Jump to content

Recommended Posts

Windows explorer is running with very high cpu and memory usage.  Every so often I get a message from Avast or Mbam that explorer is trying to access a harmful web page.  After a while explorer stops responding. I saw another user had this same issue yesterday but I didn't see a resolution yet.

 

I am running premium mbam.  I've updated the database to the latest and run a new scan but nothing came up.

 

I've run FRST and here is the output:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-10-2014 01
Ran by Ed (administrator) on EDS-NEW-LAPTOP on 02-10-2014 11:47:06
Running from C:\Users\Ed\Desktop
Loaded Profile: Ed (Available profiles: Ed & VPC & Suzy)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Jetico, Inc.) C:\Program Files\BCWipe\BCWipeSvc.exe
(Jetico, Inc.) C:\Program Files\BCWipe\BCWipeTM.exe
(Jetico, Inc.) C:\Program Files\BCWipe\BCWipeTM.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe
(Tanuki Software, Ltd.) C:\geronimo-2.1.7\bin\wrapper.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Rosetta Stone Ltd.) C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Seagate Technology LLC) C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\CIDAEMON.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(LSI Corp.) C:\Program Files\ltmoh\ltmoh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Seagate Technology LLC) C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(Seagate Technology LLC) C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Spotify Ltd) C:\Users\Ed\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Users\Ed\AppData\Local\Google\Update\GoogleUpdate.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Dropbox, Inc.) C:\Users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(Seagate Technology LLC) C:\Program Files\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtBty.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Oracle Corporation) C:\jdk1.7.0_21\bin\java.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [iTSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [358424 2009-08-04] (Intel Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [184320 2009-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [LtMoh] => C:\Program Files\ltmoh\Ltmoh.exe [195080 2008-09-25] (LSI Corp.)
HKLM\...\Run: [TOSDCR] => C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [476512 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TFPUPWDBankService] => C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe [888752 2010-03-02] (TOSHIBA)
HKLM\...\Run: [TFPUService] => C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe [783224 2010-11-04] (TOSHIBA)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [TosVolRegulator] => C:\Windows\TosVolRegulator.exe [46904 2009-09-04] (TOSHIBA Corporation)
HKLM\...\Run: [intelliType Pro] => c:\Program Files\Microsoft Device Center\itype.exe [1109072 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4085896 2014-08-05] (AVAST Software)
HKLM\...\Run: [DBAgent] => C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1519176 2014-04-30] (Seagate Technology LLC)
HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft Device Center\ipoint.exe [1629280 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2922425519-67720396-3179748331-1003\...\Run: [uploader] => C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [126056 2014-04-30] (Seagate Technology LLC)
HKU\S-1-5-21-2922425519-67720396-3179748331-1003\...\Run: [spotify Web Helper] => C:\Users\Ed\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-20] (Spotify Ltd)
HKU\S-1-5-21-2922425519-67720396-3179748331-1003\...\Run: [Google Update] => C:\Users\Ed\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2010-01-19] (Google Inc.)
HKU\S-1-5-21-2922425519-67720396-3179748331-1003\...\MountPoints2: {b234ee84-02b1-11df-ab2b-00231849d755} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2922425519-67720396-3179748331-1003\...\MountPoints2: {dee8cae6-b82f-11e2-90a2-0026c639c608} - E:\VZW_Software_upgrade_assistant_installer.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SAC-Desktop-Alert.lnk
ShortcutTarget: SAC-Desktop-Alert.lnk -> C:\Program Files\SteepAndCheap\Desktop Alert\SAC-Desktop-Alert.exe (Steepandcheap.com)
Startup: C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
HKLM\...\AppCertDlls: [ftpSTAT] -> C:\windows\system32\BdeUsync.dll
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [ATFPUOverlayIcon] -> {3239DBC1-B76D-4dc7-8B29-D99CBA3C7336} => C:\Program Files\TOSHIBA\TFPU\TFPUOverlayIcon.dll (TOSHIBA)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: TFPUPWDBankBHO Class -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\TFPU\TFPUPWDBankBHO.dll (TODO: <Company name>)
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Skype add-on (mastermind) -> {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} https://abba-kaseya.abbatech.com/inc/kaxRemote.dll
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1081
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\tood3qjx.default
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @movenetworks.com/Quantum Media Player -> C:\Users\Ed\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Ed\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player -> C:\Users\Ed\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\tood3qjx.default\searchplugins\askcom.xml
FF Extension: Firebug - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\tood3qjx.default\Extensions\firebug@software.joehewitt.com.xpi [2012-02-20]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\??????????????????? [2014-05-29]
FF HKLM\...\Firefox\Extensions: [{C1CA7765-44E4-452e-9D00-A04F3D434281}] - C:\Program Files\TOSHIBA\TFPU\FirefoxAddin
FF Extension: Automatic password input in Fx - C:\Program Files\TOSHIBA\TFPU\FirefoxAddin [2010-01-16]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-17]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-04-14]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-23]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\Ed\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\Ed\AppData\Roaming\Move Networks [2010-03-10]
 
