Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox continues to frequently "not respond"


  • This topic is locked This topic is locked
15 replies to this topic

#1 lordquas15

lordquas15

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 23 July 2014 - 10:15 AM

This is a continuation of an earlier thread:

 

http://www.bleepingcomputer.com/forums/t/540721/programs-crashing-on-launch-even-after-reinstalling/

 

Firefox and Chrome both frequently "not responding." Though this occurs with general web browsing both programs experience very particular and identical trouble when attempting to attach any file to an email (both gmail and yahoo). When I do this the add a file window appears but remains blank and "not responding" until the program quits and closes giving me an error message. Furthermore internet explorer, skype, and utorrent all crash on launch. Word works ok until I attempt to save anything and then it also quits working and closes.

 

Previously I have run fixexec, rkill, minitoolbox, tdsskiller, adwcleaner, junkware removal tool, and eset in that order. The symptoms described remained unchanged following these efforts.

 

I am now following the "Preparation Guide for Use before Using Malware Removal Tools" and am going to post the dds.txt. After this post I will continue by attempting to attach the attach.txt file per the instructions but am not sure this will be possible given my issues with attaching files in emails...am afraid I will get similar results here.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17207
Run by bbleyer at 9:39:10 on 2014-07-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6051.4307 [GMT -5:00]
.
AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
C:\Users\bbleyer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
C:\windows\splwow64.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://search.yahoo.com/?type=903578&fr=spigot-yhp-ie
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
mDefault_Page_URL = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe
BHO: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: {D1C5F12B-9713-429C-B0D0-2D0ACD9D70F5} - <orphaned>
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
uRun: [Google Update] "C:\Users\bbleyer\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
uRun: [Spotify Web Helper] "C:\Users\bbleyer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{82E75536-A190-4084-A498-8FC8DF075555} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{A3D08F79-86E2-4021-9486-A349B92C382E} : NameServer = 208.67.222.222
TCP: Interfaces\{A3D08F79-86E2-4021-9486-A349B92C382E} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A3D08F79-86E2-4021-9486-A349B92C382E}\255607F6274756271405 : DHCPNameServer = 192.168.1.87
TCP: Interfaces\{A3D08F79-86E2-4021-9486-A349B92C382E}\730313027502655627D6F6E647 : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{A3D08F79-86E2-4021-9486-A349B92C382E}\C41697562713 : DHCPNameServer = 10.59.1.1
TCP: Interfaces\{A3D08F79-86E2-4021-9486-A349B92C382E}\C696E6B6379737 : DHCPNameServer = 66.220.80.5
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 /MAXX3
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\bbleyer\AppData\Roaming\Mozilla\Firefox\Profiles\h7nz3r4a.default-1392692074758\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - duckduckgo.com
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=903578&p=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\bbleyer\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Users\bbleyer\AppData\Roaming\Mozilla\Firefox\Profiles\h7nz3r4a.default-1392692074758\extensions\activegs@freetoolsassociation.com\plugins\npActiveGS.dll
FF - plugin: C:\Users\bbleyer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\bbleyer\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2013-5-20 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2013-5-20 224896]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2011-6-5 482384]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswsnx.sys [2012-3-27 1041168]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswsp.sys [2012-3-27 427360]
R2 aswHwid;avast! HardwareID;C:\windows\System32\drivers\aswHwid.sys [2014-5-6 29208]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2012-3-27 79184]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-7-19 50344]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-2-27 499200]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-11-15 137528]
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2012-9-25 231752]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2013-12-20 65657]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 tmevtmgr;tmevtmgr;C:\windows\System32\drivers\tmevtmgr.sys [2011-8-30 56336]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-12-8 267192]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-5 2656280]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-2-27 885248]
R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\windows\System32\drivers\bpenum.sys [2011-2-17 75264]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\windows\System32\drivers\bpmp.sys [2011-2-17 174080]
R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\windows\System32\drivers\bpusb.sys [2011-2-17 81920]
R3 CeKbFilter;CeKbFilter;C:\windows\System32\drivers\CeKbFilter.sys [2011-6-5 20592]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-6-5 38096]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-5 413800]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-6-5 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-12-20 822704]
R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-12-25 42392]
S2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-8-30 203096]
S2 aswStm;aswStm;C:\windows\System32\drivers\aswstm.sys [2014-1-11 92008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-7-9 111616]
S3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2011-1-31 174168]
S3 massfilter;Mass Storage Filter Driver;C:\windows\System32\drivers\massfilter.sys [2011-8-26 11776]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-4-9 289256]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-8-30 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-07-21 22:57:15    --------    d-----r-    C:\Program Files (x86)\Skype
2014-07-19 16:09:57    43152    ----a-w-    C:\windows\avastSS.scr
2014-07-18 19:03:57    --------    d-----w-    C:\Program Files (x86)\ESET
2014-07-18 17:52:29    536576    ----a-w-    C:\windows\SysWow64\sqlite3.dll
2014-07-18 17:50:02    --------    d-----w-    C:\AdwCleaner
2014-07-17 13:58:37    163504    ----a-w-    C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-07-12 20:39:50    --------    d-----w-    C:\Users\bbleyer\AppData\Local\Skype
2014-07-09 13:09:29    1719296    ----a-w-    C:\Program Files\Windows Journal\NBDoc.DLL
2014-07-09 13:08:59    86528    ----a-w-    C:\windows\System32\TSpkg.dll
2014-07-09 13:08:59    65536    ----a-w-    C:\windows\SysWow64\TSpkg.dll
2014-07-09 13:08:59    314880    ----a-w-    C:\windows\System32\msv1_0.dll
2014-07-09 13:08:59    307200    ----a-w-    C:\windows\System32\ncrypt.dll
2014-07-09 13:08:59    259584    ----a-w-    C:\windows\SysWow64\msv1_0.dll
2014-07-09 13:08:59    220160    ----a-w-    C:\windows\SysWow64\ncrypt.dll
2014-07-09 13:08:59    210944    ----a-w-    C:\windows\System32\wdigest.dll
2014-07-09 13:08:59    172032    ----a-w-    C:\windows\SysWow64\wdigest.dll
2014-07-09 13:08:58    22016    ----a-w-    C:\windows\System32\credssp.dll
2014-07-09 13:08:58    17408    ----a-w-    C:\windows\SysWow64\credssp.dll
2014-07-09 13:04:24    1460736    ----a-w-    C:\windows\System32\lsasrv.dll
2014-07-09 13:04:22    96768    ----a-w-    C:\windows\SysWow64\sspicli.dll
2014-07-09 13:04:22    22016    ----a-w-    C:\windows\SysWow64\secur32.dll
2014-07-08 23:51:44    11204096    ----a-w-    C:\windows\SysWow64\FlashPlayerInstaller.exe
2014-07-01 19:40:18    --------    d-----w-    C:\Users\bbleyer\AppData\Local\Thunderbird
.
==================== Find3M  ====================
.
2014-07-19 16:10:00    92008    ----a-w-    C:\windows\System32\drivers\aswstm.sys
2014-07-19 16:10:00    79184    ----a-w-    C:\windows\System32\drivers\aswMonFlt.sys
2014-07-19 16:10:00    65776    ----a-w-    C:\windows\System32\drivers\aswRvrt.sys
2014-07-19 16:10:00    29208    ----a-w-    C:\windows\System32\drivers\aswHwid.sys
2014-07-19 16:10:00    224896    ----a-w-    C:\windows\System32\drivers\aswVmm.sys
2014-07-19 16:10:00    1041168    ----a-w-    C:\windows\System32\drivers\aswsnx.sys
2014-07-19 16:09:58    93568    ----a-w-    C:\windows\System32\drivers\aswRdr2.sys
2014-07-11 03:22:26    71344    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-11 03:22:26    699056    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2014-06-30 02:09:33    519168    ----a-w-    C:\windows\System32\aepdu.dll
2014-06-30 02:04:49    424448    ----a-w-    C:\windows\System32\aeinv.dll
2014-06-19 01:06:55    2724864    ----a-w-    C:\windows\System32\mshtml.tlb
2014-06-19 01:06:24    4096    ----a-w-    C:\windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57    548352    ----a-w-    C:\windows\System32\vbscript.dll
2014-06-19 00:42:49    66048    ----a-w-    C:\windows\System32\iesetup.dll
2014-06-19 00:41:52    48640    ----a-w-    C:\windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16    83968    ----a-w-    C:\windows\System32\MshtmlDac.dll
2014-06-19 00:24:30    139264    ----a-w-    C:\windows\System32\ieUnatt.exe
2014-06-19 00:24:12    111616    ----a-w-    C:\windows\System32\ieetwcollector.exe
2014-06-19 00:23:53    752640    ----a-w-    C:\windows\System32\jscript9diag.dll
2014-06-19 00:14:28    940032    ----a-w-    C:\windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04    38400    ----a-w-    C:\windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37    2724864    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38    5721088    ----a-w-    C:\windows\System32\jscript9.dll
2014-06-18 23:38:40    455168    ----a-w-    C:\windows\SysWow64\vbscript.dll
2014-06-18 23:37:23    61952    ----a-w-    C:\windows\SysWow64\iesetup.dll
2014-06-18 23:36:35    51200    ----a-w-    C:\windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55    62464    ----a-w-    C:\windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45    1249280    ----a-w-    C:\windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07    2040832    ----a-w-    C:\windows\System32\inetcpl.cpl
2014-06-18 23:23:27    112128    ----a-w-    C:\windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40    592896    ----a-w-    C:\windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10    32256    ----a-w-    C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27    2266112    ----a-w-    C:\windows\System32\wininet.dll
2014-06-18 22:52:18    4254720    ----a-w-    C:\windows\SysWow64\jscript9.dll
2014-06-18 22:46:23    1068032    ----a-w-    C:\windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59    1964544    ----a-w-    C:\windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59    1791488    ----a-w-    C:\windows\SysWow64\wininet.dll
2014-06-18 02:18:30    692736    ----a-w-    C:\windows\System32\osk.exe
2014-06-18 01:51:32    646144    ----a-w-    C:\windows\SysWow64\osk.exe
2014-06-18 01:10:36    3157504    ----a-w-    C:\windows\System32\win32k.sys
2014-06-06 10:10:34    624128    ----a-w-    C:\windows\System32\qedit.dll
2014-06-06 09:44:17    509440    ----a-w-    C:\windows\SysWow64\qedit.dll
2014-05-30 08:08:47    340992    ----a-w-    C:\windows\System32\schannel.dll
2014-05-30 08:08:36    728064    ----a-w-    C:\windows\System32\kerberos.dll
2014-05-30 07:52:45    247808    ----a-w-    C:\windows\SysWow64\schannel.dll
2014-05-30 07:52:36    550912    ----a-w-    C:\windows\SysWow64\kerberos.dll
2014-05-30 06:45:52    497152    ----a-w-    C:\windows\System32\drivers\afd.sys
2014-04-25 02:34:59    801280    ----a-w-    C:\windows\System32\usp10.dll
2014-04-25 02:06:17    626688    ----a-w-    C:\windows\SysWow64\usp10.dll
.
============= FINISH:  9:39:53.12 ===============
 



