I was asked to start a new topic with the logs from Farbar Recovery Scan Tool & aswMBR & include the link back to the previous thread...Here is yesterdays' thread: http://forums.spybot.info/showthread.php?71595-Have-Incredibar-and-can-t-locate-where-it-is-to-remove-it

Today, following yesterdays' advice, I downloaded, ran all updates, and ran Spybot 2.4 as Administrator...it didn't remove Incredibar. I then booted the computer in Safe Mode, Ran As Administrator and attempted it again. The first time running in Safe Mode, it showed a green checkmark next to Incredibar and said it was fixed. I then rebooted the computer in Normal and ran Spybot as Administrator again and it CAME BACK. I have attempted several more times to run in Safe Mode as Administrator, but it just keeps showing a red X and the word ERROR.

Unfortunately, there is no Addition.txt below as this was the third time running Farbar and I deleted the first set. Second time and third downloads, the Answer.txt box was not checked. The Addition.txt log SHOULD be in the previous thread.

I am no computer whiz, so please use general terms easy for me to understand. This has been one of the most complicated things I have ever done. I have NEVER even run my computer in SAFE MODE before.

The logs you requested are below:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2014
Ran by Kyle (administrator) on KYLE-PC on 01-12-2014 16:07:50
Running from C:\Users\Kyle\Downloads
Loaded Profiles: Kyle & UpdatusUser (Available profiles: Kyle & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
(Tweaking.com) C:\Users\Kyle\Desktop\TweakingRegistryBackup.exe
(Tweaking.com) C:\Users\Kyle\Desktop\files\vss_start.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Users\Kyle\Desktop\files\vss_7_8_2008_2012_64.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Tweaking.com) C:\Users\Kyle\Desktop\files\vss_pause.exe
(Farbar) C:\Users\Kyle\Downloads\FRST64 (3).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060320 2010-02-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3146351965-3806649034-2360789711-1001\...\Run: [IncrediMail] => C:\Program Files (x86)\IncrediMail\bin\IncMail.exe [367016 2013-09-10] (IncrediMail, Ltd.)
HKU\S-1-5-21-3146351965-3806649034-2360789711-1001\...\Run: [Google Update] => C:\Users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-04] (Google Inc.)
HKU\S-1-5-21-3146351965-3806649034-2360789711-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3146351965-3806649034-2360789711-1001\...\MountPoints2: {574534b8-9b25-11e1-974f-9757d15045f7} - K:\TL_Bootstrap.exe
HKU\S-1-5-21-3146351965-3806649034-2360789711-1003\...\RunOnce: [ScrSav] => C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default p
2FŽà]2 aPa2G *2Ž •L•

BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3146351965-3806649034-2360789711-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
HKU\S-1-5-21-3146351965-3806649034-2360789711-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352g&r=17360411n103p0464v125r47i1t22q
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKU\S-1-5-21-3146351965-3806649034-2360789711-1001 -> {02C37892-7A1D-4E54-B30C-6FDCDCAC2AA2} URL = http://websearch.ask.com/redirect?client=ie&tb=EPC&o=2484&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^A49&apn_dtid=^YYYYYY^YY^US&apn_uid=f7db0ccf-7b4c-411b-b551-85cf4b8e2a8a&apn_sauid=FE877C46-0908-4FF1-9AF0-AF0FCFE5B125
SearchScopes: HKU\S-1-5-21-3146351965-3806649034-2360789711-1001 -> {0EFF49C4-2C72-4E64-9045-D1F7FDD136A4} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: EpicPlay Games -> {56E4076B-A42B-4745-BA35-34DA8AC4C2F2} -> C:\Program Files (x86)\EpicPlay\epicPlayGames.dll (EpicPlay LLC)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3146351965-3806649034-2360789711-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3146351965-3806649034-2360789711-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Kyle\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3146351965-3806649034-2360789711-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Kyle\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Extension: EpicPlay Games - C:\Users\Kyle\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com [2012-01-23]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.ebay.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Users\Kyle\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Kyle\AppData\Local\Google\Chrome\Application\39.0.2171.71\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Kyle\AppData\Local\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Kyle\AppData\Local\Google\Chrome\Application\39.0.2171.71\pdf.dll ()
CHR Plugin: (Injovo Extension Plugin) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.441_0\npbrowserext.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.270.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U27) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Profile: C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Easy Auto Refresh) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2013-09-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (Adblock Plus) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-09-18]
CHR Extension: (Pin It Button) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-05-14]
CHR Extension: (Hootsuite) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2013-03-04]
CHR Extension: (Google Wallet) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Lexity Live) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomdglhpapfpbfooeapcficgfhoncc [2013-03-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-03-11] (WildTangent)
R2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group)
S2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2011-11-12] (LeapFrog)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2011-02-14] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2011-02-14] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2011-02-14] (LG Electronics Inc.)
S3 BCMH43XX; system32\DRIVERS\bcmwlhigh664.sys [X]
S3 NPF; system32\DRIVERS\npf.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-01 16:07 - 2014-12-01 16:07 - 00014981 _____ () C:\Users\Kyle\Downloads\FRST.txt
2014-12-01 15:40 - 2014-12-01 15:40 - 02117120 _____ (Farbar) C:\Users\Kyle\Downloads\FRST64 (3).exe
2014-12-01 15:16 - 2014-12-01 15:16 - 04215584 _____ () C:\Users\Kyle\Downloads\tweaking.com_registry_backup_setup (1).exe
2014-12-01 15:16 - 2014-12-01 15:16 - 01346048 _____ (Indigo Rose Corporation) C:\Users\Kyle\Desktop\uninstall.exe
2014-12-01 15:16 - 2014-12-01 15:16 - 00325960 _____ () C:\Users\Kyle\Desktop\lua5.1.dll
2014-12-01 15:16 - 2014-12-01 15:16 - 00001508 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-12-01 15:16 - 2014-12-01 15:16 - 00000000 ____D () C:\Users\Kyle\Desktop\Uninstall
2014-12-01 15:16 - 2014-12-01 15:16 - 00000000 ____D () C:\Users\Kyle\Desktop\files
2014-12-01 15:16 - 2014-12-01 15:16 - 00000000 ____D () C:\Users\Kyle\Desktop\color_presets
2014-12-01 15:16 - 2014-12-01 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-12-01 00:08 - 2014-12-01 00:08 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-12-01 00:07 - 2014-12-01 00:10 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-01 00:07 - 2014-12-01 00:07 - 00001364 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-12-01 00:07 - 2014-12-01 00:07 - 00001352 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-12-01 00:07 - 2014-12-01 00:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-12-01 00:07 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-12-01 00:04 - 2014-12-01 00:04 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Kyle\Downloads\spybot-2.4.exe
2014-11-30 13:09 - 2014-12-01 15:43 - 00035997 _____ () C:\Users\Kyle\Downloads\Addition.txt
2014-11-30 13:05 - 2014-12-01 16:07 - 00000000 ____D () C:\FRST
2014-11-30 12:59 - 2014-11-30 12:59 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-KYLE-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-11-30 12:58 - 2014-11-30 12:58 - 00000000 ____D () C:\RegBackup
2014-11-30 12:48 - 2014-11-30 12:48 - 04215584 _____ () C:\Users\Kyle\Downloads\tweaking.com_registry_backup_setup.exe
2014-11-22 09:56 - 2014-11-22 09:56 - 00027906 _____ () C:\Users\Kyle\Downloads\Father Finds Horrifying Letter From His Son. This Is Gold..html
2014-11-22 09:56 - 2014-11-22 09:56 - 00000000 ____D () C:\Users\Kyle\Downloads\Father Finds Horrifying Letter From His Son. This Is Gold._files
2014-11-21 19:37 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-21 19:37 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-21 19:37 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-21 19:37 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-15 12:49 - 2014-11-15 12:49 - 00000000 __SHD () C:\Users\Kyle\AppData\Local\EmieBrowserModeList
2014-11-12 21:27 - 2014-11-07 14:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 21:27 - 2014-11-07 14:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 21:27 - 2014-11-05 23:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 21:27 - 2014-11-05 23:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 21:27 - 2014-11-05 23:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 21:27 - 2014-11-05 22:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 21:27 - 2014-11-05 22:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 21:27 - 2014-11-05 22:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 21:27 - 2014-11-05 22:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 21:27 - 2014-11-05 22:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 21:27 - 2014-11-05 22:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 21:27 - 2014-11-05 22:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 21:27 - 2014-11-05 22:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 21:27 - 2014-11-05 22:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 21:27 - 2014-11-05 22:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 21:27 - 2014-11-05 22:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 21:27 - 2014-11-05 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 21:27 - 2014-11-05 22:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 21:27 - 2014-11-05 22:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 21:27 - 2014-11-05 22:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 21:27 - 2014-11-05 22:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 21:27 - 2014-11-05 22:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 21:27 - 2014-11-05 22:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 21:27 - 2014-11-05 22:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 21:27 - 2014-11-05 22:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 21:27 - 2014-11-05 22:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 21:27 - 2014-11-05 22:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 21:27 - 2014-11-05 22:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 