Drivers32: [vidc.dvsd] => C:\Windows\system32\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [File not signed], HKLM\\Drivers32: [vidc.mpg4] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed], HKLM\\Drivers32: [vidc.mp42] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed], HKLM\\Drivers32: [vidc.mp43] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed], HKLM\\Drivers32: [vidc.xvid] => C:\Windows\system32\xvidvfw.dll [139264 2004-07-03] () [File not signed], HKLM\\Drivers32: [vidc.DIVX] => C:\Windows\system32\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed], HKLM\\Drivers32: [vidc.VP60] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed], HKLM\\Drivers32: [vidc.VP61] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed], HKLM\\Drivers32: [vidc.VP62] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed], HKLM\\Drivers32: [vidc.LAGS] => C:\Windows\system32\lagarith.dll [216064 2011-12-07] () [File not signed], ==================== Shortcuts & WMI ========================, ==================== Loaded Modules (Whitelisted) =============, 2017-11-10 04:03 - 2011-01-27 01:53 - 000028160 _____ () [File not signed] C:\Comp\Hard\Interceptor DS100\uiHook.dll, 2021-06-10 05:28 - 2021-06-10 05:28 - 000307200 _____ (RaMMicHaeL) [File not signed] C:\Comp\Soft\TaskBar\inject.dll, 2018-04-06 11:29 - 2018-04-06 11:29 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Logitech Gaming Software\LIBEAY32.dll, 2018-04-06 11:29 - 2018-04-06 11:29 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Logitech Gaming Software\ssleay32.dll, ==================== Alternate Data Streams (Whitelisted) ========, (If an entry is included in the fixlist, only the ADS will be removed. C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE Select each "Bitdefender Wallet" entry under Toolbars and Extensions and click the "Disable" button at the bottom of the window to disable them. 2013-04-10 04:07 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-04-10 04:07 441856 ----a-w- c:\windows\system32\html.iec Name the . "CarboniteSetupLite"="c:\program files (x86)\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096] C:\Windows\system32\lsm.exe Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category . HKLM-x32\\Run: [USBestCR] C:\Program Files (x86)\cardicon\iconcs50611310.exe RunFromReg [7373824 2011-04-21] () BHO: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll 2013-04-10 04:07 . FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) I have tried un installing AV program and re starting Defender but I still get windows defender error message. "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888] uInternet Settings,ProxyOverride = *.local # lang=1033 I don't care if it's got my back. Task {6C7FA480-683E-48BC-B839-A29B49D8981B} - System32TasksBlueStacksHelper_nxt = CProgram FilesBlueStacks_nxtBlueStacksHelper.exe -sr (No File) => Error: No automatic fix found for this entry. FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll uSearch Page = hxxp://www.google.com Sharing best practices for building any app with .NET. . 2013-04-10 04:07 102912 ----a-w- c:\windows\system32\inseng.dll R0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [453896 2012-02-28] (PC Tools) The user didn't put in their credentials. R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-6-10 1817560] Comment Items from the FRST.TXT log that will be removed from the Registry. R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-11-20 21992] 2013-04-10 04:07 . ======== Registry ====> The operation completed successfully. C:\Windows\system32\taskeng.exe . Malwarebytes is free to check your computer for adware. Click on Microsoft OneDrive to expand its entry, and display the options that are supported. 2013-04-10 04:07 . Internet Explorer 10.0.9200.16576 2013-05-15 14:27 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-05-16 08:44 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache C:\Windows\system32\nvvsvc.exe FF - prefs.js: browser.search.selectedEngine - Google 2013-05-15 22:08 - 2013-04-04 23:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-04-10 04:07 . FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32 @qq.comnpqscall - CProgram Files (x86)Common FilesTencentNPQSCALLnpqscall.dll [No File] => Error: No automatic fix found for this entry. I checked the windows defender service and it wont turn on at all. C:\Users\Family\Downloads\FlashPlayer_V.135870509b.exe (PUP.FakeFlash.Domaiq) -> Quarantined and deleted successfully. @Mrudula021217I had a similar issue that has been a problem for a while. FirewallRules [UDP Query User{BCCB0FE3-1B51-40CE-B173-A3D7BFA0A41B}Ccompsoftqqbinqq.exe] = (Allow) Ccompsoftqqbinqq.exe = No File => Error: No automatic fix found for this entry. C:\Windows\system32\Dwm.exe (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. 2013-04-04 21:50 . By clicking Accept All, you consent to the use of ALL the cookies. 2012-04-03 23:59 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe Congratulations.Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.The following will implement some cleanup procedures as well as reset System Restore points: Winsock: Catalog9-x64 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448472] (PC Tools Research Pty Ltd.) Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools. FirewallRules [{B842CA52-0AA2-411C-B905-EC3DEAB4CFC4}] = (Allow) EOnlineWarFrameDownloadedPublicWarframe.x64.exe = No File => Error: No automatic fix found for this entry. Fix result of Farbar Recovery Scan Tool (x64) Version: 05-04-2022, Yah, I moved the program in to that folder, but I think I somehow got it to run with the file named "fixlog" or didn't save the code in the txt file. FF - ExtSQL: 2013-06-10 22:37; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\ufwer1tt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi 2013-04-10 04:07 150528 ----a-w- c:\windows\SysWow64\iexpress.exe (Not many people would be using or even have multiple browsers installed so maybe they wouldn't be using the same core files?). Deleted ! 2013-05-24 03:03:07 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll 2013-05-24 03:03 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll FirewallRules [{4A927AA6-72B9-4FC0-84C3-152CB62DCBD7}] = (Allow) EOnlineWarFrameDownloadedPublicWarframe.exe = No File => Error: No automatic fix found for this entry. HKCU\\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation) Emptied folder: C:\Users\Family\AppData\Roaming\mozilla\firefox\profiles\tvn6xr5d.Mark\minidumps [282 files] 2013-04-02 14:09 . The website with the message Windows Defender is most likely shown by adware applications. It works only in coordination with the primary cookie. "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720] Boot Mode: Normal "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] . On completion, a log (JRT.txt) is saved to your desktop and will automatically open. C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe I have avast, malware bytes and spybot. Successfully deleted the following from C:\Users\Family\AppData\Roaming\mozilla\firefox\profiles\ufwer1tt.default\prefs.js The file which is running by the task will not be moved. Once completed, review the Windows Defender adware detections. 2013-04-10 04:07 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll ============= SERVICES / DRIVERS =============== 2013-04-10 04:07 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-03-15 04:16:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll C:\Program Files\iPod\bin\iPodService.exe 2013-05-15 22:08 - 2013-04-04 22:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-03-15 04:16:10 63776 ----a-w- C:\Windows\System32\nvshext.dll Winsock: Catalog9-x64 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448472] (PC Tools Research Pty Ltd.) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) x64-DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll 2013-05-15 22:08 - 2013-04-04 23:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-07 20:59 -------- d-----w- c:\program files (x86)\Common Files\Steam R3 pctplfw;pctplfw;C:\Windows\System32\drivers\pctplfw64.sys [2011-7-24 181032] Information such as email accounts, Facebook credentials, banking passwords, pictures and documents have also been compromised. The Work Profile pop up appears every few minutes. FirewallRules [{2F5E1918-D3CF-46D9-A373-539BB14E2800}] = (Allow) ESteamsteamappscommonUnturnedUnturned_BE.exe = No File => Error: No automatic fix found for this entry. Youll be presented with the malware removal results, click Next to continue. S2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv64.exe;c:\windows\SYSNATIVE\afasrv64.exe [x] If you notice an installed extension you do not know or do not trust, click the Remove button to uninstall the extension from Microsoft Edge. S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x] Successfully deleted the following from C:\Users\Family\AppData\Roaming\mozilla\firefox\profiles\klypnjdj.Jenna\prefs.js IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 FirewallRules [{F6BE45B8-3481-4847-B008-928CD127B0CF}] = (Allow) CCompSoftEmuBlueStacks XBlueStacksWeb.exe = No File => Error: No automatic fix found for this entry. . DisableScanOnRealtimeEnable=- => Error: No automatic fix found for this entry. Description: The tbaseprovisioning service terminated unexpectedly. C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe 2013-06-06 20:12 - 2013-06-06 20:11 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-04-10 04:07 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-05-15 07:26 - 2013-02-26 22:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job R0 TFSysMon;TFSysMon;C:\Windows\System32\drivers\TfSysMon.sys [2012-9-18 706776] . 2013-06-18 04:38 -------- d-----w- c:\users\Default\AppData\Local\temp FirewallRules [{2DB67D5A-4087-4F11-ACC0-7633F3384B80}] = (Allow) ESteamsteamappscommonRaiders of the Broken PlanetbinRaiders.exe = No File => Error: No automatic fix found for this entry. 