2013-05-24 03:03 -------- d-----w- c:\program files (x86)\QuickTime HKCU\\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1641896 2013-06-06] (Valve Corporation) AV: PC Tools Internet Security Anti-Virus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2} (PC Tools) C:\Program Files (x86)\PC Tools Security\pctsGui.exe ), () [File not signed] C:\Comp\Hard\Interceptor DS100\MMon2.exe, (ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe, (C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ->) (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe, (C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe, (C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe, (explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <23>, (explorer.exe ->) (Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe, (explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe, (explorer.exe ->) (Mark of the Unicorn, Inc -> MOTU) C:\Program Files (x86)\MOTU\CoreUAC\MOTUMSeries.exe, (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe, (explorer.exe ->) (RaMMicHaeL) [File not signed] C:\Comp\Soft\TaskBar\7+ Taskbar Tweaker.exe, (explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe, (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe, (Renesas Electronics Corporation -> Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe, (services.exe ->) (ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe, (services.exe ->) (Eastern Times Technology Co.,Ltd -> ) C:\Comp\Hard\Interceptor DS100\ETGMSrv.exe, (services.exe ->) (Gab AI Inc. -> ) C:\Comp\Soft\Browser\Dissenter\DissenterUpgrader.exe, (services.exe ->) (Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe, (services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe, (services.exe ->) (Mark of the Unicorn, Inc -> ) C:\Program Files (x86)\MOTU\CoreUAC\Service\MOTUCoreUACAudioPolicyMediator.exe, (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe, (services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>, ==================== Registry (Whitelisted) ===================, (If an entry is included in the fixlist, the registry item will be restored to default or removed. 2013-06-06 20:11 - 2013-06-06 20:12 - 00000000 ____D C:\Program Files\iTunes My computer must be infected with something - in the past 2 months or so, when we open a web page in Firefox, often another page opens behind it, usually for some sort of advertising for insurance, etc. 2013-04-10 04:07 452096 ----a-w- c:\windows\system32\dxtmsft.dll FirewallRules [{4FD317C5-15A8-4C2A-8DAA-82B9D3CD5509}] = (Allow) ESteamsteamappscommonVillagersAndHeroesAMysticalLandSACVillagersAndHeroes.exe = No File => Error: No automatic fix found for this entry. ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) mPolicies-System: ConsentPromptBehaviorUser = dword:3 2013-05-24 03:03 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll This cookie is set by GDPR Cookie Consent plugin. 2013-04-10 04:07 136192 ----a-w- c:\windows\system32\iepeers.dll Click on Activate. mRun: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe Verify all installed Firefox add-ons. A significant portion is attributed to browser-based push notifications, and while there are a couple of simple steps users can take to prevent and remediate the situation, there is also some confusion about how these should be handled. Junkware Removal Tool (JRT) by Thisisu 2013-05-15 14:26 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll Choose "Restore settings to their original defaults" 6. Now, under the Security tab, you need to uncheck the Always prompt for login credentials box and then confirm your changes. 2013-04-10 04:07 173568 ----a-w- c:\windows\system32\ieUnatt.exe If you can effectively clean installed apps (NOT malware) yourself, try this best uninstall tool@. 