Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

manifest.json based virus - am I clean now?


  • This topic is locked This topic is locked
21 replies to this topic

#1 BobintheBox

BobintheBox

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:25 PM

Posted 20 November 2014 - 02:15 AM

Found a virus running on my system. Some sort of manifest.json javascript based virus. Manuallly removed it to the best of my ability. I don't know what it was, so I posted in the other forum to try to get help with that. See this post for more details on what I found and did

 

My system seems to be normal... but I am wondering if I am actually clean now.

 

--

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16584  BrowserJavaVersion: 11.25.2
Run by bss at 1:53:38 on 2014-11-20
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3581.2727 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uProxyServer = localhost:8080
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: WebCGMHlprObj Class: {56B38F40-4E70-11d4-A076-0080AD86BA2F} - c:\windows\system32\cgmopenbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
uRun: [TOSCDSPD] TOSCDSPD.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [HSON] c:\program files\toshiba\tbs\HSON.exe
mRun: [jswtrayutil] "c:\program files\jumpstart\jswtrayutil.exe"
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
uPolicies-Explorer: NoDrivesInSendToMenu = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 4.2.2.2 4.2.2.1
TCP: Interfaces\{20EF9E06-EF1F-4D7F-B446-61FFF790AD93} : DHCPNameServer = 4.2.2.2 4.2.2.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\38.0.2125.111\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bss\appdata\roaming\mozilla\firefox\profiles\bzwp3hwx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aimright-chromesbox-en-us&tb_uuid=20121013045414872&tb_oid=13-10-2012&tb_mrud=13-10-2012
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - ttp://www.google.com/search?&q=
FF - prefs.js: keyword.enabled - false
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1200112.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_43.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-5-3 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-5-3 206248]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2012-10-11 752128]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-6 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2012-2-6 422760]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2011-7-6 20384]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-10-3 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-2-6 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-6 50344]
R2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\avast software\avast\ng\vbox\VBoxAswDrv.sys [2014-11-19 218192]
R3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\avast software\avast\ng\vbox\AvastVBoxSVC.exe [2014-11-19 3192344]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [2011-8-1 45288]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-5-5 7168]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2012-10-11 167968]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2011-7-6 954368]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2014-10-14 19968]
S4 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2012-10-11 3246040]
S4 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
S4 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2012-5-10 539744]
S4 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\escsvc.exe [2013-12-31 122000]
S4 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
.
=============== File Associations ===============
.
FileExt: .txt: UltraEdit.txt="c:\program files\idm computer solutions\ultraedit\Uedit32.exe" "%1" [UserChoice]
FileExt: .ini: UltraEdit.ini="c:\program files\idm computer solutions\ultraedit\Uedit32.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-11-19 14:44:43    --------    d-----w-    c:\windows\system32\vbox
2014-11-19 14:12:51    43152    ----a-w-    c:\windows\avastSS.scr
2014-11-19 05:11:00    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2014-11-19 05:10:51    --------    d-----w-    c:\program files\Spybot - Search & Destroy 2
2014-11-19 04:08:20    114904    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-19 04:06:16    75480    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-11-19 04:06:16    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-11-19 04:06:16    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-11-19 04:06:16    --------    d-----w-    c:\programdata\Malwarebytes
2014-11-19 04:06:16    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
.
==================== Find3M  ====================
.
2014-11-19 14:12:52    70384    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-11-19 14:12:52    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-11-19 14:12:52    206248    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-11-19 14:12:51    24184    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-11-19 14:12:32    787800    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-11-01 02:38:31    96680    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-10-15 04:47:45    979456    ----a-w-    c:\windows\system32\MFH264Dec.dll
2014-10-15 04:46:01    4096    ----a-w-    c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
2014-10-15 04:46:00    974848    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2014-10-15 04:46:00    519680    ----a-w-    c:\windows\system32\d3d11.dll
2014-10-15 04:46:00    369664    ----a-w-    c:\windows\system32\WMPhoto.dll
2014-10-15 04:46:00    321024    ----a-w-    c:\windows\system32\PhotoMetadataHandler.dll
2014-10-15 04:46:00    252928    ----a-w-    c:\windows\system32\dxdiag.exe
2014-10-15 04:46:00    195584    ----a-w-    c:\windows\system32\dxdiagn.dll
2014-10-15 04:46:00    189440    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2014-09-27 23:29:58    2054656    ----a-w-    c:\windows\system32\win32k.sys
2014-09-16 16:56:02    66560    ----a-w-    c:\windows\system32\packager.dll
2014-09-04 23:27:58    143360    ----a-w-    c:\windows\system32\drivers\fastfat.sys
2014-08-23 01:03:46    297984    ----a-w-    c:\windows\system32\gdi32.dll
2012-12-13 05:56:54    302    ----a-w-    c:\program files\temp995.bat
.
============= FINISH:  1:55:01.96 ===============
 

Attached Files


Edited by BobintheBox, 20 November 2014 - 02:23 AM.


BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:25 PM

Posted 25 November 2014 - 02:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/556919 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,558 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:25 AM

Posted 27 November 2014 - 09:17 AM

Greetings BobintheBox and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,558 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:25 AM

Posted 30 November 2014 - 03:19 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 BobintheBox

BobintheBox
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:25 PM

Posted 01 December 2014 - 02:50 PM

As requested...FRST.txt and Addition.txt below. 
 
There is no "Attach" button in the Reply feature that I can find (unlike the in the New Topic feature where there's a big button at the bottom). The link you providing for help i.e. "attach the file" leads to a missing graphic.  If you can tell me how to attach to a reply or point me to a help page (I could not find any info on attaching), I will attach Summary.nfc.
 