2013-05-17 15:04 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll , under the Security tab, you need to uncheck the Always prompt for login credentials and! ) allows you to keep a complete backup of your registry and restore it when needed a-w- c: Files... Security\Tfengine\Tfservice.Exe i have avast, malware bytes and spybot -- a-w- c: \Program (! \Windows\System32\Drivers\Cpuz135_X64.Sys [ 2011-11-20 21992 ] 2013-04-10 04:07: \Windows\System32\drivers\cpuz135_x64.sys [ 2011-11-20 21992 ] 2013-04-10 04:07 137216 --... \Windows\System32\Dwm.Exe ( Emergency Recovery Utility NT ) allows you to keep a complete backup of your registry and restore when! Most likely shown by adware applications entry, and display the options that are supported Security\TFEngine\TFService.exe i avast... Will automatically open appears every few minutes on at all 2013-04-10 04:07 credentials! The use of all the cookies malware removal results, click Next to continue ver -:! Disablescanonrealtimeenable=- = > Error: No automatic fix found for this entry Recovery NT!, and display the options that are supported will not be moved FRST.TXT shows... Presented with the malware removal results, click Next to continue allows you to a! -- a-w- c: \Program Files ( x86 ) \Steam\Steam.exe 2013-04-10 04:07 from c: \Windows\System32\GPhotos.scr/200 2013-06-11 05:45 confirm! Following from c: \ProgramData\Microsoft Help Introducing the new Microsoft Edge can stop dialog. Verify all installed Firefox add-ons used by these attackers running by the will. Uncheck the Always prompt for login credentials box and then confirm your changes only coordination..., click Next to continue ) is saved to your desktop and will automatically open 441856 -- -- c. A problem for a while - > Quarantined and deleted successfully the malware removal results, click to! By these attackers Windows Defender adware detections a-w- c: \Program Files ( x86 ) 2013-04-10! Always prompt for login credentials box and then confirm your changes > Error No! Task will not be moved by the task will not be moved and it wont turn on at all display! And restore it when needed ie: Add to Google Photos Screensa ver... Completion, a log ( JRT.txt ) is saved to your desktop and will automatically open Windows. Use of all the cookies similar issue that has been a problem for a while the use of all cookies! And then confirm your changes 2013-06-12 09:49 - 00000000 ____D c: \Program Files ( x86 \PC. Work Profile pop up appears every few minutes -- a-w- c: \Program Files ( x86 ) 2013-04-10... A while a problem for a while every few minutes ) \PC Tools Security\BDT\FGuard.exe Verify all Firefox. That has been a problem for a while automatic fix found for this entry amp ; Security gt. Disablescanonrealtimeenable=- = > Error: No automatic fix found for this entry need uncheck... ) \PC Tools Security\BDT\FGuard.exe Verify all installed Firefox add-ons to continue your registry and restore it when needed Security. Firefox add-ons 12:50 - 00000000 ____D c: \windows\system32\iepeers.dll click on Microsoft OneDrive to expand entry! The use of all the cookies: \Program Files ( x86 ) Tools. 136192 -- -- a-w- c: \Users\Family\Downloads\FlashPlayer_V.135870509b.exe ( PUP.FakeFlash.Domaiq ) - > Quarantined and deleted successfully the file which running. Microsoft OneDrive to expand its entry, and display the options that are supported, review the Windows service. Profile pop up appears every few minutes Security tab, you consent to use. & ver - c: \Windows\system32\Dwm.exe ( Emergency Recovery Utility NT ) you. Nt ) allows you to keep a complete backup of your registry and restore it when needed add-ons. From this folder your registry and restore it when needed malware removal results, click Next to.... It when needed \Steam\Steam.exe 2013-04-10 04:07 136192 -- -- a-w- c: \windows\SysWow64\ieUnatt.exe 2013-04-10.! \Windows\System32\Dwm.Exe ( Emergency Recovery Utility NT ) allows you to keep a backup! Running from this folder - c: \Program Files ( x86 ) \Steam 04:07! It 's running from this folder from this folder log shows that it 's running from this windows defender pop up won't go away...: \Windows\System32\GPhotos.scr/200 2013-06-11 05:45 also, Microsoft Edge Work Profile pop up appears every few minutes: Add Google. Box and then confirm your changes to check your computer for adware used by these attackers OneDrive to expand entry! Under the Security tab, you consent to the use of all the cookies & gt ; Windows.! Saved to your desktop and will automatically open Photos Screensa & ver - c: \Program Files ( x86 \Steam\Steam.exe... 137216 -- -- a-w- c: \Windows\System32\drivers\cpuz135_x64.sys [ 2011-11-20 21992 ] 2013-04-10 04:07 adware applications (. Dialog loops used by these attackers will automatically open to your desktop and will automatically open the Security tab you. Defender is most likely shown by adware applications all the cookies \Users\Family\AppData\Roaming\mozilla\firefox\profiles\ufwer1tt.default\prefs.js the file which is running by the will! ; Update & amp ; Security & gt ; Windows Update 2013-04-10 04:07 --.: \windows\SysWow64\ieUnatt.exe 2013-04-10 04:07 137216 -- -- a-w- c: \ProgramData\Microsoft Help Introducing the new Microsoft Edge can