Chrome: 
=======
CHR HomePage: Default -> EB6DB2A4B8B04989962A4665F6FB43EFA727D68B246BFD72B2E09357DA678CF8
CHR DefaultSearchKeyword: Default -> CAAA34465438F6C3173617ED4011EC833B38ACEE9E1D9CFED77A080405643FAB
CHR DefaultSearchURL: Default -> D6C8DAB02C3BCF1882169EFC288FD356CC90358D00F23DA4AA5E97023DC4B673
CHR CustomProfile: C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-13]
CHR Extension: (RealDownloader) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-07-22]
CHR Extension: (Google Wallet) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-22]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-08-05]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Ed\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor10.0; C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1824064 2010-08-10] (AuthenTec, Inc.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-08-05] (AVAST Software)
R2 BCWipeSvc; C:\Program Files\BCWipe\BCWipeSvc.exe [87840 2013-04-09] (Jetico, Inc.)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-10] (TOSHIBA CORPORATION)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1664176 2014-08-11] (Microsoft Corporation)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [152576 2013-04-08] (CrashPlan) [File not signed]
R2 Geronimo; C:\geronimo-2.1.7\bin\wrapper.exe [332288 2011-01-20] (Tanuki Software, Ltd.) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MSSQL$VPC; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29263712 2008-11-25] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45408 2008-11-25] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
S4 PuranDefrag; C:\windows\system32\PuranDefragS.exe [229376 2010-05-17] (Puran Software) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RosettaStoneDaemon; C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [1646608 2012-06-19] (Rosetta Stone Ltd.)
R2 RSELSVC; C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe [62832 2009-07-07] (TOSHIBA Corporation)
R2 Seagate Dashboard Services; C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-04-30] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-04-30] (Seagate Technology LLC)
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [54136 2011-02-11] (TOSHIBA Corporation)
S3 Tomcat6; C:\tomcat6.0.35\bin\Tomcat6.exe [74752 2011-11-28] (Apache Software Foundation) [File not signed]
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-09-03] (TOSHIBA Corporation)
S3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2009-08-06] (TOSHIBA Corporation)
R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2009-08-04] (Intel Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\windows\system32\drivers\aswHwid.sys [24184 2014-08-05] ()
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [67824 2014-08-05] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [81768 2014-08-05] (AVAST Software)
R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49944 2014-08-05] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [779536 2014-08-05] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [414520 2014-08-05] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [71944 2014-08-05] (AVAST Software)
R1 aswTdi; C:\windows\system32\Drivers\aswTdi.sys [56080 2013-12-19] (AVAST Software)
R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [192352 2014-08-05] ()
S4 BCSWAP; C:\windows\system32\Drivers\BCSWAP.sys [105024 2013-04-09] (Jetico, Inc.)
R0 fsh; C:\windows\system32\Drivers\fsh.sys [48384 2013-04-09] (Jetico, Inc.)
S3 grmnusb; C:\windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