BC AdBot (Login to Remove)

 


#2 lordquas15

lordquas15
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 23 July 2014 - 10:30 AM

As feared firefox crashes when I attempt to attach the file. This is a little different than what happens when attempting to attach in emails. In emails firefox stops responding as soon as the add file window appears. Here I am able to browse and select the file and it is only after clicking "attach this file" that the firefox crashes. Since I can't attach the attach.txt should I copy and paste it into the message?



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:01 PM

Posted 28 July 2014 - 08:21 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#4 lordquas15

lordquas15
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 30 July 2014 - 08:56 AM

Thanks for your assistance.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/29/2014
Scan Time: 11:19:28 PM
Logfile: malware log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.30.02
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: bbleyer

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 371115
Time Elapsed: 22 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 1
PUP.Optional.Spigot.A, HKU\S-1-5-21-3481022763-886660274-1862456898-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://search.yahoo.com/?type=903578&fr=spigot-yhp-ie, Good: (www.google.com), Bad: (https://search.yahoo.com/?type=903578&fr=spigot-yhp-ie),Replaced,[a4fdd4cc2d4e0333ac79b9f5bc4803fd]

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.Spigot.A, C:\Users\bbleyer\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "https://search.yahoo.com/?type=903578&fr=spigot-yhp-ch" ],), Replaced,[2c756b35fc7fce68f9310ade4fb5b947]
PUP.Optional.Spigot.A, C:\Users\bbleyer\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "https://search.yahoo.com/?type=903578&fr=spigot-yhp-ch",), Replaced,[1f825c445c1ffc3a5bd0f6f2d034ef11]

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

# AdwCleaner v3.301 - Report created 30/07/2014 at 08:35:55
# Updated 28/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : bbleyer - BBLEYER-PC
# Running from : C:\Users\bbleyer\Downloads\adwcleaner_3.301.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\bbleyer\AppData\Roaming\Mozilla\Firefox\Profiles\h7nz3r4a.default-1392692074758\prefs.js ]


[ File : C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\zjqw8kit.default\prefs.js ]


-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\bbleyer\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2935 octets] - [18/07/2014 12:51:38]
AdwCleaner[R1].txt - [1335 octets] - [30/07/2014 08:34:06]
AdwCleaner[S0].txt - [2997 octets] - [18/07/2014 13:05:55]
AdwCleaner[S1].txt - [1260 octets] - [30/07/2014 08:35:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1320 octets] ##########
 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by bbleyer (administrator) on BBLEYER-PC on 30-07-2014 08:43:32
Running from C:\Users\bbleyer\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Spotify Ltd) C:\Users\bbleyer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
(TOSHIBA) C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\widimon\widimon.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1519016 2011-01-28] (TOSHIBA Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel® Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1617920 2011-03-02] (Intel® Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [191784 2010-03-19] (Trend Micro Inc.)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-19] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3481022763-886660274-1862456898-1000\...\Run: [Google Update] => C:\Users\bbleyer\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-13] (Google Inc.)
HKU\S-1-5-21-3481022763-886660274-1862456898-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1041736 2012-10-16] ()
HKU\S-1-5-21-3481022763-886660274-1862456898-1000\...\Run: [Spotify Web Helper] => C:\Users\bbleyer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-07-02] (Spotify Ltd)
HKU\S-1-5-21-3481022763-886660274-1862456898-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3481022763-886660274-1862456898-1000\...\MountPoints2: {389c1dd8-d016-11e0-8809-4025c240ccd0} - E:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-3481022763-886660274-1862456898-1000\...\MountPoints2: {9a82fc58-6992-11e3-a792-b870f463147d} - E:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-3481022763-886660274-1862456898-1000\...\MountPoints2: {9a82fc75-6992-11e3-a792-b870f463147d} - E:\MotorolaDeviceManagerSetup.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
SearchScopes: HKLM - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKCU - {B8A81E3B-06B1-4366-AEE3-90055607064B} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKCU - {D8BBE4AB-1B03-495E-B5A2-E6E077E54376} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKCU - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: No Name -> {D1C5F12B-9713-429C-B0D0-2D0ACD9D70F5} ->  No File
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A3D08F79-86E2-4021-9486-A349B92C382E}: [NameServer]208.67.222.222