21:27 - 2014-11-05 22:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 21:27 - 2014-11-05 22:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 21:27 - 2014-11-05 22:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 21:27 - 2014-11-05 22:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 21:27 - 2014-11-05 21:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 21:27 - 2014-11-05 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 21:27 - 2014-11-05 21:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 21:27 - 2014-11-05 21:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 21:27 - 2014-11-05 21:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 21:27 - 2014-11-05 21:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 21:27 - 2014-11-05 21:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 21:27 - 2014-11-05 21:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 21:27 - 2014-11-05 21:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 21:27 - 2014-11-05 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 21:27 - 2014-11-05 21:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 21:27 - 2014-11-05 21:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 21:27 - 2014-11-05 21:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 21:27 - 2014-11-05 21:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 21:27 - 2014-11-05 21:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 21:27 - 2014-11-05 21:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 21:27 - 2014-11-05 21:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 21:27 - 2014-11-05 21:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 21:27 - 2014-11-05 21:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 21:27 - 2014-11-05 21:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 21:27 - 2014-11-05 20:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 21:27 - 2014-11-05 20:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 21:27 - 2014-11-05 20:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 21:27 - 2014-11-05 20:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 21:27 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 21:27 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 21:27 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 21:27 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 21:27 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 21:27 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 21:27 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 21:27 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 21:27 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 21:27 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 21:27 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 21:27 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 21:27 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 21:27 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 21:27 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 21:27 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 21:27 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 21:27 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 21:27 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 21:27 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 21:27 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 21:27 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 21:27 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 21:27 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 21:27 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 21:26 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 21:26 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 21:26 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 21:26 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 21:26 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 21:26 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 21:26 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 21:26 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 21:26 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 21:26 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 21:26 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 21:26 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 21:26 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 21:26 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 21:26 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 21:26 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 21:26 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 11:14 - 2014-11-12 11:14 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-12 11:12 - 2014-11-12 11:13 - 00638888 _____ (Oracle Corporation) C:\Users\Kyle\Downloads\chromeinstall-8u25.exe
2014-11-06 08:38 - 2014-11-06 08:39 - 00000019 _____ () C:\Users\Kyle\Downloads\text_0.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-01 15:59 - 2012-08-04 21:24 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3146351965-3806649034-2360789711-1001UA.job
2014-12-01 15:51 - 2011-04-27 21:11 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-01 15:36 - 2012-05-17 22:51 - 00000679 _____ () C:\Users\Kyle\Desktop\Settings.ini
2014-12-01 15:18 - 2014-05-17 07:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-01 15:17 - 2009-07-13 23:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-01 15:17 - 2009-07-13 23:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-01 15:15 - 2010-07-31 07:06 - 02051611 _____ () C:\Windows\WindowsUpdate.log
2014-12-01 15:11 - 2011-04-27 21:11 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-01 15:10 - 2014-10-30 12:28 - 00000896 _____ () C:\Windows\setupact.log
2014-12-01 15:10 - 2010-06-10 12:39 - 00567556 _____ () C:\Windows\PFRO.log
2014-12-01 15:10 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-01 15:09 - 2012-08-01 17:38 - 00001404 _____ () C:\Windows\wininit.ini
2014-12-01 13:19 - 2011-04-29 04:23 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-01 09:46 - 2012-08-04 21:24 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3146351965-3806649034-2360789711-1001Core.job
2014-12-01 00:07 - 2011-04-29 04:23 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-11-30 13:37 - 2014-09-29 08:04 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-28 10:31 - 2011-05-06 21:33 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\SoftGrid Client
2014-11-27 14:50 - 2011-05-17 18:53 - 00000000 ____D () C:\Users\Kyle\AppData\Local\CrashDumps
2014-11-25 18:18 - 2014-05-17 07:24 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-25 18:18 - 2012-04-03 09:58 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-25 18:18 - 2011-11-17 12:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-22 21:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-21 09:40 - 2011-04-29 05:14 - 00000398 _____ () C:\Windows\Tasks\EasyShare Registration Task.job
2014-11-16 09:46 - 2011-04-27 21:11 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-16 09:46 - 2011-04-27 21:11 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 08:54 - 2012-08-04 21:24 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3146351965-3806649034-2360789711-1001UA
2014-11-14 08:54 - 2012-08-04 21:24 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3146351965-3806649034-2360789711-1001Core
2014-11-13 14:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-11-12 22:07 - 2009-07-13 23:45 - 00267672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 11:14 - 2011-09-28 14:48 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-12 11:14 - 2011-09-28 14:48 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-12 11:14 - 2011-09-28 14:48 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-12 11:14 - 2011-09-28 14:48 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-10 08:53 - 2011-05-25 17:13 - 00000000 ____D () C:\Users\Kyle\AppData\Local\Adobe
2014-11-07 09:46 - 2009-07-14 00:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-06 09:11 - 2012-01-16 15:58 - 00011776 _____ () C:\Users\Kyle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-05 11:56 - 2012-04-10 12:01 - 00000000 ____D () C:\ProgramData\Microsoft Help