R3 guardian2; C:\windows\System32\Drivers\oz776.sys [69664 2009-09-10] (O2Micro)
S3 LEqdUsb; C:\windows\System32\Drivers\LEqdUsb.Sys [42648 2011-09-02] (Logitech, Inc.)
S3 LHidEqd; C:\windows\System32\Drivers\LHidEqd.Sys [12184 2011-09-02] (Logitech, Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-10-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 MftWipeFilter; C:\windows\system32\Drivers\MftWipeFilter.sys [25664 2013-04-09] (Windows ® Win 7 DDK provider)
S3 NuidFltr; C:\windows\System32\DRIVERS\NuidFltr.sys [22112 2012-06-26] (Microsoft Corporation)
R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation)
R0 PxHelp20; C:\windows\System32\Drivers\PxHelp20.sys [45744 2011-10-04] (Rovi Corporation)
R2 TVALZFL; C:\windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-19] (TOSHIBA Corporation)
R1 UimBus; C:\windows\System32\DRIVERS\UimBus.sys [45240 2011-10-13] (Windows ® 2000 DDK provider)
R1 Uim_IM; C:\windows\System32\Drivers\Uim_IM.sys [441608 2011-10-13] (Paragon)
R1 Uim_Vim; C:\windows\System32\Drivers\Uim_Vim.sys [277576 2011-10-13] (Paragon)
S3 pfc; system32\drivers\pfc.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-16 14:44 - 2014-10-16 14:44 - 00000000 _____ () C:\windows\setuperr.log
2014-10-16 14:44 - 2014-10-02 10:46 - 00001064 _____ () C:\windows\setupact.log
2014-10-02 11:47 - 2014-10-02 11:48 - 00031072 _____ () C:\Users\Ed\Desktop\FRST.txt
2014-10-02 11:45 - 2014-10-02 11:47 - 00000000 ____D () C:\FRST
2014-10-02 11:41 - 2014-10-02 11:41 - 01100288 _____ (Farbar) C:\Users\Ed\Desktop\FRST.exe
2014-10-01 08:02 - 2014-10-02 10:53 - 00000000 ___HD () C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2014-09-28 03:24 - 2014-08-19 11:39 - 00327872 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-28 03:24 - 2014-08-18 16:26 - 17455104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-28 03:24 - 2014-08-18 16:08 - 04232704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-28 03:24 - 2014-08-18 15:57 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-28 03:24 - 2014-08-18 15:57 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-28 03:24 - 2014-08-18 15:46 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-28 03:24 - 2014-08-18 15:45 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-28 03:24 - 2014-08-18 15:44 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-28 03:24 - 2014-08-18 15:44 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-28 03:24 - 2014-08-18 15:42 - 02185728 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-28 03:24 - 2014-08-18 15:39 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-28 03:24 - 2014-08-18 15:39 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-28 03:24 - 2014-08-18 15:37 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-28 03:24 - 2014-08-18 15:36 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-28 03:24 - 2014-08-18 15:36 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-28 03:24 - 2014-08-18 15:35 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-28 03:24 - 2014-08-18 15:30 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-09-28 03:24 - 2014-08-18 15:27 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-28 03:24 - 2014-08-18 15:22 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-28 03:24 - 2014-08-18 15:19 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-28 03:24 - 2014-08-18 15:17 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-28 03:24 - 2014-08-18 15:17 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-28 03:24 - 2014-08-18 15:15 - 11769856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-28 03:24 - 