FireFox:
========
FF ProfilePath: C:\Users\bbleyer\AppData\Roaming\Mozilla\Firefox\Profiles\h7nz3r4a.default-1392692074758
FF DefaultSearchEngine: Yahoo!
FF SearchEngineOrder.1: Microsoft (Bing)
FF SelectedSearchEngine: Yahoo!
FF Homepage: duckduckgo.com
FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=903578&p=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\bbleyer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\bbleyer\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\bbleyer\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\bbleyer\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\bbleyer\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\bbleyer\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\bbleyer\AppData\Roaming\Mozilla\Firefox\Profiles\h7nz3r4a.default-1392692074758\searchplugins\bing-avast.xml
FF SearchPlugin: C:\Users\bbleyer\AppData\Roaming\Mozilla\Firefox\Profiles\h7nz3r4a.default-1392692074758\searchplugins\yahoo_ff.xml
FF Extension: ActiveGS - C:\Users\bbleyer\AppData\Roaming\Mozilla\Firefox\Profiles\h7nz3r4a.default-1392692074758\Extensions\activegs@freetoolsassociation.com [2014-05-13]
FF Extension: Adblock Plus - C:\Users\bbleyer\AppData\Roaming\Mozilla\Firefox\Profiles\h7nz3r4a.default-1392692074758\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-18]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-27]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\bbleyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\bbleyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-21]
CHR Extension: (avast! Online Security) - C:\Users\bbleyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-21]
CHR Extension: (Google Wallet) - C:\Users\bbleyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-19] (AVAST Software)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [499200 2011-02-27] (Red Bend Ltd.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [231752 2012-09-25] (NETGEAR)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 Thpsrv; C:\windows\system32\ThpSrv.exe [526848 2010-12-24] (TOSHIBA Corporation) [File not signed]
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [885248 2011-02-27] (Intel® Corporation) [File not signed]
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=nb [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-19] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-19] ()
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-29] (Malwarebytes Corporation)
R2 NPF; C:\windows\system32\drivers\npf.sys [35344 2013-04-26] (CACE Technologies, Inc.)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [66576 2010-02-07] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [135696 2010-02-07] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\SysWOW64\DRIVERS\tmcomm.sys [256904 2012-06-05] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [56336 2010-02-07] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [100368 2009-11-23] (Trend Micro Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-30 08:43 - 2014-07-30 08:44 - 00022945 _____ () C:\Users\bbleyer\Downloads\FRST.txt
2014-07-30 08:43 - 2014-07-30 08:43 - 00000000 ____D () C:\FRST
2014-07-30 08:40 - 2014-07-30 08:42 - 02093568 _____ (Farbar) C:\Users\bbleyer\Downloads\FRST64.exe
2014-07-30 08:32 - 2014-07-30 08:33 - 01365551 _____ () C:\Users\bbleyer\Downloads\adwcleaner_3.301.exe
2014-07-29 23:14 - 2014-07-29 23:19 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-29 23:14 - 2014-07-29 23:14 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-29 23:14 - 2014-07-29 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-29 23:14 - 2014-07-29 23:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-29 23:14 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-29 23:14 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-07-29 23:14 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-07-29 22:56 - 2014-07-29 22:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\bbleyer\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-23 09:40 - 2014-07-23 09:40 - 00005662 _____ () C:\Users\bbleyer\Desktop\attach.txt
2014-07-23 09:40 - 2014-07-23 09:39 - 00024436 _____ () C:\Users\bbleyer\Desktop\dds.txt
2014-07-23 09:28 - 2014-07-23 09:28 - 00688992 ____R (Swearware) C:\Users\bbleyer\Downloads\dds(1).com
2014-07-23 09:26 - 2014-07-23 09:26 - 00688992 _____ (Swearware) C:\Users\bbleyer\Downloads\dds.com
2014-07-21 21:43 - 2014-07-21 21:43 - 01057672 _____ (Adobe) C:\Users\bbleyer\Downloads\install_reader11_en_mssd_aaa_aih(1).exe
2014-07-21 17:57 - 2014-07-21 17:57 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-21 17:57 - 2014-07-21 17:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-21 17:57 - 2014-07-21 17:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-21 17:46 - 2014-07-21 17:56 - 35594848 _____ (Skype Technologies S.A.) C:\Users\bbleyer\Downloads\SkypeSetupFull.exe
2014-07-21 17:21 - 2014-07-21 17:21 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-21 17:21 - 2014-07-21 17:21 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-21 17:13 - 2014-07-21 17:13 - 00284224 _____ (Mozilla) C:\Users\bbleyer\Downloads\Firefox Setup Stub 30.0 (1).exe
2014-07-21 17:12 - 2014-07-21 17:12 - 00284224 _____ (Mozilla) C:\Users\bbleyer\Downloads\Firefox Setup Stub 30.0.exe
2014-07-21 08:15 - 2014-07-21 08:15 - 00001130 _____ () C:\Users\bbleyer\Desktop\Continue Firefox Installation.lnk
2014-07-21 08:14 - 2014-07-21 08:14 - 00809320 _____ ( ) C:\Users\bbleyer\Downloads\FirefoxSetup.exe
2014-07-20 23:12 - 2014-07-20 23:12 - 00448512 _____ (OldTimer Tools) C:\Users\bbleyer\Downloads\TFC(1).exe
2014-07-20 23:08 - 2014-07-20 23:08 - 01057672 _____ (Adobe) C:\Users\bbleyer\Downloads\install_reader11_en_mssd_aaa_aih.exe
2014-07-19 11:09 - 2014-07-19 11:09 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-07-19 10:39 - 2014-07-19 10:39 - 00000788 _____ () C:\Users\bbleyer\Downloads\etsetscan.txt
2014-07-18 14:03 - 2014-07-18 14:03 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-18 14:01 - 2014-07-18 14:03 - 02347384 _____ (ESET) C:\Users\bbleyer\Downloads\esetsmartinstaller_enu(1).exe
2014-07-18 13:38 - 2014-07-18 13:38 - 00001949 _____ () C:\Users\bbleyer\Desktop\JRT.txt
2014-07-18 13:22 - 2014-07-18 13:22 - 01016261 _____ (Thisisu) C:\Users\bbleyer\Downloads\JRT(1).exe
2014-07-18 12:52 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-07-18 12:50 - 2014-07-30 08:35 - 00000000 ____D () C:\AdwCleaner
2014-07-18 12:49 - 2014-07-18 12:49 - 01354223 _____ () C:\Users\bbleyer\Downloads\AdwCleaner(1).exe
2014-07-18 12:45 - 2014-07-18 12:45 - 04161313 _____ () C:\Users\bbleyer\Downloads\tdsskiller.zip
2014-07-18 12:40 - 2014-07-18 12:41 - 00028646 _____ () C:\Users\bbleyer\Desktop\Result.txt
2014-07-18 12:35 - 2014-07-18 12:35 - 00401920 _____ (Farbar) C:\Users\bbleyer\Downloads\MiniToolBox(1).exe
2014-07-18 12:33 - 2014-07-18 12:34 - 00002360 _____ () C:\Users\bbleyer\Desktop\Rkill.txt
2014-07-18 12:33 - 2014-07-18 12:33 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\bbleyer\Downloads\rkill.exe
2014-07-18 12:29 - 2014-07-18 12:29 - 01062136 _____ (Bleeping Computer, LLC) C:\Users\bbleyer\Downloads\rkill64.com
2014-07-17 23:03 - 2014-07-17 23:04 - 00001610 _____ () C:\Users\bbleyer\Desktop\FixExec.txt
2014-07-17 23:02 - 2014-07-17 23:02 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\bbleyer\Downloads\FixExec.exe
2014-07-12 15:39 - 2014-07-12 15:39 - 00000000 ____D () C:\Users\bbleyer\AppData\Local\Skype
2014-07-12 15:34 - 2014-07-12 15:34 - 01677928 _____ (Skype Technologies S.A.) C:\Users\bbleyer\Downloads\SkypeSetup(2).exe
2014-07-09 08:11 - 2014-06-20 15:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-09 08:11 - 2014-06-18 20:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-09 08:11 - 2014-06-18 19:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-09 08:11 - 2014-06-18 19:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-09 08:11 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-09 08:11 - 2014-06-18 18:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 08:11 - 2014-06-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-09 08:11 - 2014-06-18 18:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-09 08:11 - 2014-06-18 18:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-09 08:11 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-09 08:11 - 2014-06-18 18:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-09 08:11 - 2014-06-18 18:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-09 08:11 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-09 08:11 - 2014-06-18 18:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 08:11 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-09 08:11 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-09 08:11 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-09 08:11 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-09 08:11 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-09 08:10 - 2014-06-20 14:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-09 08:10 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-09 08:10 - 2014-06-18 20:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-09 08:10 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-09 08:10 - 2014-06-18 19:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-09 08:10 - 2014-06-18 19:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-09 08:10 - 2014-06-18 19:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-09 08:10 - 2014-06-18 19:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-09 08:10 - 2014-06-18 19:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-09 08:10 - 2014-06-18 19:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-09 08:10 - 2014-06-18 19:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-09 08:10 - 2014-06-18 19:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-09 08:10 - 2014-06-18 19:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-09 08:10 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-09 08:10 - 2014-06-18 18:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-09 08:10 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-09 08:10 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-09 08:10 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-09 08:10 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-09 08:10 - 2014-06-18 18:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-09 08:10 - 2014-06-18 18:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-09 08:10 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-09 08:10 - 2014-06-18 18:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-09 08:10 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-09 08:10 - 2014-06-18 18:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-09 08:10 - 2014-06-18 18:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-09 08:10 - 2014-06-18 18:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-09 08:10 - 2014-06-18 18:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-09 08:10 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-09 08:10 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-09 08:10 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-09 08:10 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-09 08:10 - 2014-06-18 17:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-09 08:10 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-09 08:10 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-09 08:10 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-09 08:10 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-09 08:09 - 2014-06-29 21:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-09 08:09 - 2014-06-29 21:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-09 08:09 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-09 08:09 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-09 08:09 - 2014-06-17 20:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-09 08:09 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-09 08:09 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-09 08:09 - 2014-05-30 03:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-09 08:09 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-09 08:09 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-07-09 08:09 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-07-09 08:09 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-09 08:08 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-09 08:08 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-09 08:08 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-09 08:08 - 2014-05-30 03:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-09 08:08 - 2014-05-30 03:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-09 08:08 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-07-09 08:08 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-07-09 08:08 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-07-09 08:08 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-07-09 08:08 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-07-09 08:04 - 2014-06-05 09:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-09 08:04 - 2014-06-05 09:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-07-09 08:04 - 2014-06-05 09:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-07-08 18:51 - 2014-07-10 22:21 - 11204096 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-03 11:04 - 2014-07-03 11:04 - 01850192 _____ (BitTorrent Inc.) C:\Users\bbleyer\Downloads\uTorrent(2).exe