 
 
-----------------
FRST.txt
-----------------
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-12-2014
Ran by bss (administrator) on TOSHIBA-OLDEST on 01-12-2014 13:59:50
Running from C:\Users\bss\Desktop
Loaded Profile: bss (Available profiles: bss & lel & Screen User & Administrator)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7Debug\MDM.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\ntvdm.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-02-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-11-01] (TOSHIBA Corporation)
HKLM\...\Run: [jswtrayutil] => "C:\Program Files\Jumpstart\jswtrayutil.exe"
HKLM\...\Run: [cfFncEnabler.exe] => cfFncEnabler.exe
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-20] (AVAST Software)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2090475765-3295667832-4244984891-1000\...\Run: [TOSCDSPD] => TOSCDSPD.EXE
HKU\S-1-5-21-2090475765-3295667832-4244984891-1000\...\Policies\Explorer: [NoDrivesInSendToMenu] 1
HKU\S-1-5-21-2090475765-3295667832-4244984891-1000\...\MountPoints2: {717c1775-7cf7-11e2-8968-b856b50c5dbd} - F:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2090475765-3295667832-4244984891-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-2090475765-3295667832-4244984891-1000] => localhost:8080
HKU\S-1-5-21-2090475765-3295667832-4244984891-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2090475765-3295667832-4244984891-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
HKU\S-1-5-21-2090475765-3295667832-4244984891-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aimright-chromesbox-en-us&tb_uuid=20121013045414872&tb_oid=13-10-2012&tb_mrud=13-10-2012
SearchScopes: HKLM -> {38BA93F0-B10D-4527-BFB6-45D0DC65DB2C} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKLM -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aimright-chromesbox-en-us&tb_uuid=20121013045414872&tb_oid=13-10-2012&tb_mrud=13-10-2012
SearchScopes: HKU\S-1-5-21-2090475765-3295667832-4244984891-1000 -> DefaultScope {38BA93F0-B10D-4527-BFB6-45D0DC65DB2C} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};&rlz=1I7TSHB_en
SearchScopes: HKU\S-1-5-21-2090475765-3295667832-4244984891-1000 -> {327e83ab-d095-4616-88d1-9e087d0557c3} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=bu10aiminstabie7
SearchScopes: HKU\S-1-5-21-2090475765-3295667832-4244984891-1000 -> {38BA93F0-B10D-4527-BFB6-45D0DC65DB2C} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};&rlz=1I7TSHB_en
SearchScopes: HKU\S-1-5-21-2090475765-3295667832-4244984891-1000 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aimright-chromesbox-en-us&tb_uuid=20121013045414872&tb_oid=13-10-2012&tb_mrud=13-10-2012
SearchScopes: HKU\S-1-5-21-2090475765-3295667832-4244984891-1000 -> {DEEF799E-6FBD-4610-9E45-D5F1CD85D67B} URL = http://us.yhs4.search.yahoo.com/yhs/search?hsimp=yhs-affiliate_a&hspart=greentree&type=847320_yhs3tst&p={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: WebCGMHlprObj Class -> {56B38F40-4E70-11d4-A076-0080AD86BA2F} -> C:\Windows\system32\cgmopenbho.dll (CGM Open Consortium, Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll No File
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 4.2.2.2 4.2.2.1

