Recent Posts

Pages: 1 2 [3] 4 5 ... 10
21
Analysis and Malware Removal / Re: A computer is ready for LzD therapy!
« Last post by Corrine on May 03, 2016, 08:49:52 PM »
No problem, Panos.
22
Analysis and Malware Removal / Re: A computer is ready for LzD therapy!
« Last post by DR M on May 03, 2016, 07:52:25 PM »
Corrine,

Internet explorer failed to open Eset online scanner, so I tried with PM, following your instructions for other browsers.

I will leave it working, and post back in the morning (it's 23:51 right now :)  ).

Thank you, and have a nice day.  :)
23
Analysis and Malware Removal / Re: A computer is ready for LzD therapy!
« Last post by Corrine on May 03, 2016, 07:37:21 PM »
You may need to go to the Toshiba website and see if you can get replacement/updated drivers for the keyboard.

Considering McShield's findings, please follow the instructions below to run an on-line scan from ESET.
  • Note: It is easiest if you use Internet explorer for this scan.  (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
    • Hold down Control and click on this link to open ESET OnlineScan in a new window so you can refer to these instructions.
    • Click the green ESET Online Scanner box.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the Eset Smart Installer icon on your desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.
    • Under scan settings, check "Scan Archives" and "Remove found threats"
    • Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats
    • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.
24
Analysis and Malware Removal / Re: A computer is ready for LzD therapy!
« Last post by DR M on May 03, 2016, 07:23:10 PM »
Hi, Corrine.

I haven't got another keyboard to try it. It's very difficult for me to do a single movement on that computer. I can't enter numbers (so I can't enter the forum with my password), some letters are being produced as caps locks when the caps lock button is off and vice-verse, I can't select a file because everything is being selected... Also, Pale moon starts in safe mode every time, and every time I click on a link in Pale moon, it opens in a different window instead of tab. And the most important for me: I'm trying to transfer files with my memory stick, and just now, MCShield found a malware file and deleted it.

Here is the log from the FRST fix:

Fix result of Farbar Recovery Scan Tool (x86) Version:03-05-2016
Ran by EleniAn (2016-05-03 22:59:28) Run:1
Running from C:\Users\EleniAn\Desktop
Loaded Profiles: EleniAn (Available Profiles: EleniAn)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3284848731-2923227114-796928758-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [51656320 2016-04-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3284848731-2923227114-796928758-1000\...\MountPoints2: {0ddbb88e-548d-11e0-a6f1-0015b76389e7} - I:\Startme.exe
HKU\S-1-5-21-3284848731-2923227114-796928758-1000\...\MountPoints2: {191bfcd0-53f9-11e1-942c-001b77226924} - G:\Setup.exe -auto
HKU\S-1-5-21-3284848731-2923227114-796928758-1000\...\MountPoints2: {29ecbf58-ae3c-11e5-9499-0015b76389e7} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-3284848731-2923227114-796928758-1000\...\MountPoints2: {a8c26a2a-9e50-11df-a876-0015b76389e7} - D:\LaunchU3.exe -a
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-3284848731-2923227114-796928758-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.search.ask.com/?tpid=SGT&o=APN10374&pf=V5&trgb=ALL&p2=%5EAHO%5EYYYYYY%5EYY%5ECY&gct=hp&apn_ptnrs=%5EAHO&apn_dtid=%5EYYYYYY%5EYY%5ECY&apn_dbr=ff_13.0.1&apn_uid=89b4d772-b6d9-4b8c-b0af-6800347f7173&itbv=12.10.2.4202&doi=2013-08-02&psv=
URLSearchHook: HKU\S-1-5-21-3284848731-2923227114-796928758-1000 - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} -  No File
SearchScopes: HKU\S-1-5-21-3284848731-2923227114-796928758-1000 -> {E54276C4-1D6E-4D42-9DC9-35ED1B4F6BCD} URL = hxxp://www.search.ask.com/web?tpid=SGT&o=APN10374&pf=V7&p2=%5EAHO%5EYYYYYY%5EYY%5ECY&gct=&itbv=12.10.2.4202&apn_uid=89b4d772-b6d9-4b8c-b0af-6800347f7173&apn_ptnrs=%5EAHO&apn_dtid=%5EYYYYYY%5EYY%5ECY&apn_dbr=ff_13.0.1&doi=2013-08-02&trgb=ALL&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-3284848731-2923227114-796928758-1000 -> {F56BAF00-990D-4213-B33F-AE5B06BEEBC4} URL = hxxp://www.mysearchresults.com/search?c=3513&t=07&q={searchTerms}
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.6.0\bin\jp2ssv.dll => No File
Toolbar: HKU\S-1-5-21-3284848731-2923227114-796928758-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
CHR HKU\S-1-5-21-3284848731-2923227114-796928758-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\EleniAn\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
CustomCLSID: HKU\S-1-5-21-3284848731-2923227114-796928758-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\EleniAn\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [112]
AlternateDataStreams: C:\Users\EleniAn\Desktop\2015-01-01 00.10.55-1.jpg:com.dropbox.attributes [508]
AlternateDataStreams: C:\Users\EleniAn\Desktop\DSC_0072 (2) - Copy.JPG:com.dropbox.attributes [414]
AlternateDataStreams: C:\Users\EleniAn\Desktop\DSC_0072 (2).JPG:com.dropbox.attributes [414]
AlternateDataStreams: C:\Users\EleniAn\Desktop\Σπύρος γραμμένος & χορωδία _αγάπη ρε+_ Έπεσα απ' τα σύννεφα.mp3:TOC.WMV [130]
EmptyTemp:
end
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-3284848731-2923227114-796928758-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => value not found.
"HKU\S-1-5-21-3284848731-2923227114-796928758-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ddbb88e-548d-11e0-a6f1-0015b76389e7}" => key removed successfully.
HKCR\CLSID\{0ddbb88e-548d-11e0-a6f1-0015b76389e7} => key not found.
"HKU\S-1-5-21-3284848731-2923227114-796928758-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{191bfcd0-53f9-11e1-942c-001b77226924}" => key removed successfully.
HKCR\CLSID\{191bfcd0-53f9-11e1-942c-001b77226924} => key not found.
"HKU\S-1-5-21-3284848731-2923227114-796928758-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29ecbf58-ae3c-11e5-9499-0015b76389e7}" => key removed successfully.
HKCR\CLSID\{29ecbf58-ae3c-11e5-9499-0015b76389e7} => key not found.
"HKU\S-1-5-21-3284848731-2923227114-796928758-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8c26a2a-9e50-11df-a876-0015b76389e7}" => key removed successfully.
HKCR\CLSID\{a8c26a2a-9e50-11df-a876-0015b76389e7} => key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe" => key removed successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
HKU\S-1-5-21-3284848731-2923227114-796928758-1000\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value removed successfully.
HKU\S-1-5-21-3284848731-2923227114-796928758-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} => value removed successfully.
"HKU\S-1-5-21-3284848731-2923227114-796928758-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E54276C4-1D6E-4D42-9DC9-35ED1B4F6BCD}" => key removed successfully.
HKCR\CLSID\{E54276C4-1D6E-4D42-9DC9-35ED1B4F6BCD} => key not found.
"HKU\S-1-5-21-3284848731-2923227114-796928758-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F56BAF00-990D-4213-B33F-AE5B06BEEBC4}" => key removed successfully.
HKCR\CLSID\{F56BAF00-990D-4213-B33F-AE5B06BEEBC4} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully.
HKU\S-1-5-21-3284848731-2923227114-796928758-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value removed successfully.
"HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => key removed successfully.
"HKCR\PROTOCOLS\Handler\livecall" => key removed successfully.
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
"HKCR\PROTOCOLS\Handler\msnim" => key removed successfully.
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully.
"HKU\S-1-5-21-3284848731-2923227114-796928758-1000\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf" => key removed successfully.
blbdrive => service removed successfully.
IpInIp => service removed successfully.
NwlnkFlt => service removed successfully.
NwlnkFwd => service removed successfully.
"HKU\S-1-5-21-3284848731-2923227114-796928758-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}" => key removed successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully..
"C:\Users\EleniAn\Desktop\2015-01-01 00.10.55-1.jpg" => ":com.dropbox.attributes" ADS not found.
"C:\Users\EleniAn\Desktop\DSC_0072 (2) - Copy.JPG" => ":com.dropbox.attributes" ADS not found.
"C:\Users\EleniAn\Desktop\DSC_0072 (2).JPG" => ":com.dropbox.attributes" ADS not found.
"C:\Users\EleniAn\Desktop\Σπύρος γραμμένος & χορωδία _αγάπη ρε+_ Έπεσα απ' τα σύννεφα.mp3" => ":TOC.WMV" ADS not found.
EmptyTemp: => 5.5 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 23:04:29 ====
25
Analysis and Malware Removal / Re: A computer is ready for LzD therapy!
« Last post by Corrine on May 03, 2016, 06:48:14 PM »
Hi, Panos.

Have you tried an external keyboard?

Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Open Notepad (Start =>All Programs => Accessories => Notepad).
  • Copy/Paste the entire contents of the code box below into Notepad.
Code: [Select]
start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3284848731-2923227114-796928758-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [51656320 2016-04-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3284848731-2923227114-796928758-1000\...\MountPoints2: {0ddbb88e-548d-11e0-a6f1-0015b76389e7} - I:\Startme.exe
HKU\S-1-5-21-3284848731-2923227114-796928758-1000\...\MountPoints2: {191bfcd0-53f9-11e1-942c-001b77226924} - G:\Setup.exe -auto
HKU\S-1-5-21-3284848731-2923227114-796928758-1000\...\MountPoints2: {29ecbf58-ae3c-11e5-9499-0015b76389e7} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-3284848731-2923227114-796928758-1000\...\MountPoints2: {a8c26a2a-9e50-11df-a876-0015b76389e7} - D:\LaunchU3.exe -a
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-3284848731-2923227114-796928758-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.search.ask.com/?tpid=SGT&o=APN10374&pf=V5&trgb=ALL&p2=%5EAHO%5EYYYYYY%5EYY%5ECY&gct=hp&apn_ptnrs=%5EAHO&apn_dtid=%5EYYYYYY%5EYY%5ECY&apn_dbr=ff_13.0.1&apn_uid=89b4d772-b6d9-4b8c-b0af-6800347f7173&itbv=12.10.2.4202&doi=2013-08-02&psv=
URLSearchHook: HKU\S-1-5-21-3284848731-2923227114-796928758-1000 - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} -  No File
SearchScopes: HKU\S-1-5-21-3284848731-2923227114-796928758-1000 -> {E54276C4-1D6E-4D42-9DC9-35ED1B4F6BCD} URL = hxxp://www.search.ask.com/web?tpid=SGT&o=APN10374&pf=V7&p2=%5EAHO%5EYYYYYY%5EYY%5ECY&gct=&itbv=12.10.2.4202&apn_uid=89b4d772-b6d9-4b8c-b0af-6800347f7173&apn_ptnrs=%5EAHO&apn_dtid=%5EYYYYYY%5EYY%5ECY&apn_dbr=ff_13.0.1&doi=2013-08-02&trgb=ALL&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-3284848731-2923227114-796928758-1000 -> {F56BAF00-990D-4213-B33F-AE5B06BEEBC4} URL = hxxp://www.mysearchresults.com/search?c=3513&t=07&q={searchTerms}
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.6.0\bin\jp2ssv.dll => No File
Toolbar: HKU\S-1-5-21-3284848731-2923227114-796928758-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
CHR HKU\S-1-5-21-3284848731-2923227114-796928758-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\EleniAn\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
CustomCLSID: HKU\S-1-5-21-3284848731-2923227114-796928758-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\EleniAn\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [112]
AlternateDataStreams: C:\Users\EleniAn\Desktop\2015-01-01 00.10.55-1.jpg:com.dropbox.attributes [508]
AlternateDataStreams: C:\Users\EleniAn\Desktop\DSC_0072 (2) - Copy.JPG:com.dropbox.attributes [414]
AlternateDataStreams: C:\Users\EleniAn\Desktop\DSC_0072 (2).JPG:com.dropbox.attributes [414]
AlternateDataStreams: C:\Users\EleniAn\Desktop\Σπύρος γραμμένος & χορωδία _αγάπη ρε+_ Έπεσα απ' τα σύννεφα.mp3:TOC.WMV [130]
EmptyTemp:
end
  • Click Format and ensure Wordwrap is unchecked.
  • Important:  Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post the log in your next reply.
26
WinPatrol Help & Information / Re: AdwCleaner tries to remove WinPatrol
« Last post by akjudge on May 03, 2016, 06:30:01 PM »
Special thanks to Corrine who patiently helped me along with this issue...

Jim
27
Problem is new in version 2016.2.365 in 364 it works.

Hello DiSL,

Thank you for the information and behavior, the details are very helpful.

We would like for you to upgrade to the newest version as there has been changes made that should help with this behavior.
28
WinPatrol Help & Information / Re: AdwCleaner tries to remove WinPatrol
« Last post by Corrine on May 03, 2016, 06:17:30 PM »
Might as well hold off, Jim, and see what happens with the update.
29
WinAntiRansom Help & Information / Re: Multiple issues
« Last post by Scott on May 03, 2016, 06:00:28 PM »
Hi d3bt,

Thank you for the information regarding your use of WinPatrol & WinAntiRansom.

1. This is good feedback regarding the UI and the issues when moving from one section to another. I'm running WAR version 2016.4.428 and this issue isn't present - can you upgrade to the latest version and see if that behavior continues?

2. Do you notice that the CPU temp being high when both applications (WAR & WinPatrol) are running? Or does it start running hot when they are running separately? Development is stating that there are options that when enabled can increase the load on the CPU. Those are WinPrivacy options for 'Traffic Retention'.

3. I had an issue with Outlook when I installed WinPrivacy, it was listed in the Blocked Programs section. From inside the 'Blocked Programs' view, I right-clicked Outlook and selected 'Allow by Signature' after that I didn't have any further issues.

4. BOINC.exe & BOINCMGR.exe could also be listed in WinPrivacy 'Blocked Programs'. Also, in WinPrivacy there are option that will not allow new programs to access the internet (screenshot).
30
WinPatrol Help & Information / Re: AdwCleaner tries to remove WinPatrol
« Last post by akjudge on May 03, 2016, 05:48:26 PM »
Corrine (or Scott),

Do you want me to wait on the FRST files to see if the next version of AdwCleaner fixes the problem?

Or (Corrine) do you want me to run the scan (with your script)?

PS-  Figured out the empty WinPatrol folder -- I'm sure it is a left-over from before Bret took over WinPatrol (ie pre-Ruiware)

Jim
Pages: 1 2 [3] 4 5 ... 10