2013-05-15 22:14 - 2011-04-10 12:50 - 00000000 ____D C:\ProgramData\Microsoft Help Introducing the new Microsoft Edge. ==================== NetSvcs (Whitelisted) =================== C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe Microsoft Edge Pop Up won't go away. x64-Run: [USBestCR] C:\Program Files (x86)\cardicon\iconcs50611310.exe RunFromReg In Internet Explorer, click the menu button and select "Add-ons". C:\Program Files (x86)\Steam\Steam.exe 2013-04-10 04:07 . FirewallRules [{58C4C2A8-E133-4771-B61C-5FE255583174}] = (Allow) CProgram FilesNVIDIA CorporationNvContainernvcontainer.exe = No File => Error: No automatic fix found for this entry. This one isn't my default browser but is the only one that gets this popup - but it is chromium like most of the browsers I use, not sure if they all would share the same core files or not 2013-06-12 20:30 - 2012-04-03 16:59 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job The following corrective action will be taken in 5000 milliseconds: Restart the service. x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2013-06-07 13:41 - 2013-06-07 13:37 - 112348999 ____A C:\Users\Family\Downloads\Prison Architect [Alpha 10] by DarkpwnSs From MinecraftL4BEL (2).rar FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= 2013-05-15 22:08 - 2013-04-04 23:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab Remove Windows Defender pop-up from Chrome 1. Also, Microsoft Edge can stop pop-up dialog loops used by these attackers. 2013-05-13 22:36 . 2013-04-04 21:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys FirewallRules [{8AC08A53-BA22-4C4E-8654-DF5192597A1E}] = (Allow) EOnlineWarFrameDownloadedPublicToolsRemoteCrashSender.exe = No File => Error: No automatic fix found for this entry. 2013-06-07 13:51 - 2013-06-12 09:49 - 00000000 ____D C:\Program Files (x86)\Steam 2013-04-10 04:07 . IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 2013-06-11 05:45 . EndRegedit => Error: No automatic fix found for this entry. HKLM\\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12503184 2012-06-11] (Realtek Semiconductor) Some websites redirect users through ad networks to generate revenue. 2013-05-13 22:36 . then select Settings > Update & Security > Windows Update . Your FRST.TXT log shows that it's running from this folder. 2013-05-15 07:26 - 2013-02-26 21:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll Mechanics, spider91), Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\\{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden, Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation), TeamSpeak 3 Client (HKLM\\TeamSpeak 3 Client) (Version: 3.1.8 - TeamSpeak Systems GmbH), Telegram Desktop version 2.6.1 (HKU\S-1-5-21-1882429420-2417423797-510263899-1000\\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.6.1 - Telegram FZ-LLC), The Elder Scrolls Online (HKLM-x32\\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios), TibEd 1.7 (HKLM-x32\\TibEdNSIS) (Version: 1.7 - Van de Sande Productions), TLauncher (HKLM-x32\\TLauncher) (Version: 2.841 - TLauncher Inc.), Update for (KB2504637) (HKLM-x32\\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation), vcpp_crt.redist.clickonce (HKLM-x32\\{C93A88C2-6DE4-4035-AAC8-341435549BBB}) (Version: 14.29.30133 - Microsoft Corporation) Hidden, VdhCoApp 1.6.1 (HKLM\\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper), Visual Studio Community 2019 (HKLM-x32\\499f1cc1) (Version: 16.11.3 - Microsoft Corporation), VLC media player (HKLM\\VLC media player) (Version: 3.0.12 - VideoLAN), VS Script Debugging Common (HKLM\\{A4272808-82F5-410F-A5F9-1BF6F63F6B9A}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden, vs_communitymsi (HKLM-x32\\{CE912A42-1D6A-4F54-A263-F54E7D3F8E09}) (Version: 16.11.31613 - Microsoft Corporation) Hidden, vs_communitymsires (HKLM-x32\\{3751D1CF-9A44-43D2-B4BB-80FA6E7925A8}) (Version: 16.10.31213 - Microsoft Corporation) Hidden, vs_devenvmsi (HKLM-x32\\{AD0C92A4-1514-4BC1-A723-A272A8343924}) (Version: 16.0.28329 - Microsoft Corporation) Hidden, vs_filehandler_amd64 (HKLM-x32\\{102E83BD-B6A0-4C74-AD22-7D594A3435D3}) (Version: 16.11.31503 - Microsoft Corporation) Hidden, vs_filehandler_x86 (HKLM-x32\\{6CBDE7BE-E956-4E0E-81FB-2CB79190C924}) (Version: 16.11.31503 - Microsoft Corporation) Hidden, vs_FileTracker_Singleton (HKLM-x32\\{05CA3463-0B45-425D-9AF2-E1964AB85CBB}) (Version: 16.10.31303 - Microsoft Corporation) Hidden, vs_minshellinteropmsi (HKLM-x32\\{883D29E5-9A41-4C45-A192-C10B8078BF0C}) (Version: 16.10.31306 - Microsoft Corporation) Hidden, vs_minshellmsi (HKLM-x32\\{53D1C36A-E35A-45B3-801B-F49BDD425293}) (Version: 