FireFox:
========
FF ProfilePath: C:\Users\bss\AppData\Roaming\Mozilla\Firefox\Profiles\bzwp3hwx.default
FF NewTab: about:blank
FF DefaultSearchEngine: AOL Search
FF DefaultSearchUrl: hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aimright-chromesbox-en-us&tb_uuid=20121013045414872&tb_oid=13-10-2012&tb_mrud=13-10-2012
FF Homepage: about:home
FF Keyword.URL: ttp://www.google.com/search?&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\bss\AppData\Roaming\Mozilla\Firefox\Profiles\bzwp3hwx.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdnu.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdnupdater2.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Users\bss\AppData\Roaming\Mozilla\Firefox\Profiles\bzwp3hwx.default\searchplugins\aol-search.xml
FF Extension: WebRank SEO Toolbar - C:\Users\bss\AppData\Roaming\Mozilla\Firefox\Profiles\bzwp3hwx.default\Extensions\webrank-toolbar@probcomp.com [2013-12-01]
FF Extension: Empty Cache Button - C:\Users\bss\AppData\Roaming\Mozilla\Firefox\Profiles\bzwp3hwx.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f} [2014-10-11]
FF Extension: DownloadHelper - C:\Users\bss\AppData\Roaming\Mozilla\Firefox\Profiles\bzwp3hwx.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
FF Extension: Status-4-Evar - C:\Users\bss\AppData\Roaming\Mozilla\Firefox\Profiles\bzwp3hwx.default\Extensions\status4evar@caligonstudios.com.xpi [2014-04-15]
FF Extension: Tab Mix Plus - C:\Users\bss\AppData\Roaming\Mozilla\Firefox\Profiles\bzwp3hwx.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-10-12]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-07-06]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-02-06]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\bss\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (downloadUpdater) - C:\Program Files\Mozilla Firefox\plugins\npdnu.dll (AOL LLC)
CHR Plugin: (downloadUpdater2) - C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll (AOL LLC)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 7 U45) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\bss\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Stop YouTube HTML5 Autoplay) - C:\Users\bss\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajkibmginjljbmmpgnipfbcbmkcodaap [2014-07-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\bss\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (Avast Online Security) - C:\Users\bss\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-03]
CHR Extension: (Google Wallet) - C:\Users\bss\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR Extension: (Gmail) - C:\Users\bss\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-06]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [804536 2011-09-22] (Acronis)
S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2012-10-11] (Acronis)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-19] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2014-11-19] (Avast Software)
S4 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S4 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION) [File not signed]
S4 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S4 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [539744 2012-05-10] (SEIKO EPSON CORPORATION)
S4 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
S4 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-01-31] (Macrovision Europe Ltd.) [File not signed]
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.) [File not signed]
S4 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
S4 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [66928 2007-10-23] ()
S4 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-19] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2014-11-19] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-20] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2014-11-19] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-19] ()
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-08-01] (Microsoft Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2014-11-19] (Avast Software)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-01 13:41 - 2014-12-01 13:42 - 00030477 _____ () C:\Users\bss\Desktop\Addition.txt
2014-12-01 13:40 - 2014-12-01 14:00 - 00019557 _____ () C:\Users\bss\Desktop\FRST.txt
2014-12-01 13:39 - 2014-12-01 13:59 - 00000000 ____D () C:\FRST
2014-12-01 13:34 - 2014-12-01 13:34 - 00000000 ___DL () C:\Users\bss\Documents\link-schedule
2014-12-01 13:34 - 2014-12-01 13:34 - 00000000 ___DL () C:\Users\bss\Documents\link-lodge
2014-12-01 13:34 - 2014-12-01 13:34 - 00000000 ___DL () C:\Users\bss\Documents\link-invoices
2014-12-01 13:34 - 2014-12-01 13:34 - 00000000 ___DL () C:\Users\bss\Documents\link-business
2014-12-01 13:34 - 2014-12-01 13:34 - 00000000 ___DL () C:\Users\bss\Documents\link-bus
2014-12-01 13:16 - 2014-12-01 13:16 - 01109504 _____ (Farbar) C:\Users\bss\Desktop\FRST.exe
2014-11-29 15:59 - 2014-11-29 15:59 - 00000247 _____ () C:\Windows\system32\2014-11-29-20-59-09.031-aswFe.exe-4776.log
2014-11-29 15:49 - 2014-11-29 15:59 - 00000247 _____ () C:\Windows\system32\2014-11-29-20-49-10.014-aswFe.exe-3488.log
2014-11-29 15:49 - 2014-11-29 15:49 - 00000197 _____ () C:\Windows\system32\2014-11-29-20-49-05.004-AvastVBoxSVC.exe-1584.log