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-25 09:00

==================== End Of Log ============================


aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2014-12-01 16:13:56
-----------------------------
16:13:56.815 OS Version: Windows x64 6.1.7601 Service Pack 1
16:13:56.815 Number of processors: 2 586 0x603
16:13:56.817 ComputerName: KYLE-PC UserName: Kyle
16:13:58.837 Initialize success
16:13:58.868 VM: initialized successfully
16:13:58.868 VM: Amd CPU supported
16:16:47.485 AVAST engine defs: 14120100
16:17:30.556 The log file has been saved successfully to "C:\Users\Kyle\Downloads\aswMBR.txt"

What are you using for an Antivirus?


Running from C:\Users\Kyle\Downloads

We need to move FRST to desktop

Please go toy our downloads folder and locate FRST, right click and select CUT
Next, go to an open spot on your desktop and right click, select PASTE
Farbar Recovery Scan Tool should now be on your desktop.

For future reference
~~~

- Save ALL Tools to your Desktop-

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Icons/Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Chrome/Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Icons/Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Firefox/Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Icons/IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/IE/Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

~~~~~~~~~~~~~~

Manually Removing Firefox Extensions

Open Mozilla Firefox.
Type about:addons into the URL bar.
Click Remove next to EpicPlay Games and any extensions you do not use or recognize.
Close and reboot.


~~~~~~~~~~~~~~~~~~~~~~`
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)



start
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-3146351965-3806649034-2360789711-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Kyle\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3146351965-3806649034-2360789711-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Kyle\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3146351965-3806649034-2360789711-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Kyle\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3146351965-3806649034-2360789711-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Kyle\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
SearchScopes: HKU\S-1-5-21-3146351965-3806649034-2360789711-1001 -> {02C37892-7A1D-4E54-B30C-6FDCDCAC2AA2} URL = http://websearch.ask.com/redirect?client=ie&tb=EPC&o=2484&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^A49&apn_dtid=^YYYYYY^YY^US&apn_uid=f7db0ccf-7b4c-411b-b551-85cf4b8e2a8a&apn_sauid=FE877C46-0908-4FF1-9AF0-AF0FCFE5B125
BHO-x32: EpicPlay Games -> {56E4076B-A42B-4745-BA35-34DA8AC4C2F2} -> C:\Program Files (x86)\EpicPlay\epicPlayGames.dll (EpicPlay LLC)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKU\S-1-5-21-3146351965-3806649034-2360789711-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
CHR Plugin: (Shockwave Flash) - C:\Users\Kyle\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Kyle\AppData\Local\Google\Chrome\Application\39.0.2171.71\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Native Client) - C:\Users\Kyle\AppData\Local\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Kyle\AppData\Local\Google\Chrome\Application\39.0.2171.71\pdf.dll ()
CHR Plugin: (Injovo Extension Plugin) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.441_0\npbrowserext.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.270.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U27) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
S2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [X]
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
EmptyTemp:
Hosts:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~~~`

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisement.


http://thespykiller.co.uk/files/adwcleaner_download.png

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why (http://www.im-infected.com/hijacker/isearch-avg-comsearch-hijacker.html) and Here (http://nojesusnopeas.blogspot.com/2012/08/sorry-but-avg-secure-search-is-malware.html). You can always Reinstall (http://www.avg.com/us-en/secure-search) it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


*****
please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt

Manually Removing Firefox Extensions

Open Mozilla Firefox.
Type about:addons into the URL bar.
Click Remove next to EpicPlay Games and any extensions you do not use or recognize.
Close and reboot.


Juliet -

Problem #1 - I haven't had Firefox on the computer in about a year. I tried to download the browser again, but when I type in about:addons, I cannot locate EpicPlay Games. It is not showing anything - it says something about being the first time running it and shows add ons to get, but no list of old addons.

I have moved FRST to my desktop, but it is as a shortcut...I hope that is OK. I don't have FRST/FRST64, but when I looked at the text to FRST, it does say (x64)...not sure if it is the same thing.

I have NO antivirus that I am aware of.

What I thought would be a simple fix is becoming MORE AND MORE COMPLICATED...I hope I can do this - I am not feeling too confident.

We can do this hang in there.

Problem #1
I haven't had Firefox on the computer in about a year

It must of been all remnants because if you look back at the logs created by your first run of FRST it has Google Chrome and Firefox listed as browsers.
Not a big deal, we can fix that.

Let's uninstall everything out for Firefox by using the tool below.

Please download and install Revo Uninstaller Free (http://www.revouninstaller.com/)

Double click Revo Uninstaller to run it.
From the list of programs double click Firefox to remove
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.



NEXT**
You need an Antivirus on the computer.
Let's put one on thats easy for now and if you want something else later I can give a list later or now, up to you.

For now I recommend Microsoft Security Essentials.


http://1-ps.googleusercontent.com/x/www.geekstogo.com/i.imgur.com/8fj6i2U.png.pagespeed.ce.RUYs43FaJ5.pngavast! Free Anti-Virus (http://www.avast.com/en-gb/download-thank-you.php?product=FA-ONLINE&locale=en-gb) (free)
http://1-ps.googleusercontent.com/x/www.geekstogo.com/i.imgur.com/8fj6i2U.png.pagespeed.ce.RUYs43FaJ5.pngAvira AntiVir Personal - Free Antivirus (http://www.free-av.com/en/products/1/avira_antivir_personal__free_antivirus.html)(free)
http://1-ps.googleusercontent.com/x/www.geekstogo.com/i.imgur.com/xUbJpW95.png.pagespeed.ic.Eg8QK7Uzqf.jpg (http://windows.microsoft.com/en-us/windows/security-essentials-all-versions) Microsoft Security Essentials (http://windows.microsoft.com/en-us/windows/security-essentials-all-versions) (free)
http://2-ps.googleusercontent.com/x/www.geekstogo.com/i.imgur.com/GzlsbnV.png.pagespeed.ce.SLxxSJVib_.png (http://www.eset.co.uk/Download/Software/Home) ESET NOD32 Anti-Virus (http://www.eset.co.uk/Download/Software/Home) (paid)
http://2-ps.googleusercontent.com/x/www.geekstogo.com/i.imgur.com/YARWD1t.png.pagespeed.ce.nvhmVeYDe3.png (http://www.kaspersky.co.uk/home-products) Kaspersky Anti-Virus (http://www.kaspersky.co.uk/home-products) (paid)
http://2-ps.googleusercontent.com/x/www.geekstogo.com/i.imgur.com/x7D2ig3K.png.pagespeed.ic.x4TC1AK8OX.jpgEmsisoft Internet Security (http://www.emsisoft.de/en/software/internetsecurity/) (paid)

As for which free versus paid for Antivirus I have to leave this up to you but, I've always stayed with a free version, that use less resources and consumes less time in updating. This is my personal opinion and also with free versions of Antivirus, firewall is not included.