2014-07-01 14:40 - 2014-07-01 14:40 - 00002109 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-07-01 14:40 - 2014-07-01 14:40 - 00002097 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-07-01 14:40 - 2014-07-01 14:40 - 00000000 ____D () C:\Users\bbleyer\AppData\Roaming\Thunderbird
2014-07-01 14:40 - 2014-07-01 14:40 - 00000000 ____D () C:\Users\bbleyer\AppData\Local\Thunderbird
2014-07-01 14:40 - 2014-07-01 14:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-01 14:36 - 2014-07-01 14:39 - 22157992 _____ (Mozilla) C:\Users\bbleyer\Downloads\Thunderbird Setup 24.6.0.exe
2014-07-01 14:21 - 2014-07-20 09:05 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-01 14:21 - 2014-07-01 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-01 14:14 - 2014-07-01 14:14 - 00895120 _____ (Google Inc.) C:\Users\bbleyer\Downloads\ChromeSetup.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-30 08:44 - 2014-07-30 08:43 - 00022945 _____ () C:\Users\bbleyer\Downloads\FRST.txt
2014-07-30 08:43 - 2014-07-30 08:43 - 00000000 ____D () C:\FRST
2014-07-30 08:42 - 2014-07-30 08:40 - 02093568 _____ (Farbar) C:\Users\bbleyer\Downloads\FRST64.exe
2014-07-30 08:42 - 2009-07-14 00:13 - 00798284 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-30 08:41 - 2011-06-05 16:41 - 01223930 _____ () C:\windows\WindowsUpdate.log
2014-07-30 08:38 - 2013-04-26 11:08 - 00000000 ____D () C:\Users\bbleyer\AppData\Local\NETGEARGenie
2014-07-30 08:38 - 2011-08-30 10:26 - 00000000 ____D () C:\temp
2014-07-30 08:38 - 2011-06-05 16:58 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-30 08:37 - 2013-04-03 13:30 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-30 08:37 - 2013-04-03 13:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-30 08:37 - 2010-11-20 22:47 - 00515112 _____ () C:\windows\PFRO.log
2014-07-30 08:37 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-30 08:37 - 2009-07-13 23:51 - 00070166 _____ () C:\windows\setupact.log
2014-07-30 08:35 - 2014-07-18 12:50 - 00000000 ____D () C:\AdwCleaner
2014-07-30 08:33 - 2014-07-30 08:32 - 01365551 _____ () C:\Users\bbleyer\Downloads\adwcleaner_3.301.exe
2014-07-30 08:29 - 2012-04-20 21:50 - 00000000 ____D () C:\Users\bbleyer\AppData\Local\CrashDumps
2014-07-30 08:22 - 2012-05-13 20:36 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3481022763-886660274-1862456898-1000UA.job
2014-07-30 08:22 - 2012-03-28 00:05 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-30 08:22 - 2011-06-05 16:58 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-30 00:02 - 2012-05-13 20:36 - 00000864 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3481022763-886660274-1862456898-1000Core.job
2014-07-29 23:19 - 2014-07-29 23:14 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-29 23:14 - 2014-07-29 23:14 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-29 23:14 - 2014-07-29 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-29 23:14 - 2014-07-29 23:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-29 23:14 - 2012-11-05 21:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-29 22:59 - 2014-07-29 22:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\bbleyer\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-28 11:48 - 2013-04-03 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-26 04:38 - 2012-11-01 21:57 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-07-24 09:45 - 2009-07-13 23:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-24 09:45 - 2009-07-13 23:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-24 09:35 - 2014-06-21 23:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-24 09:35 - 2012-11-02 15:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-23 09:40 - 2014-07-23 09:40 - 00005662 _____ () C:\Users\bbleyer\Desktop\attach.txt
2014-07-23 09:39 - 2014-07-23 09:40 - 00024436 _____ () C:\Users\bbleyer\Desktop\dds.txt
2014-07-23 09:28 - 2014-07-23 09:28 - 00688992 ____R (Swearware) C:\Users\bbleyer\Downloads\dds(1).com
2014-07-23 09:26 - 2014-07-23 09:26 - 00688992 _____ (Swearware) C:\Users\bbleyer\Downloads\dds.com
2014-07-21 21:43 - 2014-07-21 21:43 - 01057672 _____ (Adobe) C:\Users\bbleyer\Downloads\install_reader11_en_mssd_aaa_aih(1).exe
2014-07-21 17:58 - 2012-09-02 11:57 - 00000000 ____D () C:\Users\bbleyer\AppData\Roaming\Skype
2014-07-21 17:57 - 2014-07-21 17:57 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-21 17:57 - 2014-07-21 17:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-21 17:57 - 2014-07-21 17:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-21 17:57 - 2012-09-02 11:57 - 00000000 ____D () C:\ProgramData\Skype
2014-07-21 17:56 - 2014-07-21 17:46 - 35594848 _____ (Skype Technologies S.A.) C:\Users\bbleyer\Downloads\SkypeSetupFull.exe
2014-07-21 17:21 - 2014-07-21 17:21 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-21 17:21 - 2014-07-21 17:21 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-21 17:13 - 2014-07-21 17:13 - 00284224 _____ (Mozilla) C:\Users\bbleyer\Downloads\Firefox Setup Stub 30.0 (1).exe
2014-07-21 17:12 - 2014-07-21 17:12 - 00284224 _____ (Mozilla) C:\Users\bbleyer\Downloads\Firefox Setup Stub 30.0.exe
2014-07-21 08:15 - 2014-07-21 08:15 - 00001130 _____ () C:\Users\bbleyer\Desktop\Continue Firefox Installation.lnk
2014-07-21 08:14 - 2014-07-21 08:14 - 00809320 _____ ( ) C:\Users\bbleyer\Downloads\FirefoxSetup.exe
2014-07-20 23:12 - 2014-07-20 23:12 - 00448512 _____ (OldTimer Tools) C:\Users\bbleyer\Downloads\TFC(1).exe
2014-07-20 23:08 - 2014-07-20 23:08 - 01057672 _____ (Adobe) C:\Users\bbleyer\Downloads\install_reader11_en_mssd_aaa_aih.exe
2014-07-20 09:05 - 2014-07-01 14:21 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-19 11:10 - 2014-05-06 22:00 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-07-19 11:10 - 2014-01-11 21:24 - 00092008 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2014-07-19 11:10 - 2013-05-20 23:39 - 00224896 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-07-19 11:10 - 2013-05-20 23:39 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-07-19 11:10 - 2012-03-27 01:12 - 01041168 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-07-19 11:10 - 2012-03-27 01:12 - 00427360 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-07-19 11:10 - 2012-03-27 01:12 - 00307344 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-07-19 11:10 - 2012-03-27 01:12 - 00079184 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-07-19 11:10 - 2012-03-27 01:12 - 00001977 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-19 11:09 - 2014-07-19 11:09 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-07-19 11:09 - 2012-03-27 01:12 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-07-19 10:39 - 2014-07-19 10:39 - 00000788 _____ () C:\Users\bbleyer\Downloads\etsetscan.txt
2014-07-18 14:03 - 2014-07-18 14:03 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-18 14:03 - 2014-07-18 14:01 - 02347384 _____ (ESET) C:\Users\bbleyer\Downloads\esetsmartinstaller_enu(1).exe
2014-07-18 13:38 - 2014-07-18 13:38 - 00001949 _____ () C:\Users\bbleyer\Desktop\JRT.txt
2014-07-18 13:22 - 2014-07-18 13:22 - 01016261 _____ (Thisisu) C:\Users\bbleyer\Downloads\JRT(1).exe
2014-07-18 12:49 - 2014-07-18 12:49 - 01354223 _____ () C:\Users\bbleyer\Downloads\AdwCleaner(1).exe
2014-07-18 12:45 - 2014-07-18 12:45 - 04161313 _____ () C:\Users\bbleyer\Downloads\tdsskiller.zip
2014-07-18 12:41 - 2014-07-18 12:40 - 00028646 _____ () C:\Users\bbleyer\Desktop\Result.txt
2014-07-18 12:38 - 2012-11-04 01:07 - 00037088 _____ () C:\Users\bbleyer\Downloads\Result.txt
2014-07-18 12:35 - 2014-07-18 12:35 - 00401920 _____ (Farbar) C:\Users\bbleyer\Downloads\MiniToolBox(1).exe
2014-07-18 12:34 - 2014-07-18 12:33 - 00002360 _____ () C:\Users\bbleyer\Desktop\Rkill.txt
2014-07-18 12:33 - 2014-07-18 12:33 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\bbleyer\Downloads\rkill.exe
2014-07-18 12:29 - 2014-07-18 12:29 - 01062136 _____ (Bleeping Computer, LLC) C:\Users\bbleyer\Downloads\rkill64.com
2014-07-17 23:04 - 2014-07-17 23:03 - 00001610 _____ () C:\Users\bbleyer\Desktop\FixExec.txt
2014-07-17 23:02 - 2014-07-17 23:02 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\bbleyer\Downloads\FixExec.exe
2014-07-17 22:23 - 2012-06-19 17:01 - 00000000 ____D () C:\Users\bbleyer\AppData\Roaming\Spotify
2014-07-15 19:32 - 2012-06-19 17:05 - 00000000 ____D () C:\Users\bbleyer\AppData\Local\Spotify
2014-07-12 19:35 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-07-12 15:39 - 2014-07-12 15:39 - 00000000 ____D () C:\Users\bbleyer\AppData\Local\Skype
2014-07-12 15:34 - 2014-07-12 15:34 - 01677928 _____ (Skype Technologies S.A.) C:\Users\bbleyer\Downloads\SkypeSetup(2).exe
2014-07-11 08:47 - 2009-07-13 23:45 - 00275712 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-11 08:44 - 2014-05-07 17:00 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-11 08:44 - 2010-11-21 02:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 08:44 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-07-11 08:44 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\Dism
2014-07-11 08:43 - 2011-08-30 10:57 - 00000000 ____D () C:\Users\bbleyer\AppData\Roaming\SoftGrid Client
2014-07-10 22:28 - 2013-08-03 10:38 - 00000000 ____D () C:\windows\system32\MRT
2014-07-10 22:25 - 2011-08-30 11:06 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-10 22:22 - 2012-03-28 00:05 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-10 22:22 - 2012-03-28 00:05 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-10 22:22 - 2012-03-28 00:05 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-07-10 22:21 - 2014-07-08 18:51 - 11204096 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-03 11:04 - 2014-07-03 11:04 - 01850192 _____ (BitTorrent Inc.) C:\Users\bbleyer\Downloads\uTorrent(2).exe
2014-07-01 14:40 - 2014-07-01 14:40 - 00002109 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-07-01 14:40 - 2014-07-01 14:40 - 00002097 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-07-01 14:40 - 2014-07-01 14:40 - 00000000 ____D () C:\Users\bbleyer\AppData\Roaming\Thunderbird
2014-07-01 14:40 - 2014-07-01 14:40 - 00000000 ____D () C:\Users\bbleyer\AppData\Local\Thunderbird
2014-07-01 14:40 - 2014-07-01 14:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-01 14:39 - 2014-07-01 14:36 - 22157992 _____ (Mozilla) C:\Users\bbleyer\Downloads\Thunderbird Setup 24.6.0.exe
2014-07-01 14:21 - 2014-07-01 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-01 14:21 - 2011-06-05 16:57 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-01 14:14 - 2014-07-01 14:14 - 00895120 _____ (Google Inc.) C:\Users\bbleyer\Downloads\ChromeSetup.exe