2014-11-29 00:07 - 2014-11-29 00:07 - 00000247 _____ () C:\Windows\system32\2014-11-29-05-07-19.049-aswFe.exe-5188.log
2014-11-28 23:55 - 2014-11-29 00:07 - 00000247 _____ () C:\Windows\system32\2014-11-29-04-55-24.003-aswFe.exe-5572.log
2014-11-28 23:55 - 2014-11-28 23:55 - 00000197 _____ () C:\Windows\system32\2014-11-29-04-55-17.075-AvastVBoxSVC.exe-5132.log
2014-11-28 22:57 - 2014-11-28 22:57 - 00000197 _____ () C:\Windows\system32\2014-11-29-03-57-33.028-AvastVBoxSVC.exe-2608.log
2014-11-27 09:46 - 2014-11-27 09:46 - 00000197 _____ () C:\Windows\system32\2014-11-27-14-46-32.005-AvastVBoxSVC.exe-2616.log
2014-11-26 21:20 - 2014-11-26 21:21 - 00000197 _____ () C:\Windows\system32\2014-11-27-02-20-58.041-AvastVBoxSVC.exe-2624.log
2014-11-26 13:13 - 2014-11-26 13:13 - 00000304 _____ () C:\Users\bss\Desktop\autopartsmaxima.txt
2014-11-25 21:33 - 2014-11-25 21:33 - 00000247 _____ () C:\Windows\system32\2014-11-26-02-33-39.079-aswFe.exe-5972.log
2014-11-25 21:23 - 2014-11-25 21:33 - 00000247 _____ () C:\Windows\system32\2014-11-26-02-23-36.012-aswFe.exe-3276.log
2014-11-25 21:23 - 2014-11-25 21:23 - 00000197 _____ () C:\Windows\system32\2014-11-26-02-23-31.008-AvastVBoxSVC.exe-4396.log
2014-11-25 19:11 - 2014-11-25 19:11 - 00000247 _____ () C:\Windows\system32\2014-11-26-00-11-14.039-aswFe.exe-1868.log
2014-11-25 19:01 - 2014-11-25 19:11 - 00000247 _____ () C:\Windows\system32\2014-11-26-00-01-05.033-aswFe.exe-5164.log
2014-11-25 19:00 - 2014-11-25 19:01 - 00000197 _____ () C:\Windows\system32\2014-11-26-00-00-59.051-AvastVBoxSVC.exe-2748.log
2014-11-25 18:16 - 2014-11-25 18:16 - 00000197 _____ () C:\Windows\system32\2014-11-25-23-16-51.009-AvastVBoxSVC.exe-2648.log
2014-11-24 13:01 - 2014-11-24 13:01 - 00000905 _____ () C:\Users\bss\Desktop\EdT Key surround
2014-11-24 12:33 - 2014-11-24 12:33 - 00000197 _____ () C:\Windows\system32\2014-11-24-17-33-31.099-AvastVBoxSVC.exe-2584.log
2014-11-24 10:12 - 2014-11-24 10:13 - 00000197 _____ () C:\Windows\system32\2014-11-24-15-12-58.063-AvastVBoxSVC.exe-2612.log
2014-11-24 08:31 - 2014-11-24 08:31 - 00000197 _____ () C:\Windows\system32\2014-11-24-13-31-39.043-AvastVBoxSVC.exe-2608.log
2014-11-23 21:57 - 2014-11-23 21:57 - 00000197 _____ () C:\Windows\system32\2014-11-24-02-57-34.087-AvastVBoxSVC.exe-2648.log
2014-11-22 09:19 - 2014-11-22 09:19 - 00000197 _____ () C:\Windows\system32\2014-11-22-14-19-13.092-AvastVBoxSVC.exe-2632.log
2014-11-21 23:15 - 2014-11-21 23:15 - 00000247 _____ () C:\Windows\system32\2014-11-22-04-15-10.089-aswFe.exe-3504.log
2014-11-21 23:05 - 2014-11-21 23:15 - 00000247 _____ () C:\Windows\system32\2014-11-22-04-05-04.072-aswFe.exe-5236.log
2014-11-21 23:04 - 2014-11-21 23:04 - 00000197 _____ () C:\Windows\system32\2014-11-22-04-04-58.059-AvastVBoxSVC.exe-1072.log
2014-11-21 17:50 - 2014-11-21 18:00 - 00000247 _____ () C:\Windows\system32\2014-11-21-22-50-27.068-aswFe.exe-5352.log
2014-11-21 17:50 - 2014-11-21 17:50 - 00000197 _____ () C:\Windows\system32\2014-11-21-22-50-21.025-AvastVBoxSVC.exe-2616.log
2014-11-20 21:12 - 2014-11-20 21:12 - 00000197 _____ () C:\Windows\system32\2014-11-21-02-12-11.034-AvastVBoxSVC.exe-2544.log
2014-11-20 21:04 - 2014-11-20 21:04 - 00000197 _____ () C:\Windows\system32\2014-11-21-02-04-45.045-AvastVBoxSVC.exe-2568.log
2014-11-20 11:00 - 2014-11-20 11:01 - 00000247 _____ () C:\Windows\system32\2014-11-20-16-00-54.082-aswFe.exe-6032.log
2014-11-20 10:47 - 2014-11-20 11:00 - 00000247 _____ () C:\Windows\system32\2014-11-20-15-47-21.077-aswFe.exe-1444.log
2014-11-20 03:07 - 2014-11-20 03:07 - 00000000 _____ () C:\Users\bss\sfcdetails.txt
2014-11-20 02:41 - 2006-11-02 07:54 - 00001670 _____ () C:\Users\bss\Desktop\Task Scheduler.lnk
2014-11-20 02:36 - 2014-11-20 02:36 - 00000271 _____ () C:\Users\bss\Desktop\Fix Missing System Restore Points in Windows Vista and 7.URL
2014-11-20 01:54 - 2014-11-20 01:54 - 00000197 _____ () C:\Windows\system32\2014-11-20-06-54-12.001-AvastVBoxSVC.exe-2628.log
2014-11-20 01:49 - 2014-11-20 01:49 - 00000079 _____ () C:\Windows\wininit.ini
2014-11-20 01:45 - 2014-11-20 01:45 - 00000000 ____D () C:\Users\bss\Documents\ProcAlyzer Dumps
2014-11-20 01:38 - 2014-11-06 11:12 - 00001441 _____ () C:\Windows\system32\Drivers\etc\hosts - Copy
2014-11-19 12:47 - 2014-11-19 12:48 - 00000197 _____ () C:\Windows\system32\2014-11-19-17-47-59.068-AvastVBoxSVC.exe-2484.log
2014-11-19 12:25 - 2014-11-19 12:25 - 00000247 _____ () C:\Windows\system32\2014-11-19-17-25-13.084-aswFe.exe-2008.log
2014-11-19 12:15 - 2014-11-19 12:25 - 00000247 _____ () C:\Windows\system32\2014-11-19-17-15-26.083-aswFe.exe-3092.log
2014-11-19 12:15 - 2014-11-19 12:15 - 00000197 _____ () C:\Windows\system32\2014-11-19-17-15-21.034-AvastVBoxSVC.exe-4056.log
2014-11-19 11:30 - 2014-11-19 11:30 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\AVAST Software
2014-11-19 11:13 - 2014-11-19 11:13 - 00000197 _____ () C:\Windows\system32\2014-11-19-16-13-41.098-AvastVBoxSVC.exe-2576.log
2014-11-19 10:07 - 2014-11-19 10:17 - 00000247 _____ () C:\Windows\system32\2014-11-19-15-07-51.077-aswFe.exe-5092.log
2014-11-19 09:44 - 2014-11-19 09:45 - 00000000 ____D () C:\Windows\system32\vbox