```````````````````````````````


(To use correct version for your system.....Which system am I using? (http://support.microsoft.com/kb/827218))

Check the above, this will show you how to determine which version to download.

***
Delete your FRST shortcut, we can't use that.

Then
Please go to your downloads folder and delete FRST from there.

We will download it again and using these instructions have it downloaded to desktop

- Save ALL Tools to your Desktop-

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Icons/Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Chrome/Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

~~~~~~~~~~~~~~

Please download Farbar Recovery Scan Tool (x32) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/) or Farbar Recovery Scan Tool (x64) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/) and save the file to your Desktop.
Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.

next

Open Double click on Farbar Recovery Scan Tool
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)



start
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-3146351965-3806649034-2360789711-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Kyle\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3146351965-3806649034-2360789711-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Kyle\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3146351965-3806649034-2360789711-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Kyle\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3146351965-3806649034-2360789711-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Kyle\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
SearchScopes: HKU\S-1-5-21-3146351965-3806649034-2360789711-1001 -> {02C37892-7A1D-4E54-B30C-6FDCDCAC2AA2} URL = http://websearch.ask.com/redirect?client=ie&tb=EPC&o=2484&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^A49&apn_dtid=^YYYYYY^YY^US&apn_uid=f7db0ccf-7b4c-411b-b551-85cf4b8e2a8a&apn_sauid=FE877C46-0908-4FF1-9AF0-AF0FCFE5B125
BHO-x32: EpicPlay Games -> {56E4076B-A42B-4745-BA35-34DA8AC4C2F2} -> C:\Program Files (x86)\EpicPlay\epicPlayGames.dll (EpicPlay LLC)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKU\S-1-5-21-3146351965-3806649034-2360789711-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
CHR Plugin: (Shockwave Flash) - C:\Users\Kyle\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Kyle\AppData\Local\Google\Chrome\Application\39.0.2171.71\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Native Client) - C:\Users\Kyle\AppData\Local\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Kyle\AppData\Local\Google\Chrome\Application\39.0.2171.71\pdf.dll ()
CHR Plugin: (Injovo Extension Plugin) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.441_0\npbrowserext.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.270.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U27) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
S2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [X]
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
EmptyTemp:
Hosts:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~~~`

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisement.


http://thespykiller.co.uk/files/adwcleaner_download.png

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why (http://www.im-infected.com/hijacker/isearch-avg-comsearch-hijacker.html) and Here (http://nojesusnopeas.blogspot.com/2012/08/sorry-but-avg-secure-search-is-malware.html). You can always Reinstall (http://www.avg.com/us-en/secure-search) it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


*****
please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt

Let's uninstall everything out for Firefox by using the tool below.

Please download and install Revo Uninstaller Free (http://www.revouninstaller.com/)

Double click Revo Uninstaller to run it.
From the list of programs double click Firefox to remove
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.




Juliet - I would love to get rid of Firefox, but after installing the Revo Uninstaller Pro, it is not located in the list of Programs. Now what?

Just continue with the rest of the instructions.

Juliet -

OK - I believe I have done it all (WOW, my stomach hurts from stressing so much about this! LOL)

I downloaded and Updated Microsoft Security Essentials and ran it - No Threats. **Question: Will it run OK in conjunction with using Spybot S&D 2.4 AND Malwarebytes? Hoping I don't have to change some settings for it to run without conflicts.


Here goes: The computer told me after I hit FIX on the Farbar Recovery Scan Tool "Fix completed - the Fixlog.txt is saved in the same directory FRST is located. Computer needs to restart. I did that.

Downloaded AdwCleaner, Scan & then Clean. Figured out how to take the FireWall? off by Unchecking the box for Real Time Protection in Microsoft Security Essentials (so scary) and downloaded Junkware Removal Tool.

Below are the Fixlog.txt, AdwCleaner Logfile, and Junkware Removal Tool logs:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-12-2014
Ran by Kyle at 2014-12-02 13:45:52 Run:1
Running from C:\Users\Kyle\Desktop
Loaded Profiles: Kyle & UpdatusUser (Available profiles: Kyle & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-3146351965-3806649034-2360789711-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Kyle\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3146351965-3806649034-2360789711-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Kyle\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3146351965-3806649034-2360789711-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Kyle\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3146351965-3806649034-2360789711-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Kyle\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
SearchScopes: HKU\S-1-5-21-3146351965-3806649034-2360789711-1001 -> {02C37892-7A1D-4E54-B30C-6FDCDCAC2AA2} URL = http://websearch.ask.com/redirect?client=ie&tb=EPC&o=2484&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^A49&apn_dtid=^YYYYYY^YY^US&apn_uid=f7db0ccf-7b4c-411b-b551-85cf4b8e2a8a&apn_sauid=FE877C46-0908-4FF1-9AF0-AF0FCFE5B125