Some content of TEMP:
====================
C:\Users\bbleyer\AppData\Local\Temp\ICReinstall_FirefoxSetup.exe
C:\Users\bbleyer\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-29 23:59

==================== End Of Log ============================



#5 lordquas15

lordquas15
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 30 July 2014 - 09:36 AM

I am unable to attach the addition.txt file as firefox crashes whenever I try to upload the file. I also tried to open spotify and it crashed thus the same problems seem to persist.

 

**edit** I meant to say "skype" not spotify.


Edited by lordquas15, 30 July 2014 - 12:06 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:01 PM

Posted 30 July 2014 - 12:57 PM

# AdwCleaner v3.301 - Report created 30/07/2014 at 08:35:55
# Updated 28/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : bbleyer - BBLEYER-PC
# Running from : C:\Users\bbleyer\Downloads\adwcleaner_3.301.exe


You are running an old version of the AdwCleaner tool.
It's also located in the Download folder.
==

Remove that version.

Get the latest version from this site: http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

Place the file on your Desktop.
Run the application normally and remove all the items found.


Post a fresh FRST log for my review.
===

Have you tried to remove Skype and re-install the application?

Edited by nasdaq, 30 July 2014 - 12:58 PM.


#7 lordquas15

lordquas15
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 30 July 2014 - 01:49 PM

Ok, I re-downloaded adwcleaner from the link you listed. As far as I can tell it's the exact same version I ran earlier. You only mention wanting the FRST log but I am going to post the latest adw log in case you need that also. I have uninstalled and re-installed skype, firefox, chrome, and utorrent all multiple times with no changes in their behaviors.

 

# AdwCleaner v3.301 - Report created 30/07/2014 at 13:27:05
# Updated 28/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : bbleyer - BBLEYER-PC
# Running from : C:\Users\bbleyer\Desktop\adwcleaner_3.301.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\bbleyer\AppData\Roaming\Mozilla\Firefox\Profiles\h7nz3r4a.default-1392692074758\prefs.js ]


[ File : C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\zjqw8kit.default\prefs.js ]


-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\bbleyer\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2935 octets] - [18/07/2014 12:51:38]
AdwCleaner[R1].txt - [1335 octets] - [30/07/2014 08:34:06]
AdwCleaner[R2].txt - [1311 octets] - [30/07/2014 13:24:27]
AdwCleaner[S0].txt - [2997 octets] - [18/07/2014 13:05:55]
AdwCleaner[S1].txt - [1400 octets] - [30/07/2014 08:35:55]
AdwCleaner[S2].txt - [1232 octets] - [30/07/2014 13:27:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1292 octets] ##########
 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by bbleyer (administrator) on BBLEYER-PC on 30-07-2014 13:38:34
Running from C:\Users\bbleyer\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Spotify Ltd) C:\Users\bbleyer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
(TOSHIBA) C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\widimon\widimon.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1519016 2011-01-28] (TOSHIBA Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel® Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1617920 2011-03-02] (Intel® Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [191784 2010-03-19] (Trend Micro Inc.)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-19] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3481022763-886660274-1862456898-1000\...\Run: [Google Update] => C:\Users\bbleyer\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-13] (Google Inc.)
HKU\S-1-5-21-3481022763-886660274-1862456898-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1041736 2012-10-16] ()
HKU\S-1-5-21-3481022763-886660274-1862456898-1000\...\Run: [Spotify Web Helper] => C:\Users\bbleyer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-07-02] (Spotify Ltd)
HKU\S-1-5-21-3481022763-886660274-1862456898-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3481022763-886660274-1862456898-1000\...\MountPoints2: {389c1dd8-d016-11e0-8809-4025c240ccd0} - E:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-3481022763-886660274-1862456898-1000\...\MountPoints2: {9a82fc58-6992-11e3-a792-b870f463147d} - E:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-3481022763-886660274-1862456898-1000\...\MountPoints2: {9a82fc75-6992-11e3-a792-b870f463147d} - E:\MotorolaDeviceManagerSetup.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
SearchScopes: HKLM - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKCU - {B8A81E3B-06B1-4366-AEE3-90055607064B} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKCU - {D8BBE4AB-1B03-495E-B5A2-E6E077E54376} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKCU - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: No Name -> {D1C5F12B-9713-429C-B0D0-2D0ACD9D70F5} ->  No File
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A3D08F79-86E2-4021-9486-A349B92C382E}: [NameServer]208.67.222.222