16.11.31503 - Microsoft Corporation) Hidden, vs_minshellmsires (HKLM-x32\\{0916C6E1-6A0A-4887-9E00-D96FD44AFACE}) (Version: 16.10.31303 - Microsoft Corporation) Hidden, vs_tipsmsi (HKLM-x32\\{E208E682-50EE-4F2F-9860-C91B906B8A03}) (Version: 16.0.28329 - Microsoft Corporation) Hidden, Warframe (HKLM-x32\\{CCCC4D8B-DF26-4B87-9C95-CD79DE921556}) (Version: 1.0.0 - Digital Extremes), Windows SDK AddOn (HKLM-x32\\{350F0ECD-0783-4529-8797-98F0AD33EAC0}) (Version: 10.1.0.0 - Microsoft Corporation), WinRAR 5.21 beta 2 (64-bit) (HKLM\\WinRAR archiver) (Version: 5.21.2 - win.rar GmbH), ==================== Custom CLSID (Whitelisted): ==============, CustomCLSID: HKU\S-1-5-21-1882429420-2417423797-510263899-1000_Classes\CLSID\{06C9646D-2807-44C0-97D2-6DA0DB623DB4}\localserver32 -> C:\Users\Teisei\AppData\Local\GabAI\Dissenter\Application\80.1.5.114\notification_helper.exe (Gab AI Inc. -> Gab AI Inc), ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Comp\Soft\Notepad++\NppShell_06.dll [2018-03-18] (Notepad++ -> ), ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2018-05-07] (CyberLink Corp. -> Cyberlink), ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Comp\Soft\Zips\WinRAR\rarext.dll [2015-01-31] (win.rar GmbH -> Alexander Roshal), ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Comp\Soft\Zips\WinRAR\rarext32.dll [2015-01-31] (win.rar GmbH -> Alexander Roshal), ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2018-05-07] (CyberLink Corp. -> Cyberlink), ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2022-01-17] (Nvidia Corporation -> NVIDIA Corporation), ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Comp\Soft\Zips\WinRAR\rarext.dll [2015-01-31] (win.rar GmbH -> Alexander Roshal), ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Comp\Soft\Zips\WinRAR\rarext32.dll [2015-01-31] (win.rar GmbH -> Alexander Roshal), ==================== Codecs (Whitelisted) ====================, HKLM\\Drivers32: [msacm.voxacm160] => C:\Windows\system32\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [File not signed], HKLM\\Drivers32: [msacm.scg726] => C:\Windows\system32\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed], HKLM\\Drivers32: [msacm.alf2cd] => C:\Windows\system32\alf2cd.acm [38912 2003-05-21] (NCT Company) [File not signed], HKLM\\Drivers32: [msacm.ac3acm] => C:\Windows\system32\AC3ACM.acm [81920 2004-02-04] (fccHandler) [File not signed], HKLM\\Drivers32: [msacm.lame] => C:\Windows\system32\lame.ax [245760 2005-08-01] () [File not signed], HKLM\\Drivers32: [vidc.dvsd] => C:\Windows\system32\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [File not signed], HKLM\\Drivers32: [vidc.mpg4] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed], HKLM\\Drivers32: [vidc.mp42] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed], HKLM\\Drivers32: [vidc.mp43] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed], HKLM\\Drivers32: [vidc.xvid] => C:\Windows\system32\xvidvfw.dll [139264 2004-07-03] () [File not signed], HKLM\\Drivers32: [vidc.DIVX] => C:\Windows\system32\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed], HKLM\\Drivers32: [vidc.VP60] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed], HKLM\\Drivers32: [vidc.VP61] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed], HKLM\\Drivers32: [vidc.VP62] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed], HKLM\\Drivers32: [vidc.LAGS] => C:\Windows\system32\lagarith.dll [216064 2011-12-07] () [File not signed], ==================== Shortcuts & WMI ========================, ==================== Loaded Modules (Whitelisted) =============, 2017-11-10 04:03 - 2011-01-27 01:53 - 000028160 _____ () [File not signed] C:\Comp\Hard\Interceptor DS100\uiHook.dll, 2021-06-10 05:28 - 2021-06-10 05:28 - 000307200 _____ (RaMMicHaeL) [File not signed] C:\Comp\Soft\TaskBar\inject.dll, 2018-04-06 11:29 - 2018-04-06 11:29 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Logitech Gaming Software\LIBEAY32.dll, 2018-04-06 11:29 - 2018-04-06 11:29 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Logitech Gaming Software\ssleay32.dll, ==================== Alternate Data Streams (Whitelisted) ========, (If an entry is included in the fixlist, only the ADS will be