BHO-x32: EpicPlay Games -> {56E4076B-A42B-4745-BA35-34DA8AC4C2F2} -> C:\Program Files (x86)\EpicPlay\epicPlayGames.dll (EpicPlay LLC)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKU\S-1-5-21-3146351965-3806649034-2360789711-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
CHR Plugin: (Shockwave Flash) - C:\Users\Kyle\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Kyle\AppData\Local\Google\Chrome\Application\39.0.2171.71\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Native Client) - C:\Users\Kyle\AppData\Local\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Kyle\AppData\Local\Google\Chrome\Application\39.0.2171.71\pdf.dll ()
CHR Plugin: (Injovo Extension Plugin) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.441_0\npbrowserext.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.270.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U27) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
S2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [X]
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
"HKU\S-1-5-21-3146351965-3806649034-2360789711-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-3146351965-3806649034-2360789711-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-3146351965-3806649034-2360789711-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-3146351965-3806649034-2360789711-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
"HKU\S-1-5-21-3146351965-3806649034-2360789711-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{02C37892-7A1D-4E54-B30C-6FDCDCAC2AA2}" => Key deleted successfully.
"HKCR\CLSID\{02C37892-7A1D-4E54-B30C-6FDCDCAC2AA2}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56E4076B-A42B-4745-BA35-34DA8AC4C2F2}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{56E4076B-A42B-4745-BA35-34DA8AC4C2F2}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key not found.
HKU\S-1-5-21-3146351965-3806649034-2360789711-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
C:\Users\Kyle\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll not found.
C:\Users\Kyle\AppData\Local\Google\Chrome\Application\39.0.2171.71\gcswf32.dll not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll not found.
C:\Users\Kyle\AppData\Local\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll not found.
C:\Users\Kyle\AppData\Local\Google\Chrome\Application\39.0.2171.71\pdf.dll => Moved successfully.
C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.441_0\npbrowserext.dll not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
C:\Windows\system32\Adobe\Director\np32dsw.dll not found.
Web Assistant Updater => Service deleted successfully.
"C:\Program Files\Web Assistant\ExtensionUpdaterService.exe" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 853.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

# AdwCleaner v4.103 - Report created 02/12/2014 at 14:15:56
# Updated 01/12/2014 by Xplode
# Database : 2014-12-01.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Kyle - KYLE-PC
# Running from : C:\Users\Kyle\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Partner
File Deleted : C:\Users\Kyle\Desktop\Uninstall.exe

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKLM\SOFTWARE\ImInstaller
Key Deleted : HKLM\SOFTWARE\Web Assistant
Key Deleted : [x64] HKLM\SOFTWARE\Web Assistant

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v


-\\ Google Chrome v

[C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1971 octets] - [02/12/2014 14:10:10]
AdwCleaner[S0].txt - [1821 octets] - [02/12/2014 14:15:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1881 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by Kyle on Tue 12/02/2014 at 14:31:01.43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\epicplay"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 12/02/2014 at 14:34:41.97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Juliet - ALSO, should I turn my Real Time Protection for Microsoft Security Essentials back on?

OK - I believe I have done it all (WOW, my stomach hurts from stressing so much about this! LOL)

I downloaded and Updated Microsoft Security Essentials and ran it - No Threats. **Question: Will it run OK in conjunction with using Spybot S&D 2.4 AND Malwarebytes? Hoping I don't have to change some settings for it to run without conflicts.

Juliet - ALSO, should I turn my Real Time Protection for Microsoft Security Essentials back on?
Don't stress over this because I think the machine should be running much better by now?

Microsoft Security Essentials works well with the other tools you listed.

Yes, please enable Microsoft Security Essentials.


How's the computer?

~~~~~~~~~~~~

ownload Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"




http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMDashboard_zpsddef9b5f.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMDashboard_zpsddef9b5f.gif.html)



On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Dections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes


***************************************

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.


Go here (http://www.eset.com/us/online-scanner/) to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

Note:
For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html).
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology


Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan.


*************************************

Juliet -

I did have Malwarebytes already installed...just hadn't updated in 4 days. Ran updates, the boxes for PUP and PUM were already checked. I previously had also checked for it to scan for rootkits, too - I hope that was OK...I haven't changed it. I ran Malwarebytes and it showed 15 - PUPS! I have never had that many show up before! I see now that they're from that same EpicPlay you saw earlier. I quarantined them and the report is below. Also the ESET text log created below it. (I see it's showing a Screensaver I used a long time ago - I don't use it anymore.)