2014-08-18 15:09 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-28 03:24 - 2014-08-18 15:08 - 02014208 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-28 03:24 - 2014-08-18 15:08 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-28 03:24 - 2014-08-18 15:07 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-09-28 03:24 - 2014-08-18 14:46 - 01812992 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-28 03:24 - 2014-08-18 14:38 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-28 03:24 - 2014-08-18 14:36 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-27 10:41 - 2014-07-06 19:40 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-27 10:41 - 2014-07-06 19:40 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-02 11:41 - 2010-02-10 20:34 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-02 11:36 - 2014-01-24 10:29 - 00000508 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2922425519-67720396-3179748331-1003.job
2014-10-02 11:03 - 2014-05-20 11:17 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-02 10:56 - 2009-07-13 22:34 - 00016976 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-02 10:56 - 2009-07-13 22:34 - 00016976 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-02 10:55 - 2010-01-18 17:16 - 00000000 ___RD () C:\Users\Ed\Documents\My Dropbox
2014-10-02 10:55 - 2010-01-18 17:12 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\Dropbox
2014-10-02 10:54 - 2014-02-10 22:57 - 00000978 _____ () C:\Users\Ed\Desktop\Bluetooth Information Exchanger.lnk
2014-10-02 10:53 - 2010-02-10 20:34 - 00000882 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-02 10:52 - 2010-01-16 08:47 - 01857735 _____ () C:\windows\WindowsUpdate.log
2014-10-02 10:51 - 2012-11-27 19:41 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-10-02 10:46 - 2009-07-13 22:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-02 09:49 - 2013-06-19 13:33 - 00000000 ____D () C:\Users\Ed\AppData\Local\CrashDumps
2014-10-02 02:00 - 2010-01-18 20:26 - 00000000 ____D () C:\Users\Ed\AppData\Local\Adobe
2014-10-01 12:03 - 2010-03-05 11:34 - 00000000 ____D () C:\vpctemp
2014-09-30 13:01 - 2010-02-17 11:35 - 00000000 ____D () C:\Users\Ed\Documents\5th Street Condo Docs
2014-09-29 20:00 - 2012-04-06 17:46 - 00000000 ____D () C:\vpcbin1
2014-09-29 16:03 - 2011-03-07 15:30 - 00000000 ____D () C:\temp
2014-09-29 14:37 - 2010-01-25 18:33 - 00000000 ____D () C:\Users\Ed\temp
2014-09-29 14:37 - 2010-01-25 18:33 - 00000000 ____D () C:\Users\Ed\.vpc
2014-09-28 04:46 - 2009-07-13 20:37 - 00000000 ____D () C:\windows\rescache
2014-09-28 04:02 - 2009-07-13 20:37 - 00000000 ____D () C:\windows\Microsoft.NET
2014-09-28 03:44 - 2014-08-07 13:21 - 00037784 _____ () C:\windows\PFRO.log
2014-09-28 03:23 - 2009-09-22 18:01 - 00843354 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-28 03:18 - 2013-07-12 20:39 - 00000000 ____D () C:\windows\system32\MRT
2014-09-28 03:06 - 2010-01-19 08:19 - 98758480 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-27 11:51 - 2012-05-20 06:31 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-09-27 11:51 - 2011-06-21 15:39 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-27 11:36 - 2010-01-18 20:27 - 00000000 ____D () C:\Users\Ed\Documents\VPC
2014-09-27 11:04 - 2010-01-19 17:38 - 00002367 _____ () C:\Users\Ed\Desktop\Google Chrome.lnk
2014-09-27 10:58 - 2010-01-18 17:12 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-27 10:43 - 2014-07-14 10:00 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-15 09:06 - 2010-01-15 17:44 - 00231568 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
 