removed. C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE Select each "Bitdefender Wallet" entry under Toolbars and Extensions and click the "Disable" button at the bottom of the window to disable them. 2013-04-10 04:07 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-04-10 04:07 441856 ----a-w- c:\windows\system32\html.iec Name the . "CarboniteSetupLite"="c:\program files (x86)\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096] C:\Windows\system32\lsm.exe Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category . HKLM-x32\\Run: [USBestCR] C:\Program Files (x86)\cardicon\iconcs50611310.exe RunFromReg [7373824 2011-04-21] () BHO: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll 2013-04-10 04:07 . FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) I have tried un installing AV program and re starting Defender but I still get windows defender error message. "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888] uInternet Settings,ProxyOverride = *.local # lang=1033 I don't care if it's got my back. Pop Up Windows Won't Go Away - Avast Task {6C7FA480-683E-48BC-B839-A29B49D8981B} - System32TasksBlueStacksHelper_nxt = CProgram FilesBlueStacks_nxtBlueStacksHelper.exe -sr (No File) => Error: No automatic fix found for this entry. FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll uSearch Page = hxxp://www.google.com Sharing best practices for building any app with .NET. . 2013-04-10 04:07 102912 ----a-w- c:\windows\system32\inseng.dll R0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [453896 2012-02-28] (PC Tools) The user didn't put in their credentials. R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-6-10 1817560] Comment Items from the FRST.TXT log that will be removed from the Registry. R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-11-20 21992] 2013-04-10 04:07 . ======== Registry ====> The operation completed successfully. C:\Windows\system32\taskeng.exe How to Remove Windows Defender Security Warning Scam from PC? - MiniTool . Malwarebytes is free to check your computer for adware. Click on Microsoft OneDrive to expand its entry, and display the options that are supported. 2013-04-10 04:07 . Internet Explorer 10.0.9200.16576 2013-05-15 14:27 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-05-16 08:44 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache C:\Windows\system32\nvvsvc.exe FF - prefs.js: browser.search.selectedEngine - Google 2013-05-15 22:08 - 2013-04-04 23:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-04-10 04:07 . FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32 @qq.comnpqscall - CProgram Files (x86)Common FilesTencentNPQSCALLnpqscall.dll [No File] => Error: No automatic fix found for this entry. I checked the windows defender service and it wont turn on at all. C:\Users\Family\Downloads\FlashPlayer_V.135870509b.exe (PUP.FakeFlash.Domaiq) -> Quarantined and deleted successfully. @Mrudula021217I had a similar issue that has been a problem for a while. Turn On or Off Windows Defender Enhanced Notifications in Windows 10 FirewallRules [UDP Query User{BCCB0FE3-1B51-40CE-B173-A3D7BFA0A41B}Ccompsoftqqbinqq.exe] = (Allow) Ccompsoftqqbinqq.exe = No File => Error: No automatic fix found for this entry. C:\Windows\system32\Dwm.exe (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. 2013-04-04 21:50 . By clicking Accept All, you consent to the use of ALL the cookies. 2012-04-03 23:59 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe Congratulations.Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.The following will implement some cleanup procedures as well as reset System Restore points: Winsock: Catalog9-x64 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448472] (PC Tools Research Pty Ltd.) Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools. FirewallRules [{B842CA52-0AA2-411C-B905-EC3DEAB4CFC4}] = (Allow) EOnlineWarFrameDownloadedPublicWarframe.x64.exe = No File => Error: No automatic fix found for this entry. Fix result of Farbar Recovery Scan Tool (x64) Version: 05-04-2022, Yah, I moved the program in to that folder, but I think I somehow got it to run with the file named "fixlog" or didn't save the code in the txt file. FF - ExtSQL: 2013-06-10 22:37; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\ufwer1tt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi 2013-04-10 04:07 150528 ----a-w- c:\windows\SysWow64\iexpress.exe (Not many people would be using or even have multiple browsers installed so maybe they wouldn't be using the same core files?). Deleted ! 