2014-11-19 09:12 - 2014-11-19 09:12 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-19 09:12 - 2014-11-19 09:12 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-19 00:11 - 2014-11-20 01:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-19 00:10 - 2014-11-20 01:51 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-11-18 23:08 - 2014-11-19 01:33 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-18 23:06 - 2014-11-18 23:06 - 00000909 _____ () C:\Users\bss\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-18 23:06 - 2014-11-18 23:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-18 23:06 - 2014-11-18 23:06 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-18 23:06 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-18 23:06 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-18 23:06 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-17 13:23 - 2014-11-18 21:25 - 00001048 _____ () C:\Users\bss\Desktop\tires.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-01 13:39 - 2011-07-29 00:16 - 00000000 ____D () C:\temp
2014-12-01 13:38 - 2006-11-02 05:23 - 00000555 _____ () C:\Windows\win.ini
2014-12-01 13:05 - 2012-02-08 00:47 - 00000000 ____D () C:\Users\bss\Documents\My PSP Files
2014-12-01 13:05 - 2006-11-02 05:33 - 00690960 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-01 13:00 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-01 13:00 - 2006-11-02 07:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-01 13:00 - 2006-11-02 07:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-30 23:47 - 2006-11-02 08:01 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-30 19:22 - 2012-10-10 17:29 - 00000000 ____D () C:\ProgramData\pdf995
2014-11-28 23:48 - 2012-10-10 21:13 - 00000000 ____D () C:\Users\bss\Desktop\cars 2
2014-11-26 21:09 - 2012-02-08 02:31 - 00002595 _____ () C:\Users\bss\Desktop\Jasc Paint Shop Pro 9.lnk
2014-11-26 15:31 - 2012-10-10 15:38 - 00001655 _____ () C:\Windows\POWERUP.INI
2014-11-26 15:31 - 2012-10-10 15:38 - 00000372 _____ () C:\Windows\CCSTYLES.CCY
2014-11-25 06:35 - 2012-02-06 15:55 - 00002555 _____ () C:\Users\bss\Desktop\Word.lnk
2014-11-21 21:13 - 2012-02-06 14:26 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-20 21:13 - 2012-02-06 14:26 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-20 21:02 - 2011-07-28 19:13 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-20 21:02 - 2011-07-28 19:13 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-20 03:07 - 2011-07-06 01:28 - 00000000 ____D () C:\Users\bss
2014-11-19 11:30 - 2012-10-18 08:22 - 00000959 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-19 11:30 - 2012-10-18 08:22 - 00000925 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-11-19 11:09 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-11-19 10:15 - 2012-10-12 19:52 - 00000000 ___RD () C:\Users\bss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet
2014-11-19 10:14 - 2014-05-07 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
2014-11-19 10:14 - 2012-10-10 23:43 - 00000000 ____D () C:\Users\bss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\General System Tools
2014-11-19 10:14 - 2012-10-10 18:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\General System Tools
2014-11-19 10:12 - 2011-07-06 01:28 - 00000000 ___RD () C:\Users\bss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-19 09:12 - 2014-10-03 09:14 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-19 09:12 - 2013-05-03 19:12 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-19 09:12 - 2013-05-03 19:12 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-19 09:12 - 2012-02-06 14:26 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-19 09:12 - 2012-02-06 14:26 - 00057928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-11-19 09:12 - 2012-02-06 14:26 - 00055240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-11-18 23:39 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\L2Schemas
2014-11-18 22:18 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-11-18 22:17 - 2012-10-18 08:21 - 00000000 ____D () C:\Users\Administrator
2014-11-18 22:17 - 2006-11-02 05:22 - 41418752 _____ () C:\Windows\system32\config\software_previous
2014-11-18 22:17 - 2006-11-02 05:22 - 40894464 _____ () C:\Windows\system32\config\components_previous
2014-11-18 22:17 - 2006-11-02 05:22 - 35389440 _____ () C:\Windows\system32\config\system_previous
2014-11-18 22:17 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-11-18 22:17 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-11-18 22:17 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\default_previous
2014-11-18 22:16 - 2011-07-28 18:55 - 00000000 ____D () C:\Users\lel
2014-11-18 22:16 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\spool
2014-11-18 22:16 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\registration
2014-11-18 18:00 - 2014-07-02 09:45 - 00000000 ____D () C:\Users\bss\Desktop\wheel-car
2014-11-18 11:10 - 2011-07-06 01:29 - 00000000 ____D () C:\Users\bss\AppData\Local\Toshiba
2014-11-17 12:42 - 2011-11-17 13:30 - 00001706 ____H () C:\Users\bss\Documents\Default.rdp
2014-11-16 11:47 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system
2014-11-16 10:05 - 2012-10-10 21:12 - 00000000 ____D () C:\Users\bss\Desktop\temp links + misc notes
2014-11-13 13:27 - 2013-02-23 20:34 - 00000000 ____D () C:\Program Files\QuickTime
2014-11-12 11:21 - 2012-02-08 02:37 - 00000456 _____ () C:\Windows\ahd3.ini