Some content of TEMP:
====================
C:\Users\Ed\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgt1br4.dll
C:\Users\Ed\AppData\Local\temp\jacob-1.14.3-x86.dll
C:\Users\Ed\AppData\Local\temp\nativeUtils-x86.dll
C:\Users\Suzy\AppData\Local\temp\jacob-1.14.3-x86.dll
C:\Users\Suzy\AppData\Local\temp\nativeUtils-x86.dll
C:\Users\VPC\AppData\Local\temp\jacob-1.14.3-x86.dll
C:\Users\VPC\AppData\Local\temp\nativeUtils-x86.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-27 12:26
 
==================== End Of Log ============================
 
Addition.txt is attached.

Addition.txt

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.

Link to post
Share on other sites

Hello Marius,

 

Thank you for responding.  Before I begin completing your instructions I wanted to let you know  there has been a change in my computer.  I had turned the computer off for several days since I hadn't received any reply on the forum.  I turned it on again yesterday and after a short time I got an alert from Avast saying that it had blocked an attempt to access a harmful web page, similar to the other times.  (I am also running Avast on this system and sometimes Avast would alert me first and sometimes MBAM would.)  However, this time it also recommended shutting down and running a boot scan.  I did this.  I didn't find the log from the boot scan so I don't know if it found anything.  I have left the computer running and have not gotten any more alerts from mbam or avast.  However, the memory and cpu usage of explorer.exe are still high.  I would like to proceed with the process if that is OK with you.  Also, should I keep Avast running or should I disable it for now.

 

Thank you,

Ed

Link to post
Share on other sites

GMER 2.1.19357 - http://www.gmer.net

Rootkit scan 2014-10-07 10:50:15

Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FC4O 298.09GB

Running: nv5nlmuz.exe; Driver: C:\Users\Ed\AppData\Local\Temp\awliikod.sys

---- System - GMER 2.1 ----

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x90B38BA6]

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x90B39684]

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x90B456F8]

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x90B45744]

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x90B458DE]

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x90B45666]

SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x91C2DDF0]

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x90B456AE]

SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x91C2E080]

SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x91C2E16A]

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x90B45898]

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x90B3A472]

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x90B38C0C]

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x90B3DC68]

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x90B387F8]

SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x91C2DED0]

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x90B38C72]

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x90B3E05E]

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x90B3AF5A]

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x90B45722]

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x90B45766]

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x90B45902]

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x90B4568C]

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x90B3D560]

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x90B45816]

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x90B456D6]

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x90B3D94C]

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x90B458BC]

SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x91C2DC6E]

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x90B3ADCE]

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x90B3AADC]

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x90B38CD8]

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x90B38D3E]

SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x91C2DFCC]

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x90B38892]

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x90B38A64]

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x90B389F2]

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x90B3A63C]

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x90B3A79E]

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x90B38AEC]

SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x91C2DD3C]

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x90B3A2CC]

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x90B38DA4]

SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x91C2DBA0]

---- Devices - GMER 2.1 ----

AttachedDevice \FileSystem\Ntfs \Ntfs fsh.sys

AttachedDevice \FileSystem\Ntfs \Ntfs

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS

---- Threads - GMER 2.1 ----

Thread explorer.exe [8236:9240] 00E24D5E

Thread explorer.exe [8236:9976] 00E24D5E

Thread explorer.exe [8236:7860] 00E24D5E

---- EOF - GMER 2.1 ----

TDSSKiller.3.0.0.40_07.10.2014_10.52.57_log.txt

Link to post
Share on other sites

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-10-2014 01

Ran by Ed at 2014-10-15 10:14:29 Run:1

Running from C:\Users\Ed\Desktop

Loaded Profile: Ed (Available profiles: Ed & VPC & Suzy)

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8

AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

SearchScopes: HKCU - {7A438DBA-C210-450B-8BB9-A23B0B16D215} URL = http://websearch.ask...2E-91F52B270778

BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File

EmptyTemp:

*****************

 

C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.

C:\ProgramData\TEMP => ":A8ADE5D8" ADS removed successfully.

C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.

"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7A438DBA-C210-450B-8BB9-A23B0B16D215}" => Key deleted successfully.

"HKCR\CLSID\{7A438DBA-C210-450B-8BB9-A23B0B16D215}" => Key not found.

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.

"HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key not found.

EmptyTemp: => Removed 1.8 GB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog ====

 


Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 10/15/2014

Scan Time: 11:02:58 AM

Logfile: 

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.10.15.06

Rootkit Database: v2014.10.15.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x86

File System: NTFS

User: Ed

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 425114

Time Elapsed: 20 min, 45 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

    [*]Click Start[*]Wait for the scan to finish[*]When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."[*] Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.[*]Close the ESET online scan, and let me know how things are now.