FireFox:
========
FF ProfilePath: C:\Users\bbleyer\AppData\Roaming\Mozilla\Firefox\Profiles\h7nz3r4a.default-1392692074758
FF DefaultSearchEngine: Yahoo!
FF SearchEngineOrder.1: Microsoft (Bing)
FF SelectedSearchEngine: Yahoo!
FF Homepage: duckduckgo.com
FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=903578&p=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\bbleyer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\bbleyer\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\bbleyer\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\bbleyer\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\bbleyer\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\bbleyer\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\bbleyer\AppData\Roaming\Mozilla\Firefox\Profiles\h7nz3r4a.default-1392692074758\searchplugins\bing-avast.xml
FF SearchPlugin: C:\Users\bbleyer\AppData\Roaming\Mozilla\Firefox\Profiles\h7nz3r4a.default-1392692074758\searchplugins\yahoo_ff.xml
FF Extension: ActiveGS - C:\Users\bbleyer\AppData\Roaming\Mozilla\Firefox\Profiles\h7nz3r4a.default-1392692074758\Extensions\activegs@freetoolsassociation.com [2014-05-13]
FF Extension: Adblock Plus - C:\Users\bbleyer\AppData\Roaming\Mozilla\Firefox\Profiles\h7nz3r4a.default-1392692074758\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-18]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-27]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\bbleyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\bbleyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-21]
CHR Extension: (avast! Online Security) - C:\Users\bbleyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-21]
CHR Extension: (Google Wallet) - C:\Users\bbleyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-19] (AVAST Software)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [499200 2011-02-27] (Red Bend Ltd.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [231752 2012-09-25] (NETGEAR)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 Thpsrv; C:\windows\system32\ThpSrv.exe [526848 2010-12-24] (TOSHIBA Corporation) [File not signed]
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [885248 2011-02-27] (Intel® Corporation) [File not signed]
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=nb [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-19] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-19] ()
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-29] (Malwarebytes Corporation)
R2 NPF; C:\windows\system32\drivers\npf.sys [35344 2013-04-26] (CACE Technologies, Inc.)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [66576 2010-02-07] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [135696 2010-02-07] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\SysWOW64\DRIVERS\tmcomm.sys [256904 2012-06-05] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [56336 2010-02-07] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [100368 2009-11-23] (Trend Micro Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-30 13:38 - 2014-07-30 13:38 - 00022943 _____ () C:\Users\bbleyer\Desktop\FRST.txt
2014-07-30 13:21 - 2014-07-30 13:21 - 01365551 _____ () C:\Users\bbleyer\Desktop\adwcleaner_3.301.exe
2014-07-30 08:45 - 2014-07-30 09:00 - 00037157 _____ () C:\Users\bbleyer\Downloads\Addition.txt
2014-07-30 08:43 - 2014-07-30 13:38 - 00000000 ____D () C:\FRST
2014-07-30 08:40 - 2014-07-30 08:42 - 02093568 _____ (Farbar) C:\Users\bbleyer\Desktop\FRST64.exe
2014-07-29 23:14 - 2014-07-29 23:19 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-29 23:14 - 2014-07-29 23:14 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-29 23:14 - 2014-07-29 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-29 23:14 - 2014-07-29 23:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-29 23:14 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-29 23:14 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-07-29 23:14 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-07-29 22:56 - 2014-07-29 22:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\bbleyer\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-23 09:40 - 2014-07-23 09:40 - 00005662 _____ () C:\Users\bbleyer\Desktop\attach.txt
2014-07-23 09:40 - 2014-07-23 09:39 - 00024436 _____ () C:\Users\bbleyer\Desktop\dds.txt
2014-07-23 09:28 - 2014-07-23 09:28 - 00688992 ____R (Swearware) C:\Users\bbleyer\Downloads\dds(1).com
2014-07-23 09:26 - 2014-07-23 09:26 - 00688992 _____ (Swearware) C:\Users\bbleyer\Downloads\dds.com
2014-07-21 21:43 - 2014-07-21 21:43 - 01057672 _____ (Adobe) C:\Users\bbleyer\Downloads\install_reader11_en_mssd_aaa_aih(1).exe
2014-07-21 17:57 - 2014-07-21 17:57 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-21 17:57 - 2014-07-21 17:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-21 17:57 - 2014-07-21 17:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-21 17:46 - 2014-07-21 17:56 - 35594848 _____ (Skype Technologies S.A.) C:\Users\bbleyer\Downloads\SkypeSetupFull.exe
2014-07-21 17:21 - 2014-07-21 17:21 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-21 17:21 - 2014-07-21 17:21 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-21 17:13 - 2014-07-21 17:13 - 00284224 _____ (Mozilla) C:\Users\bbleyer\Downloads\Firefox Setup Stub 30.0 (1).exe
2014-07-21 17:12 - 2014-07-21 17:12 - 00284224 _____ (Mozilla) C:\Users\bbleyer\Downloads\Firefox Setup Stub 30.0.exe
2014-07-21 08:15 - 2014-07-21 08:15 - 00001130 _____ () C:\Users\bbleyer\Desktop\Continue Firefox Installation.lnk
2014-07-21 08:14 - 2014-07-21 08:14 - 00809320 _____ ( ) C:\Users\bbleyer\Downloads\FirefoxSetup.exe
2014-07-20 23:12 - 2014-07-20 23:12 - 00448512 _____ (OldTimer Tools) C:\Users\bbleyer\Downloads\TFC(1).exe
2014-07-20 23:08 - 2014-07-20 23:08 - 01057672 _____ (Adobe) C:\Users\bbleyer\Downloads\install_reader11_en_mssd_aaa_aih.exe
2014-07-19 11:09 - 2014-07-19 11:09 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-07-19 10:39 - 2014-07-19 10:39 - 00000788 _____ () C:\Users\bbleyer\Downloads\etsetscan.txt
2014-07-18 14:03 - 2014-07-18 14:03 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-18 14:01 - 2014-07-18 14:03 - 02347384 _____ (ESET) C:\Users\bbleyer\Downloads\esetsmartinstaller_enu(1).exe
2014-07-18 13:38 - 2014-07-18 13:38 - 00001949 _____ () C:\Users\bbleyer\Desktop\JRT.txt
2014-07-18 13:22 - 2014-07-18 13:22 - 01016261 _____ (Thisisu) C:\Users\bbleyer\Downloads\JRT(1).exe
2014-07-18 12:52 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-07-18 12:50 - 2014-07-30 13:27 - 00000000 ____D () C:\AdwCleaner
2014-07-18 12:45 - 2014-07-18 12:45 - 04161313 _____ () C:\Users\bbleyer\Downloads\tdsskiller.zip
2014-07-18 12:40 - 2014-07-18 12:41 - 00028646 _____ () C:\Users\bbleyer\Desktop\Result.txt
2014-07-18 12:35 - 2014-07-18 12:35 - 00401920 _____ (Farbar) C:\Users\bbleyer\Downloads\MiniToolBox(1).exe
2014-07-18 12:33 - 2014-07-18 12:34 - 00002360 _____ () C:\Users\bbleyer\Desktop\Rkill.txt
2014-07-18 12:33 - 2014-07-18 12:33 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\bbleyer\Downloads\rkill.exe
2014-07-18 12:29 - 2014-07-18 12:29 - 01062136 _____ (Bleeping Computer, LLC) C:\Users\bbleyer\Downloads\rkill64.com
2014-07-17 23:03 - 2014-07-17 23:04 - 00001610 _____ () C:\Users\bbleyer\Desktop\FixExec.txt
2014-07-17 23:02 - 2014-07-17 23:02 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\bbleyer\Downloads\FixExec.exe
2014-07-12 15:39 - 2014-07-12 15:39 - 00000000 ____D () C:\Users\bbleyer\AppData\Local\Skype
2014-07-12 15:34 - 2014-07-12 15:34 - 01677928 _____ (Skype Technologies S.A.) C:\Users\bbleyer\Downloads\SkypeSetup(2).exe
2014-07-09 08:11 - 2014-06-20 15:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-09 08:11 - 2014-06-18 20:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-09 08:11 - 2014-06-18 19:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-09 08:11 - 2014-06-18 19:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-09 08:11 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-09 08:11 - 2014-06-18 18:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 08:11 - 2014-06-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-09 08:11 - 2014-06-18 18:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-09 08:11 - 2014-06-18 18:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-09 08:11 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-09 08:11 - 2014-06-18 18:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-09 08:11 - 2014-06-18 18:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-09 08:11 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-09 08:11 - 2014-06-18 18:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 08:11 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-09 08:11 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-09 08:11 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-09 08:11 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-09 08:11 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-09 08:10 - 2014-06-20 14:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-09 08:10 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-09 08:10 - 2014-06-18 20:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-09 08:10 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-09 08:10 - 2014-06-18 19:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-09 08:10 - 2014-06-18 19:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-09 08:10 - 2014-06-18 19:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-09 08:10 - 2014-06-18 19:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-09 08:10 - 2014-06-18 19:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-09 08:10 - 2014-06-18 19:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-09 08:10 - 2014-06-18 19:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-09 08:10 - 2014-06-18 19:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-09 08:10 - 2014-06-18 19:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-09 08:10 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-09 08:10 - 2014-06-18 18:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-09 08:10 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-09 08:10 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-09 08:10 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-09 08:10 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-09 08:10 - 2014-06-18 18:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-09 08:10 - 2014-06-18 18:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-09 08:10 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-09 08:10 - 2014-06-18 18:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-09 08:10 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-09 08:10 - 2014-06-18 18:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-09 08:10 - 2014-06-18 18:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-09 08:10 - 2014-06-18 18:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-09 08:10 - 2014-06-18 18:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-09 08:10 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-09 08:10 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-09 08:10 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-09 08:10 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-09 08:10 - 2014-06-18 17:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-09 08:10 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-09 08:10 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-09 08:10 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-09 08:10 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-09 08:09 - 2014-06-29 21:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-09 08:09 - 2014-06-29 21:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-09 08:09 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-09 08:09 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-09 08:09 - 2014-06-17 20:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-09 08:09 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-09 08:09 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-09 08:09 - 2014-05-30 03:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-09 08:09 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-09 08:09 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-07-09 08:09 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-07-09 08:09 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-09 08:08 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-09 08:08 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-09 08:08 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-09 08:08 - 2014-05-30 03:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-09 08:08 - 2014-05-30 03:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-09 08:08 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-07-09 08:08 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-07-09 08:08 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-07-09 08:08 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-07-09 08:08 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-07-09 08:04 - 2014-06-05 09:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-09 08:04 - 2014-06-05 09:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-07-09 08:04 - 2014-06-05 09:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-07-08 18:51 - 2014-07-10 22:21 - 11204096 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-03 11:04 - 2014-07-03 11:04 - 01850192 _____ (BitTorrent Inc.) C:\Users\bbleyer\Downloads\uTorrent(2).exe