2013-05-24 03:03:07 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll 2013-05-24 03:03 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll FirewallRules [{4A927AA6-72B9-4FC0-84C3-152CB62DCBD7}] = (Allow) EOnlineWarFrameDownloadedPublicWarframe.exe = No File => Error: No automatic fix found for this entry. HKCU\\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation) Emptied folder: C:\Users\Family\AppData\Roaming\mozilla\firefox\profiles\tvn6xr5d.Mark\minidumps [282 files] 2013-04-02 14:09 . The website with the message Windows Defender is most likely shown by adware applications. It works only in coordination with the primary cookie. "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720] Boot Mode: Normal "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] . On completion, a log (JRT.txt) is saved to your desktop and will automatically open. C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe I have avast, malware bytes and spybot. Successfully deleted the following from C:\Users\Family\AppData\Roaming\mozilla\firefox\profiles\ufwer1tt.default\prefs.js The file which is running by the task will not be moved. Once completed, review the Windows Defender adware detections. 2013-04-10 04:07 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll ============= SERVICES / DRIVERS =============== 2013-04-10 04:07 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-03-15 04:16:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll C:\Program Files\iPod\bin\iPodService.exe 2013-05-15 22:08 - 2013-04-04 22:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-03-15 04:16:10 63776 ----a-w- C:\Windows\System32\nvshext.dll Winsock: Catalog9-x64 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448472] (PC Tools Research Pty Ltd.) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) x64-DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll 2013-05-15 22:08 - 2013-04-04 23:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-07 20:59 -------- d-----w- c:\program files (x86)\Common Files\Steam R3 pctplfw;pctplfw;C:\Windows\System32\drivers\pctplfw64.sys [2011-7-24 181032] Information such as email accounts, Facebook credentials, banking passwords, pictures and documents have also been compromised. The Work Profile pop up appears every few minutes. FirewallRules [{2F5E1918-D3CF-46D9-A373-539BB14E2800}] = (Allow) ESteamsteamappscommonUnturnedUnturned_BE.exe = No File => Error: No automatic fix found for this entry. Youll be presented with the malware removal results, click Next to continue. S2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv64.exe;c:\windows\SYSNATIVE\afasrv64.exe [x] If you notice an installed extension you do not know or do not trust, click the Remove button to uninstall the extension from Microsoft Edge. S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x] Successfully deleted the following from C:\Users\Family\AppData\Roaming\mozilla\firefox\profiles\klypnjdj.Jenna\prefs.js IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 FirewallRules [{F6BE45B8-3481-4847-B008-928CD127B0CF}] = (Allow) CCompSoftEmuBlueStacks XBlueStacksWeb.exe = No File => Error: No automatic fix found for this entry. . DisableScanOnRealtimeEnable=- => Error: No automatic fix found for this entry. Description: The tbaseprovisioning service terminated unexpectedly. C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe 2013-06-06 20:12 - 2013-06-06 20:11 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-04-10 04:07 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-05-15 07:26 - 2013-02-26 22:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job R0 TFSysMon;TFSysMon;C:\Windows\System32\drivers\TfSysMon.sys [2012-9-18 706776]

Durham Tech Medical Assistant, Common Problems In Traveling, University Of Milan Application Fee, Chapin International Danville Ky, Harris County Rendition Form 2022, Columbus Crew Vs Cf Montreal Stats,