Link to post
Share on other sites

Eset output:

C:\Documents and Settings\Ed\Downloads\avc-free.exe	Win32/OpenCandy potentially unsafe applicationC:\Documents and Settings\Ed\Downloads\CuteWriter.exe	a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationC:\Documents and Settings\Ed\Downloads\winscp425setup.exe	Win32/OpenCandy potentially unsafe applicationC:\Users\Ed\Downloads\avc-free.exe	Win32/OpenCandy potentially unsafe applicationC:\Users\Ed\Downloads\CuteWriter.exe	a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationC:\Users\Ed\Downloads\winscp425setup.exe	Win32/OpenCandy potentially unsafe application

explorer.exe cpu and memory are back to normal.  Nothing else looks unusual at this point.

Link to post
Share on other sites

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.





SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK Mirror (if the link is down)

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread (Note: Do NOT post this one into a code box!

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.3.3 (10.14.2014:1)

OS: Windows 7 Professional x86

Ran by Ed on Mon 10/20/2014 at 11:13:17.84

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\Ed\AppData\Roaming\mozilla\firefox\profiles\tood3qjx.default\minidumps [102 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 10/20/2014 at 11:16:19.65

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v4.000 - Report created 20/10/2014 at 10:37:25

# DB v2014-10-19.11

# Updated 12/10/2014 by Xplode

# Operating System : Windows 7 Professional Service Pack 1 (32 bits)

# Username : Ed - EDS-NEW-LAPTOP

# Running from : C:\Users\Ed\Desktop\adwcleaner_4.000.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\Users\Ed\AppData\LocalLow\HPAppData

Folder Deleted : C:\Users\VPC\AppData\LocalLow\HPAppData

Folder Deleted : C:\ProgramData\Partner

File Deleted : C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\tood3qjx.default\searchplugins\Askcom.xml

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.EasyHideBtn

Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.EasyHideBtn.1

Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.Localizer

Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.Localizer.1

Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighter

Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighter.1

Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighterStatistics

Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighterStatistics.1

Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SkypeIEHelper

Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SkypeIEHelper.1

Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SNameProxy

Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SNameProxy.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{937936AF-28CA-4973-B8AE-F250406149A2}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\YahooPartnerToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

-\\ Mozilla Firefox v29.0.1 (en-US)

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [2948 octets] - [20/10/2014 10:13:37]

AdwCleaner[S0].txt - [2850 octets] - [20/10/2014 10:37:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2910 octets] ##########

Link to post
Share on other sites

And contents of checkup.txt:

 

 Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 JavaFX 2.1.1    
 Java 7 Update 65  
 Java SE Development Kit 7 Update 21 
 Java DB 10.6.2.1   
 Java version out of Date! 
 Adobe Flash Player 15.0.0.152  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox 29.0.1 Firefox out of Date!  
 Mozilla Thunderbird (24.6.0) 
 Google Chrome 37.0.2062.124  
 Google Chrome 38.0.2125.104  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Alwil Software Avast5 AvastSvc.exe  
 Alwil Software Avast5 AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 
 
Thanks,
Ed
Link to post
Share on other sites

Your system is clean now! :)

 

 

Java runtime Environment out of date

Your Java runtime environment is outdated. We will fix this.

  • Get the actual JRE from here
  • Save jxpiinstall.exe to your desktop
  • Close all running programs, especially your browser(s)
  • Run jxpiinstall.exe. This will download the newest JRE installer and install the software
  • when finished, go to
    Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
  • When finished, reboot your computer.


After the reboot

  • Open control panel again and click the java symbol.
  • Click Settings under Temporary Internet Files.
    The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    The Delete Temporary Files dialog box appears
  • Click OK on Delete Temporary Files window.
  • Click OK again.

 

 

 

Adobe Reader out of date

Your Adobe Reader is outdated. We will fix this.


  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

Mozilla Firefox out of date

Your Firefox browser is outdated. Please follow these instructions to update it:

  • Get the actual firefox from here.
  • Run setup and follow the instructions on your monitor.
  • Report any problems you have with the update.

Link to post
Share on other sites

  • 5 weeks later...

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.