Some content of TEMP:
====================
C:\Users\lel\AppData\Local\Temp\install_flash_player_ax.exe
C:\Users\lel\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\lel\AppData\Local\Temp\symlcsv1.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-01 13:05

==================== End Of Log ============================
 
 
 
-----------------
Addition.txt
-----------------
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-12-2014
Ran by bss at 2014-12-01 14:00:37
Running from C:\Users\bss\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis True Image Home 2011 (HKLM\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6942 - Acronis)
ActivePerl 5.16.1 Build 1601 (HKLM\...\{9441AF70-8CCC-41EE-B2C1-398F5FE7E387}) (Version: 5.16.1601 - ActiveState)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.6) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Agent Ransack 2010 (HKLM\...\Agent Ransack_is1) (Version:  - )
AIM 7 (HKLM\...\AIM_7) (Version:  - )
Amazon Kindle (HKLM\...\Amazon Kindle) (Version:  - Amazon)
Any Video Converter Professional 3.5.5 (HKLM\...\Any Video Converter Professional_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Atheros Wi-Fi Protected Setup Library (HKLM\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version:  - Atheros)
ATI Catalyst Install Manager (HKLM\...\{A7F27ADB-3C56-0F2B-6B4B-0B8E02A49186}) (Version: 3.0.664.0 - ATI Technologies, Inc.)
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.1 - Auslogics Software Pty Ltd)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version:  - Canon Inc.)
Catalyst Control Center - Branding (HKLM\...\{69E5255D-9D43-4CFF-8984-843ABD7753B7}) (Version: 1.00.0000 - ATI)
ccc-core-static (Version: 2008.0422.2139.36895 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 2.29 - Piriform)
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.03 - TOSHIBA)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.3) (Version: 5.0.0.3 - Coupons.com Incorporated)
Download Navigator (HKLM\...\{3A3A3B34-6EA2-4031-8580-D66D29533E89}) (Version: 3.4.0 - SEIKO EPSON CORPORATION)
EPSON Connect version 1.0 (HKLM\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
FileZilla (remove only) (HKLM\...\FileZilla) (Version:  - )
Forté Agent (HKLM\...\Forte Agent) (Version:  - )
Free FLV Converter V 7.4.0 (HKLM\...\Free FLV Converter_is1) (Version: 7.4.0.0 - Koyote Soft)
Free Mp3 Wma Converter V 1.81 (HKLM\...\Free Mp3 Wma Converter_is1) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HP Install Network Printer Wizard (HKLM\...\{C5E5233B-17E9-4F1B-824D-46571B780EB1}) (Version:  - )
ITEDO IsoView ActiveX Control 3.0 (HKLM\...\IsoViewX30Uc) (Version:  - )
Jasc Paint Shop Pro 9 (HKLM\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc)
Jasc Paint Shop Pro 9 20040928_12 Plugin Update Patch (HKLM\...\Jasc Paint Shop Pro 9.00 Update Patch) (Version:  - )
Jasc Paint Shop Pro 9 GDI+ Patch (HKLM\...\Jasc Paint Shop Pro 9 GDI+ Patch) (Version:  - )
Jasc Paint Shop Pro 9.01 - (9.0.1.1) (HKLM\...\Jasc Paint Shop Pro 9.01 - (9.0.1.1)) (Version:  - )
Jasc Paint Shop Pro 9.01 Patch (HKLM\...\Jasc Paint Shop Pro 9.01 Patch) (Version:  - )
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
join.me (HKU\S-1-5-21-2090475765-3295667832-4244984891-1000\...\JoinMe) (Version: 1.3.1.431 - LogMeIn, Inc.)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Filter Pack 2.0 (HKLM\...\{95140000-2000-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM\...\{91170409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM\...\{90110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird (3.1.9) (HKLM\...\Mozilla Thunderbird (3.1.9)) (Version: 3.1.9 (en-US) - Mozilla)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
No New Page (HKLM\...\{8A436B16-2F64-4307-A4A9-96FD9F2CC78F}) (Version: 3.0 - Jimco Add-ins)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Pdf995 (HKLM\...\Pdf995) (Version:  - )
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5599 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
Saab EPC (HKLM\...\EPC_DeinstKey) (Version:  - )
Sam Spade version 1.14 (HKLM\...\Sam Spade version 1.14_is1) (Version:  - )
Shockwave (HKLM\...\Shockwave) (Version:  - )
Skins (Version: 2008.0422.2139.36895 - ATI) Hidden
STM (HKLM\...\STM_DeinstKey) (Version:  - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
The Font Thing (HKLM\...\The Font Thing) (Version:  - )
TOSHIBA ConfigFree (HKLM\...\{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}) (Version: 7.2.15 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.30.12 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.08 - )
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems)
TOSHIBA Software Upgrades (HKLM\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.3 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version:  - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.04 - )
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.19 - TOSHIBA Corporation)
UltraEdit 16.10 (HKLM\...\{6EF59C2E-E355-4AA8-B18A-3E19A7B8EDE9}) (Version: 16.10.29 - IDM Computer Solutions, Inc.)
Vista Shortcut Manager (HKLM\...\{47609E69-4C5E-48B1-A889-24C6B82B5C04}) (Version: 2.0 - Frameworkx)
WinZip (HKLM\...\WinZip) (Version:  - )
WIS (HKLM\...\WIS_DeinstKey) (Version:  - )
Workshop Information System - WIS (HKLM\...\Workshop Information System - WIS) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2090475765-3295667832-4244984891-1000_Classes\CLSID\{b5eedee0-c06e-11cf-8c56-444553540000}\InprocServer32 -> C:\Program Files\IDM Computer Solutions\UltraEdit\ue32ctmn.dll ()
CustomCLSID: HKU\S-1-5-21-2090475765-3295667832-4244984891-1000_Classes\CLSID\{CAA58399-0049-2A8A-2B6C-FF88B40B4923}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)

==================== Restore Points  =========================

30-11-2014 20:22:05 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2014-11-20 01:39 - 00000762 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {4841966E-F9CB-4365-B6DD-1DE342E2609C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {8ED1A824-CB53-4619-8B4D-9861B8BB22FF} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {C467DC04-FD28-46D1-BDDD-7935A3B16780} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {E144E5C4-73D6-4F99-81E5-C4CA2DD6FEF0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-19] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-11-19 09:12 - 2014-11-19 09:12 - 02151544 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxVMM.dll
2014-11-19 09:12 - 2014-11-19 09:12 - 00021488 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxREM.dll
2014-11-19 09:12 - 2014-11-19 09:12 - 04474224 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-12-01 13:01 - 2014-12-01 13:01 - 02904064 _____ () C:\Program Files\AVAST Software\Avast\defs\14120100\algo.dll
2012-10-10 17:29 - 2012-12-13 00:34 - 00036864 _____ () C:\Windows\System32\pdf995mon.dll
2014-11-19 09:12 - 2014-11-19 09:12 - 00317632 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2008-04-23 00:05 - 2008-04-23 00:05 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2014-10-03 09:13 - 2014-11-19 09:12 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:661DFA1C