Thank you for all your help - I think we're making headway! :)



**Malwarebytes **


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/4/2014
Scan Time: 1:25:58 PM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.12.04.07
Rootkit Database: v2014.12.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kyle

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 404265
Time Elapsed: 12 min, 11 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 6
PUP.Optional.EpicPlay.A, HKU\S-1-5-21-3146351965-3806649034-2360789711-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{56E4076B-A42B-4745-BA35-34DA8AC4C2F2}, Quarantined, [1c5b95c9403c24125f50bc0753af8080],
PUP.Optional.EpicPlay.A, HKLM\SOFTWARE\CLASSES\EpicPlay.TextLinks, Quarantined, [1c5b95c9403c24125f50bc0753af8080],
PUP.Optional.EpicPlay.A, HKLM\SOFTWARE\CLASSES\EpicPlay.TextLinks.1, Quarantined, [1c5b95c9403c24125f50bc0753af8080],
PUP.Optional.EpicPlay.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\EpicPlay.TextLinks, Quarantined, [1c5b95c9403c24125f50bc0753af8080],
PUP.Optional.EpicPlay.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\EpicPlay.TextLinks.1, Quarantined, [1c5b95c9403c24125f50bc0753af8080],
PUP.Optional.EpicPlay.A, HKU\S-1-5-21-3146351965-3806649034-2360789711-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{56E4076B-A42B-4745-BA35-34DA8AC4C2F2}, Quarantined, [1c5b95c9403c24125f50bc0753af8080],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 3
PUP.Optional.EpicPlay.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com, Quarantined, [d2a5c39b601cf83e87fd152fe122bd43],
PUP.Optional.EpicPlay.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com\chrome, Quarantined, [d2a5c39b601cf83e87fd152fe122bd43],
PUP.Optional.EpicPlay.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com\components, Quarantined, [d2a5c39b601cf83e87fd152fe122bd43],

Files: 6
PUP.Optional.EpicPlay.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com\chrome.manifest, Quarantined, [d2a5c39b601cf83e87fd152fe122bd43],
PUP.Optional.EpicPlay.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com\install.rdf, Quarantined, [d2a5c39b601cf83e87fd152fe122bd43],
PUP.Optional.EpicPlay.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com\chrome\eptextlinks.jar, Quarantined, [d2a5c39b601cf83e87fd152fe122bd43],
PUP.Optional.EpicPlay.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com\components\epicplay.js, Quarantined, [d2a5c39b601cf83e87fd152fe122bd43],
PUP.Optional.EpicPlay.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com\components\epicPlayGames.dll, Quarantined, [d2a5c39b601cf83e87fd152fe122bd43],
PUP.Optional.EpicPlay.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com\components\epicPlayGames.xpt, Quarantined, [d2a5c39b601cf83e87fd152fe122bd43],

Physical Sectors: 0
(No malicious items detected)


(end)

____________________________________________________

ESET LOG

C:\Users\Kyle\Downloads\Desktop Theme Bambi and Friends.exe multiple threats
C:\Users\Kyle\Downloads\Desktop Theme Thumper.exe multiple threats

You did good with MalwareBytes


Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt (Don't get this one confused with the one you already made, if need be find the one made previously and delete it so this one will run correctly)
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)



start
CloseProcesses:
C:\Users\Kyle\Downloads\Desktop Theme Bambi and Friends.exe
C:\Users\Kyle\Downloads\Desktop Theme Thumper.exe
EmptyTemp:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


How's your computer now?

Juliet -

It is certainly running so much faster, that's for SURE!!! I think we almost have it...and I am so excited!

Attached is the fixlog you just asked me to run:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-12-2014
Ran by Kyle at 2014-12-05 10:44:49 Run:2
Running from C:\Users\Kyle\Desktop
Loaded Profiles: Kyle & UpdatusUser (Available profiles: Kyle & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
C:\Users\Kyle\Downloads\Desktop Theme Bambi and Friends.exe
C:\Users\Kyle\Downloads\Desktop Theme Thumper.exe
EmptyTemp:
End
*****************

Processes closed successfully.
C:\Users\Kyle\Downloads\Desktop Theme Bambi and Friends.exe => Moved successfully.
C:\Users\Kyle\Downloads\Desktop Theme Thumper.exe => Moved successfully.
EmptyTemp: => Removed 454.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

I think we almost have it
Whats happening now?

I am running good - now, how to get rid of all those icons on my desktop? I have installed SO MUCH stuff - and now I have to remember to go back and not let everything download to my desktop.

I haven't run anything further...should I?