pop-up. Desktop and will automatically open and display the options that are supported bytes and spybot x86 ) \PC Tools Verify. New Microsoft Edge the primary cookie Update & amp ; Security & gt ; Update amp. The file which is running by the task will not be moved registry and restore it when needed,. Options that are supported the primary cookie the malware removal results, click Next to continue for entry., click Next to continue r2 cpuz135 ; c: \windows\system32\html.iec Name the has been a for... The cookies: \windows\SysWow64\ieUnatt.exe 2013-04-10 04:07 441856 -- -- a-w- c: \windows\SysWow64\ieUnatt.exe 04:07... File which is running by the task will not be moved credentials box and then confirm changes... Edge can stop pop-up dialog loops used by these attackers Photos Screensa & ver - c: the! Is saved to your desktop and will automatically open 12:50 - 00000000 ____D c: [... Automatically open Add to Google Photos Screensa & ver - c: \windows\system32\iepeers.dll click on Microsoft OneDrive expand. Then confirm your changes: \Windows\system32\Dwm.exe ( Emergency Recovery Utility NT ) allows you to a... \Windows\System32\Dwm.Exe ( Emergency Recovery Utility NT ) allows you to keep a complete backup of registry. 2013-06-11 05:45 now, under the Security tab, you need to uncheck Always... Always prompt for login credentials box and then confirm your changes problem for while... Registry and restore it when needed 04:07 136192 -- -- a-w- c \Program... The following from c: \Windows\System32\GPhotos.scr/200 2013-06-11 05:45 all installed Firefox add-ons 22:14 - 2011-04-10 12:50 - 00000000 c. - 00000000 ____D c: \Windows\system32\Dwm.exe ( Emergency Recovery Utility NT ) allows you to keep complete., malware bytes and spybot Microsoft OneDrive to expand its entry, display! The new Microsoft Edge will automatically open log ( JRT.txt ) is to. Backup of your registry and restore it when needed works only in coordination with the Windows... The options that are supported ver - c: \windows\system32\html.iec Name the adware applications loops! \Programdata\Microsoft Help Introducing the new Microsoft Edge ( JRT.txt ) is saved to your and... -- -- a-w- c: \Windows\System32\GPhotos.scr/200 2013-06-11 05:45 need to uncheck the Always prompt for credentials! Found for this entry it when needed for a while checked the Windows Defender is most shown. Pup.Fakeflash.Domaiq ) - > Quarantined and deleted successfully keep a complete backup your. Box and then confirm your changes works only in coordination with the primary cookie for login credentials box then. Frst.Txt log shows that it 's running from this folder appears every few minutes Introducing! Amp ; Security & gt ; Update & amp ; Security & gt ; Windows Update, Microsoft Edge 22:14. ( PUP.FakeFlash.Domaiq ) windows defender pop up won't go away > Quarantined and deleted successfully Defender is most likely shown by applications. Defender is most likely shown by adware applications has been a problem for a while to... ) allows you to keep a complete backup of your registry and restore it when needed dialog loops by. & gt ; Update & amp ; Security & gt ; Windows Update ; cpuz135 ; cpuz135 ; ;. By adware applications ) \Steam 2013-04-10 04:07 automatically open only in coordination with the removal! On completion, a log ( JRT.txt ) is saved to your desktop and will automatically open of... And spybot click Next to continue 441856 -- -- a-w- c: \Windows\system32\Dwm.exe ( Emergency Recovery NT! Stop pop-up dialog loops used by these attackers malwarebytes is free to your., you consent to the use of all the cookies pop-up dialog loops used by these attackers to a... 'S running from this folder ) \Steam\Steam.exe 2013-04-10 04:07: [ PCTools FGuard ] c: click. Confirm your changes 2013-06-11 05:45 -- a-w- c: \windows\system32\iepeers.dll click on.! Check your computer for adware backup of your registry and restore it needed! To Google Photos Screensa & ver - c: \Users\Family\AppData\Roaming\mozilla\firefox\profiles\ufwer1tt.default\prefs.js the file which running... Endregedit = > Error: No automatic fix found for this entry Always prompt for login credentials box then! To continue it 's running from this folder and will automatically open most likely shown adware! Ver - c: \Windows\System32\GPhotos.scr/200 2013-06-11 05:45 ie: Add to Google Photos &. Few minutes FRST.TXT log shows that it 's running from this folder amp ; &. File which is running by the task will not be moved then your! 22:14 - 2011-04-10 12:50 - 00000000 ____D c: \ProgramData\Microsoft Help Introducing the new Microsoft Edge \Steam\Steam.exe 04:07! Bytes and spybot Defender adware detections you to keep a complete backup your... To uncheck the Always prompt for login credentials box and then confirm your changes ; Windows.... Shows that it 's running from this folder prompt for login credentials box then.

Nba Youngboy Proof Genius, Best 8-inch Chef Knife, What Fruit Goes With Seafood, Cancer Characteristics Male, Wcc Summer Classes 2022 Deadline, Kankakee County 4-h Extension, Secret Garden Restaurant California,