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ABBYY.Licensing.FineReader.Sprint.9.0 => 2
MSCONFIG\Services: AcrSch2Svc => 3
MSCONFIG\Services: AdobeARMservice => 3
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: afcdpsrv => 3
MSCONFIG\Services: AgereModemAudio => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: ConfigFree Service => 3
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: ehstart => 2
MSCONFIG\Services: EpsonBidirectionalService => 3
MSCONFIG\Services: EpsonCustomerParticipation => 2
MSCONFIG\Services: EpsonScanSvc => 3
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: gupdate => 3
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: pinger => 2
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: Swupdtmr => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: Themes => 3
MSCONFIG\Services: TOSHIBA SMART Log Service => 2
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WdiServiceHost => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WSearch => 2
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: EEventManager => "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
MSCONFIG\startupreg: NDSTray.exe => NDSTray.exe
MSCONFIG\startupreg: PMSpeed => C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SAOB Monitor => C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
MSCONFIG\startupreg: WorkForce 610(Network) => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFJA.EXE /FU "C:\Windows\TEMP\E_SF49C.tmp" /EF "HKCU"
MSCONFIG\startupreg: WrtMon.exe => C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-2090475765-3295667832-4244984891-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2090475765-3295667832-4244984891-501 - Limited - Enabled)
lel (S-1-5-21-2090475765-3295667832-4244984891-1001 - Administrator - Enabled) => C:\Users\lel
bss (S-1-5-21-2090475765-3295667832-4244984891-1000 - Administrator - Enabled) => C:\Users\bss
Screen User (S-1-5-21-2090475765-3295667832-4244984891-1003 - Administrator - Enabled) => C:\Users\Screen User

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/01/2014 01:00:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2014 10:55:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/27/2014 09:44:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/26/2014 09:19:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/25/2014 06:16:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/24/2014 00:31:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/24/2014 10:10:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/24/2014 08:30:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/23/2014 09:56:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/22/2014 09:18:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/01/2014 01:40:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Remote Access Connection ManagerTelephony%%1058

Error: (12/01/2014 01:40:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Remote Access Connection ManagerTelephony%%1058

Error: (12/01/2014 01:40:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Remote Access Connection ManagerTelephony%%1058

Error: (12/01/2014 01:40:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Remote Access Connection ManagerTelephony%%1058

Error: (12/01/2014 01:40:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Remote Access Connection ManagerTelephony%%1058

Error: (12/01/2014 01:40:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Remote Access Connection ManagerTelephony%%1058

Error: (12/01/2014 01:40:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Remote Access Connection ManagerTelephony%%1058

Error: (12/01/2014 01:40:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Remote Access Connection ManagerTelephony%%1058

Error: (12/01/2014 01:40:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Remote Access Connection ManagerTelephony%%1058

Error: (12/01/2014 01:40:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Remote Access Connection ManagerTelephony%%1058


Microsoft Office Sessions:
=========================
Error: (12/01/2014 01:00:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2014 10:55:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/27/2014 09:44:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/26/2014 09:19:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/25/2014 06:16:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/24/2014 00:31:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/24/2014 10:10:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/24/2014 08:30:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/23/2014 09:56:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/22/2014 09:18:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-12-01 14:00:28.780
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-01 14:00:28.499
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-01 14:00:28.203
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-01 14:00:27.922
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-01 14:00:27.423
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-01 14:00:27.111
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-01 14:00:26.845
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-01 14:00:26.565
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-01 13:41:26.805
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-01 13:41:26.525
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Athlon™ X2 Dual-Core QL-60
Percentage of memory in use: 27%
Total physical RAM: 3580.91 MB
Available physical RAM: 2596.28 MB
Total Pagefile: 3527.36 MB
Available Pagefile: 2656.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1890.09 MB

==================== Drives ================================

Drive c: (Local ) (Fixed) (Total:141.69 GB) (Free:83.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive l: () (Network) (Total:74.52 GB) (Free:14.98 GB)
Drive p: () (Network) (Total:74.52 GB) (Free:32.63 GB)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 18EA275E)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=141.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=5.9 GB) - (Type=17)

==================== End Of Log ============================



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,558 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:25 AM

Posted 01 December 2014 - 05:08 PM

Sorry about the Attach link. There was a problem with it after I replied to your topic but I included instructions below.

Please do these things for me.

===================================================

How to Attach a File to Your Reply

--------------------
  • If necessary click the More Reply Options button in the lower right hand corner of the Reply to this topic section of the Post
  • In the lower left hand corner you should see a Browse button under Attach Files
  • Click the Browse button and a new window will open
  • Navigate to and double click on the file you want to attach
  • Once the file path is entered into the box click Attach This File
  • If successful, you will see the file name appear above Attach Files with a green check mark to the left
  • When you are done with your message and hit Reply the file will automatically be attached to your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-2090475765-3295667832-4244984891-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2090475765-3295667832-4244984891-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:661DFA1C
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

ListParts by Farbar for 32 bit Systems

--------------------
  • Please download ListParts.exe (for 32 bit systems) and save it to your desktop
  • Double click the icon
  • Select Run
  • Select Scan
  • Select OK and wait for a Result.txt document to open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Attached file
  • Fixlog
  • Result log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 BobintheBox

BobintheBox
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:25 PM

Posted 01 December 2014 - 06:34 PM

Thanks,

Content below

 

 

FIX LOG

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-12-2014
Ran by bss at 2014-12-01 18:27:25 Run:1
Running from C:\Users\bss\Desktop
Loaded Profiles: bss & lel & Screen User & Administrator (Available profiles: bss & lel & Screen User & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2090475765-3295667832-4244984891-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2090475765-3295667832-4244984891-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:661DFA1C
*****************

"HKU\S-1-5-21-2090475765-3295667832-4244984891-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2090475765-3295667832-4244984891-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key not found.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
C:\ProgramData\TEMP => ":661DFA1C" ADS removed successfully.