2014-07-01 14:40 - 2014-07-01 14:40 - 00002109 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-07-01 14:40 - 2014-07-01 14:40 - 00002097 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-07-01 14:40 - 2014-07-01 14:40 - 00000000 ____D () C:\Users\bbleyer\AppData\Roaming\Thunderbird
2014-07-01 14:40 - 2014-07-01 14:40 - 00000000 ____D () C:\Users\bbleyer\AppData\Local\Thunderbird
2014-07-01 14:40 - 2014-07-01 14:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-01 14:36 - 2014-07-01 14:39 - 22157992 _____ (Mozilla) C:\Users\bbleyer\Downloads\Thunderbird Setup 24.6.0.exe
2014-07-01 14:21 - 2014-07-20 09:05 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-01 14:21 - 2014-07-01 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-01 14:14 - 2014-07-01 14:14 - 00895120 _____ (Google Inc.) C:\Users\bbleyer\Downloads\ChromeSetup.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-30 13:39 - 2014-07-30 13:38 - 00022943 _____ () C:\Users\bbleyer\Desktop\FRST.txt
2014-07-30 13:38 - 2014-07-30 08:43 - 00000000 ____D () C:\FRST
2014-07-30 13:35 - 2009-07-14 00:13 - 00798284 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-30 13:35 - 2009-07-13 23:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-30 13:35 - 2009-07-13 23:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-30 13:28 - 2011-08-30 10:26 - 00000000 ____D () C:\temp
2014-07-30 13:28 - 2011-06-05 16:58 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-30 13:28 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-30 13:27 - 2014-07-18 12:50 - 00000000 ____D () C:\AdwCleaner
2014-07-30 13:27 - 2011-06-05 16:41 - 01232178 _____ () C:\windows\WindowsUpdate.log
2014-07-30 13:27 - 2010-11-20 22:47 - 00515426 _____ () C:\windows\PFRO.log
2014-07-30 13:27 - 2009-07-13 23:51 - 00070222 _____ () C:\windows\setupact.log
2014-07-30 13:21 - 2014-07-30 13:21 - 01365551 _____ () C:\Users\bbleyer\Desktop\adwcleaner_3.301.exe
2014-07-30 13:20 - 2011-06-05 16:58 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-30 13:19 - 2012-03-28 00:05 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-30 13:02 - 2012-05-13 20:36 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3481022763-886660274-1862456898-1000UA.job
2014-07-30 09:06 - 2012-04-20 21:50 - 00000000 ____D () C:\Users\bbleyer\AppData\Local\CrashDumps
2014-07-30 09:00 - 2014-07-30 08:45 - 00037157 _____ () C:\Users\bbleyer\Downloads\Addition.txt
2014-07-30 08:42 - 2014-07-30 08:40 - 02093568 _____ (Farbar) C:\Users\bbleyer\Desktop\FRST64.exe
2014-07-30 08:38 - 2013-04-26 11:08 - 00000000 ____D () C:\Users\bbleyer\AppData\Local\NETGEARGenie
2014-07-30 08:37 - 2013-04-03 13:30 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-30 08:37 - 2013-04-03 13:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-30 00:02 - 2012-05-13 20:36 - 00000864 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3481022763-886660274-1862456898-1000Core.job
2014-07-29 23:19 - 2014-07-29 23:14 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-29 23:14 - 2014-07-29 23:14 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-29 23:14 - 2014-07-29 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-29 23:14 - 2014-07-29 23:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-29 23:14 - 2012-11-05 21:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-29 22:59 - 2014-07-29 22:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\bbleyer\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-28 11:48 - 2013-04-03 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-26 04:38 - 2012-11-01 21:57 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-07-24 09:35 - 2014-06-21 23:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-24 09:35 - 2012-11-02 15:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-23 09:40 - 2014-07-23 09:40 - 00005662 _____ () C:\Users\bbleyer\Desktop\attach.txt
2014-07-23 09:39 - 2014-07-23 09:40 - 00024436 _____ () C:\Users\bbleyer\Desktop\dds.txt
2014-07-23 09:28 - 2014-07-23 09:28 - 00688992 ____R (Swearware) C:\Users\bbleyer\Downloads\dds(1).com
2014-07-23 09:26 - 2014-07-23 09:26 - 00688992 _____ (Swearware) C:\Users\bbleyer\Downloads\dds.com
2014-07-21 21:43 - 2014-07-21 21:43 - 01057672 _____ (Adobe) C:\Users\bbleyer\Downloads\install_reader11_en_mssd_aaa_aih(1).exe
2014-07-21 17:58 - 2012-09-02 11:57 - 00000000 ____D () C:\Users\bbleyer\AppData\Roaming\Skype
2014-07-21 17:57 - 2014-07-21 17:57 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-21 17:57 - 2014-07-21 17:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-21 17:57 - 2014-07-21 17:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-21 17:57 - 2012-09-02 11:57 - 00000000 ____D () C:\ProgramData\Skype
2014-07-21 17:56 - 2014-07-21 17:46 - 35594848 _____ (Skype Technologies S.A.) C:\Users\bbleyer\Downloads\SkypeSetupFull.exe
2014-07-21 17:21 - 2014-07-21 17:21 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-21 17:21 - 2014-07-21 17:21 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-21 17:13 - 2014-07-21 17:13 - 00284224 _____ (Mozilla) C:\Users\bbleyer\Downloads\Firefox Setup Stub 30.0 (1).exe
2014-07-21 17:12 - 2014-07-21 17:12 - 00284224 _____ (Mozilla) C:\Users\bbleyer\Downloads\Firefox Setup Stub 30.0.exe
2014-07-21 08:15 - 2014-07-21 08:15 - 00001130 _____ () C:\Users\bbleyer\Desktop\Continue Firefox Installation.lnk
2014-07-21 08:14 - 2014-07-21 08:14 - 00809320 _____ ( ) C:\Users\bbleyer\Downloads\FirefoxSetup.exe
2014-07-20 23:12 - 2014-07-20 23:12 - 00448512 _____ (OldTimer Tools) C:\Users\bbleyer\Downloads\TFC(1).exe
2014-07-20 23:08 - 2014-07-20 23:08 - 01057672 _____ (Adobe) C:\Users\bbleyer\Downloads\install_reader11_en_mssd_aaa_aih.exe
2014-07-20 09:05 - 2014-07-01 14:21 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-19 11:10 - 2014-05-06 22:00 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-07-19 11:10 - 2014-01-11 21:24 - 00092008 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2014-07-19 11:10 - 2013-05-20 23:39 - 00224896 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-07-19 11:10 - 2013-05-20 23:39 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-07-19 11:10 - 2012-03-27 01:12 - 01041168 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-07-19 11:10 - 2012-03-27 01:12 - 00427360 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-07-19 11:10 - 2012-03-27 01:12 - 00307344 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-07-19 11:10 - 2012-03-27 01:12 - 00079184 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-07-19 11:10 - 2012-03-27 01:12 - 00001977 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-19 11:09 - 2014-07-19 11:09 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-07-19 11:09 - 2012-03-27 01:12 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-07-19 10:39 - 2014-07-19 10:39 - 00000788 _____ () C:\Users\bbleyer\Downloads\etsetscan.txt
2014-07-18 14:03 - 2014-07-18 14:03 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-18 14:03 - 2014-07-18 14:01 - 02347384 _____ (ESET) C:\Users\bbleyer\Downloads\esetsmartinstaller_enu(1).exe
2014-07-18 13:38 - 2014-07-18 13:38 - 00001949 _____ () C:\Users\bbleyer\Desktop\JRT.txt
2014-07-18 13:22 - 2014-07-18 13:22 - 01016261 _____ (Thisisu) C:\Users\bbleyer\Downloads\JRT(1).exe
2014-07-18 12:45 - 2014-07-18 12:45 - 04161313 _____ () C:\Users\bbleyer\Downloads\tdsskiller.zip
2014-07-18 12:41 - 2014-07-18 12:40 - 00028646 _____ () C:\Users\bbleyer\Desktop\Result.txt
2014-07-18 12:38 - 2012-11-04 01:07 - 00037088 _____ () C:\Users\bbleyer\Downloads\Result.txt
2014-07-18 12:35 - 2014-07-18 12:35 - 00401920 _____ (Farbar) C:\Users\bbleyer\Downloads\MiniToolBox(1).exe
2014-07-18 12:34 - 2014-07-18 12:33 - 00002360 _____ () C:\Users\bbleyer\Desktop\Rkill.txt
2014-07-18 12:33 - 2014-07-18 12:33 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\bbleyer\Downloads\rkill.exe
2014-07-18 12:29 - 2014-07-18 12:29 - 01062136 _____ (Bleeping Computer, LLC) C:\Users\bbleyer\Downloads\rkill64.com
2014-07-17 23:04 - 2014-07-17 23:03 - 00001610 _____ () C:\Users\bbleyer\Desktop\FixExec.txt
2014-07-17 23:02 - 2014-07-17 23:02 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\bbleyer\Downloads\FixExec.exe
2014-07-17 22:23 - 2012-06-19 17:01 - 00000000 ____D () C:\Users\bbleyer\AppData\Roaming\Spotify
2014-07-15 19:32 - 2012-06-19 17:05 - 00000000 ____D () C:\Users\bbleyer\AppData\Local\Spotify
2014-07-12 19:35 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-07-12 15:39 - 2014-07-12 15:39 - 00000000 ____D () C:\Users\bbleyer\AppData\Local\Skype
2014-07-12 15:34 - 2014-07-12 15:34 - 01677928 _____ (Skype Technologies S.A.) C:\Users\bbleyer\Downloads\SkypeSetup(2).exe
2014-07-11 08:47 - 2009-07-13 23:45 - 00275712 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-11 08:44 - 2014-05-07 17:00 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-11 08:44 - 2010-11-21 02:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 08:44 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-07-11 08:44 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\Dism
2014-07-11 08:43 - 2011-08-30 10:57 - 00000000 ____D () C:\Users\bbleyer\AppData\Roaming\SoftGrid Client
2014-07-10 22:28 - 2013-08-03 10:38 - 00000000 ____D () C:\windows\system32\MRT
2014-07-10 22:25 - 2011-08-30 11:06 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-10 22:22 - 2012-03-28 00:05 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-10 22:22 - 2012-03-28 00:05 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-10 22:22 - 2012-03-28 00:05 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-07-10 22:21 - 2014-07-08 18:51 - 11204096 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-03 11:04 - 2014-07-03 11:04 - 01850192 _____ (BitTorrent Inc.) C:\Users\bbleyer\Downloads\uTorrent(2).exe
2014-07-01 14:40 - 2014-07-01 14:40 - 00002109 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-07-01 14:40 - 2014-07-01 14:40 - 00002097 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-07-01 14:40 - 2014-07-01 14:40 - 00000000 ____D () C:\Users\bbleyer\AppData\Roaming\Thunderbird
2014-07-01 14:40 - 2014-07-01 14:40 - 00000000 ____D () C:\Users\bbleyer\AppData\Local\Thunderbird
2014-07-01 14:40 - 2014-07-01 14:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-01 14:39 - 2014-07-01 14:36 - 22157992 _____ (Mozilla) C:\Users\bbleyer\Downloads\Thunderbird Setup 24.6.0.exe
2014-07-01 14:21 - 2014-07-01 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-01 14:21 - 2011-06-05 16:57 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-01 14:14 - 2014-07-01 14:14 - 00895120 _____ (Google Inc.) C:\Users\bbleyer\Downloads\ChromeSetup.exe