I think your good to go.

http://i.imgur.com/AFZxnZc.jpg DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:

Activate UAC
Remove disinfection tools
Create registry backup
Purge system restore


Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

~~~~~~~~~~~~~~~~~~~~~

Please take the time to read over a few of my preventive tips.

Computer Security
http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be prepared for CryptoLocker:

Cryptolocker Ransomware: What You Need To Know (http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/#)

CryptoLocker Ransomware Information Guide and FAQ (http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)

to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent (http://www.foolishit.com/vb6-projects/cryptoprevent/) install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please navigate to Microsoft Windows Updates (http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us) and download all the "Critical Updates" for Windows.


Firefox 3 (http://www.mozilla.com/en-US/firefox/)
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript (http://www.noscript.net) - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

AdblockPlus

AdblockPlus, Surf the web without annoying ads!
Blocks banners, pop-ups and video ads - even on Facebook and YouTube
Protects your online privacy
Two-click installation, It's free!
click the icon that corresponds to your browser and download.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WOT (http://www.mywot.com/) Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

Green should be good to go
Yellow for caution
Red to stop



~~~~~~~~~~~~~~~~~~~~~~~~~~~~
How to prevent Malware: Created by Miekiemoes (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)


WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/
and this article (http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1B7938755

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/ (null)))


Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter (http://www.fbi.gov/cyberinvest/cyberedletter.htm)
USAToday (http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm)
infoworld (http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html)

*********************************************
Please read the following safe computing articles..

Secure My Computer: A Layered Approach (http://www.dslreports.com/faq/8463)


Free Antivirus-AntiSpyware-Firewall Software (http://www.geekstogo.com/forum/Free-Antivirus-Antispyware-Software-t38.html)[/*]

Keep a backup of your important files (http://www.geekstogo.com/2008/06/19/options-for-home-computer-data-backup-part-1/) - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.



It is possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
You can check these by visiting Secunia Software Inspector (http://secunia.com/software_inspector) or you can use the following application for this purpose PatchMyPC (http://www.patchmypc.net/)

Juliet -

Could you please tell me where to change my Downloads to? We changed them to my Desktop, but I don't even know where they were before we changed them.

Before you had them directed to downloads folder
C:\Users\Kyle\Downloads
We can redo this setting if you wish



https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Icons/Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Chrome/Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select where you want your downloads to go from here, and click OK.
https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Icons/Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Firefox/Settings.JPG Choose Options. In the downloads section, click the Browse button, select where to designate where they should go
and the click the "Select Folder" button. Click OK to get out of the Options menu.
https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Icons/IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/IE/Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select select where to designate where they should go and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Juliet -

OK, I have fixed so that the downloads go back into Downloads.

Now, I have read all that you attached...and I was running GREAT - UNTIL I DOWNLOADED Cryptolocker. When I did, my computer would just STALL out on pages, and not finish loading. I had to uninstall it just to send you this message. Any thoughts?

You mean CryptoPrevent?
Did you set it to default?

Juliet -

Yes, I mean CryptoPrevent. Yes, it was also set on Default. Nothing was working - pages weren't loading all the way...even with refresh. It was crazy! Just stalled out every where I tried to go.

I had to uninstall it so I could send you this message. It all seems running fine now that it's out...QUICK loading of pages and going places.

Not sure why it wouldn't work as we wanted, theres always an exception to the rule, but rather you be happy with a clean machine.
I just wonder though, if it had to set instructions for everything you opened?

Might be best to try and follow safe surfing practices :)

Juliet -

Not sure what you mean by "maybe it had to set instructions for all you had opened"...but all appears to be running very smoothly - and is very fast...like when it was new a few years ago. :)

Not sure what you mean by "maybe it had to set instructions for all you had opened"
Your computers security interfered or it had not had enough time to set rules on your computer, or it's just not going to work on your machine.
Typing to fast with a 5 year old hanging on to me, made me look like.....:alien:


but all appears to be running very smoothly - and is very fast...like when it was new a few years ago
Very happy to hear it.

Safe Surfing :)

Juliet -

One final question - should I be purging all quarantined items? I just ran Spybot again and it found Incredibar again. When I ran Spybot, it fixed it. Then, I checked in the quarantine and there were many Incredibar references listed there. I purged the ones that said they were Incredibar and Double-Click, but am left still with a large list of items. The titles of the categories are: Internet Explorer, MS Direct3D, MS DirectDraw, MS DirectInput, MS Management Console, MS Media Player, MS Paint, MS Regedit, Windows Explorer, Windows Media SDK, Windows OpenWith. All of the above titles also have a box under them that says: All Detected Items of Product

Do I purge all those, too? And, should I be purging all quarantined items after every run of Spybot, if it finds anything?

Sorry, I am just trying to make sure I run smoothly from here on out.

I just ran Spybot again and it found Incredibar again
Does it give a location?


should I be purging all quarantined items?
For this question I will have to direct you to a different forum, please start a new topic :)
http://forums.spybot.info/forumdisplay.php?4-Spybot

I have found an application which might work on your machine.

Hitman Pro-CryptoGuard: Prevents your files from being taken hostage! (http://www.surfright.nl/en/cryptoguard)

Thank you, Juliet...I will give it a try and see what happens. Am I just supposed to download it? I see that it runs in the background?

It;s worth a try.

Create a restore point first in case you should have to remove it later.

Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.