Some content of TEMP:
====================
C:\Users\bbleyer\AppData\Local\Temp\ICReinstall_FirefoxSetup.exe
C:\Users\bbleyer\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-29 23:59

==================== End Of Log ============================



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:01 PM

Posted 31 July 2014 - 06:57 AM


I re-downloaded adwcleaner from the link you listed. As far as I can tell it's the exact same version I ran earlier

Thank you I will check with the Owner of the tool.
===

Nothing suspicios was found on your FRST log. This is just a cleanup.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

HKLM\...\Run: [] => [X]
BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File
BHO-x32: No Name -> {D1C5F12B-9713-429C-B0D0-2D0ACD9D70F5} ->  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Homepage: duckduckgo.com
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=nb [X]

end

Save the files as fixlist.txt in to the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

====

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

#9 lordquas15

lordquas15
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 31 July 2014 - 10:26 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-07-2014 01
Ran by bbleyer at 2014-07-31 09:21:19 Run:1
Running from C:\Users\bbleyer\Desktop\Farbar
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

HKLM\...\Run: [] => [X]
BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File
BHO-x32: No Name -> {D1C5F12B-9713-429C-B0D0-2D0ACD9D70F5} ->  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Homepage: duckduckgo.com
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=nb [X]

end
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D1C5F12B-9713-429C-B0D0-2D0ACD9D70F5}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{D1C5F12B-9713-429C-B0D0-2D0ACD9D70F5}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
"HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
Firefox homepage deleted successfully.
"HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0" => Key deleted successfully.
"C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll" => not found.
"HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File" => Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0" => Key deleted successfully.
C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File" => Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
Amsp => Service deleted successfully.

==== End of Fixlog ====

 

 

RogueKiller V9.2.4.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : bbleyer [Admin rights]
Mode : Remove -- Date : 07/31/2014  10:22:17

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 15 (Driver: LOADED) ¤¤¤
[Filter(Kernel.Filter)] \Driver\Disk @ \Device\Harddisk0\DR0 : \Driver\partmgr @ Unknown (\SystemRoot\system32\DRIVERS\LPCFilter.sys)
[EAT:Addr] (explorer.exe) ksuser.dll - Acquire : C:\Program Files\AVAST Software\Avast\ashShA64.dll @ 0x74875e50
[EAT:Addr] (explorer.exe) ksuser.dll - DllCanUnloadNow : C:\Program Files\AVAST Software\Avast\ashShA64.dll @ 0x748716e0
[EAT:Addr] (explorer.exe) ksuser.dll - DllGetClassObject : C:\Program Files\AVAST Software\Avast\ashShA64.dll @ 0x74871630
[EAT:Addr] (explorer.exe) ksuser.dll - Release : C:\Program Files\AVAST Software\Avast\ashShA64.dll @ 0x74875e80
[EAT:Addr] (explorer.exe) ksuser.dll - aswGetAtlStrFromCache : C:\Program Files\AVAST Software\Avast\ashShA64.dll @ 0x74876ac0
[EAT:Addr] (explorer.exe) ksuser.dll - aswGetIntFromCache : C:\Program Files\AVAST Software\Avast\ashShA64.dll @ 0x74876d30
[EAT:Addr] (explorer.exe) ksuser.dll - aswGetStrFromCache : C:\Program Files\AVAST Software\Avast\ashShA64.dll @ 0x74876910
[EAT:Addr] (explorer.exe) ksuser.dll - aswGetTaskPropertyEx : C:\Program Files\AVAST Software\Avast\ashShA64.dll @ 0x74876f60
[EAT:Addr] (explorer.exe) ksuser.dll - aswGetTaskPropertyIntEx : C:\Program Files\AVAST Software\Avast\ashShA64.dll @ 0x74877110
[EAT:Addr] (explorer.exe) ksuser.dll - aswPropertyFreeLibrary : C:\Program Files\AVAST Software\Avast\ashShA64.dll @ 0x74876860
[EAT:Addr] (explorer.exe) ksuser.dll - aswPropertyInitLibrary : C:\Program Files\AVAST Software\Avast\ashShA64.dll @ 0x74876850
[EAT:Addr] (explorer.exe) ksuser.dll - aswRegisterDataFolderEvent : C:\Program Files\AVAST Software\Avast\ashShA64.dll @ 0x748768e0
[EAT:Addr] (explorer.exe) ksuser.dll - aswSetTaskPropertyEx : C:\Program Files\AVAST Software\Avast\ashShA64.dll @ 0x74877190
[EAT:Addr] (explorer.exe) ksuser.dll - aswSetTaskPropertyIntEx : C:\Program Files\AVAST Software\Avast\ashShA64.dll @ 0x74877340

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK6476GSXN +++++
--- User ---
[MBR] b8804eb13f2b03ef79e221133212af7b
[BSP] cf81b80618fd166be3ab24b66ded586c : HP MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 594520 MB
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1220651008 | Size: 14459 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_07312014_102056.log



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:01 PM

Posted 31 July 2014 - 12:39 PM


If still having problems.
Try these fixes.

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

If that fails to remove the Redirects try this.
...

Reset all you Browsers.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Internet Explorer:
Menu > Tools > Internet Options > General Tab.
Click the Reset button on the bottom of the pane.
Clcik the Apply button.
Close IE.

===

How is it now?

#11 lordquas15

lordquas15
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 31 July 2014 - 11:23 PM

Same issues; Internet explorer crashes on launch, Firefox and chrome stop working, Skype crashes on launch.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:01 PM

Posted 01 August 2014 - 10:13 AM

Create a new profile and install Firefox and Chrome.

http://www.bleepingcomputer.com/tutorials/create-new-user-account-in-windows-vista-7/

How is it now?

#13 lordquas15

lordquas15
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 02 August 2014 - 10:04 PM

Same issues.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:01 PM

Posted 03 August 2014 - 06:32 AM

If you have a CD Emulator Software (Daemon Tools, Alcohol etc) installed, the drivers this software uses can interfere with the Anti-Rootkit tools we use. These interferences can take a few forms, like GMER crashing or causing BSODs, or Rootkit scans produces large amounts of FPs and general dross. This 'dross' often makes it hard to differentiate between genuine malicious Rootkits, and the legitimate drivers used by CM Emulators.

Disable the CD emulators....

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
  • IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

    Do not re-enable these drivers until otherwise instructed. Or when this computer is clean.

    HOW TO: Enable the CD Emulators... < restore only when we are finished.

    To re-enable your Emulation drivers, double click DeFogger to run the tool.
    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK
    IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

    Your Emulation drivers are now re-enabled.
    ===

    Now run these tools and post the logs.

    Read carefully and follow these steps.
    TDSS
    • Download TDSSKiller and save it to your Desktop.
    • Doubleclick on TDSSKiller.exe to run the application.
    • Then click on Start Scan.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.

      TDSSKillerSuspicious-1.png
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
      TDSSKillerMal-1.png
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

      TDSSKillerCompleted.png
    • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
    ===

    Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
    • Click the "Scan" button to start scan.
    • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
    • Please paste the contents of that log in your next reply.
    There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
    ===


#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:01 PM

Posted 08 August 2014 - 07:23 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users