==== End of Fixlog ====

 

RESULT.TXT

 

ListParts by Farbar Version: 31-07-2014
Ran by bss (administrator) on 01-12-2014 at 18:29:43
Windows Vista (X86)
Running From: C:\Users\bss\Desktop
Language: English (United States)
************************************************************

========================= Memory info ======================

Percentage of memory in use: 36%
Total physical RAM: 3580.91 MB
Available physical RAM: 2256.22 MB
Total Pagefile: 3527.36 MB
Available Pagefile: 2347.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.84 MB

======================= Partitions =========================

1 Drive c: (Local ) (Fixed) (Total:141.69 GB) (Free:83.1 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive l: () (Network) (Total:74.52 GB) (Free:14.98 GB)
4 Drive p: () (Network) (Total:74.52 GB) (Free:32.62 GB)

  Disk ###  Status      Size     Free     Dyn  Gpt
  --------  ----------  -------  -------  ---  ---
  Disk 0    Online       149 GB      0 B         

Partitions of Disk 0:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    OEM               1500 MB  1024 KB
  Partition 2    Primary            142 GB  1501 MB
  Partition 3    Primary           6040 MB   143 GB

======================================================================================================

Disk: 0
Partition 1
Type  : 27
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C   Local        NTFS   Partition    142 GB  Healthy    System (partition with boot components)  

======================================================================================================

Disk: 0
Partition 3
Type  : 17
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 18EA275E
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=142 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=6 GB) - (Type=17)


****** End Of Log ******

Attached Files



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,558 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:25 AM

Posted 01 December 2014 - 09:00 PM

Thank you,

Please do this now.

===================================================

Running a ListParts Fix in Normal Mode

--------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type Notepad and press Enter
  • Copy and paste the contents of the below into Notepad
Disk=0 Partition=3 type=07
  • Save the file onto your desktop as Fix.txt
  • Double click the ListParts icon on your dekstop
  • Press Fix
  • When finished please press the Scan button
  • A Result.txt document will appear on your dekstop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Result log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 BobintheBox

BobintheBox
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:25 PM

Posted 01 December 2014 - 09:42 PM

Before I do this one, can you tell me what changing the partition type is going to do to that third partition?



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,558 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:25 AM

Posted 01 December 2014 - 11:03 PM

Absolutely you can ask. As it stands now that partition type is a remnant of an infected/hidden partition (Type 17). Changing it to 07 makes it a standard NTFS partition.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 BobintheBox

BobintheBox
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:25 PM

Posted 02 December 2014 - 10:56 AM

Fix run. I took a look at the third partition. It holds the "system recovery" files from the factory.

My computer seems to be running normally.

 

ListParts by Farbar Version: 31-07-2014
Ran by rsl (administrator) on 02-12-2014 at 10:10:23
Windows Vista (X86)
Running From: C:\Users\rsl\Desktop\bleeping
Language: English (United States)
************************************************************

========================= Memory info ======================

Percentage of memory in use: 25%
Total physical RAM: 3580.91 MB
Available physical RAM: 2663 MB
Total Pagefile: 3507.36 MB
Available Pagefile: 2720.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.84 MB

======================= Partitions =========================

1 Drive c: (Local ) (Fixed) (Total:141.69 GB) (Free:82.1 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (HDDRECOVERY) (Fixed) (Total:5.9 GB) (Free:0.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive l: () (Network) (Total:74.52 GB) (Free:14.98 GB)
5 Drive p: () (Network) (Total:74.52 GB) (Free:32.61 GB)


  Disk ###  Status      Size     Free     Dyn  Gpt
  --------  ----------  -------  -------  ---  ---
  Disk 0    Online       149 GB      0 B         

Partitions of Disk 0:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    OEM               1500 MB  1024 KB
  Partition 2    Primary            142 GB  1501 MB
  Partition 3    Primary           6040 MB   143 GB

======================================================================================================

Disk: 0
Partition 1
Type  : 27
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C   Local        NTFS   Partition    142 GB  Healthy    System (partition with boot components)  

======================================================================================================

Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     E   HDDRECOVERY  NTFS   Partition   6040 MB  Healthy            

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 18EA275E
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=142 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=6 GB) - (Type=07 NTFS)


****** End Of Log ******



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,558 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:25 AM

Posted 02 December 2014 - 11:03 AM

Very good,

A couple more things please.

===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Copy and paste the contents of the report in your reply
  • Note: If you receive an error report saying there are too many emoticons simply attach the file instead
  • Close the program then click Close
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double click the icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Emsisoft report (if applicable)
  • Security Check log
  • Any remaining issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 BobintheBox

BobintheBox
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:25 PM

Posted 02 December 2014 - 04:33 PM

Results of Emsisoft Full Scan below along with the Security Check Log  attached.
 
Note that some of the email messages found by Emsisoft are irrelevant i.e. the email messages are in an archived "copy" of the user's mail folder or already in the junk folder.  I don't think any of these were an actual risk as I'd never click on such a message/attachment. Also, they usually go directly to the SPAM folder without my intervention.
 
One thing that confuses me: I brought up Thunderbird and looked/searched for these. None were there, save one that was misfiled in a folder I never visit. The others are NOT visible in Thunderbird. All the missing messages are from the same time frame of a  few days in Jan 2012. I'm not sure where they are being picked up from... perhaps Thunderbird doesn't actually remove some messages that are deleted... I don't know that I've ever compacted my SPAM folder.
 
 
Either way, I don't think any of these messages caused the issue, unless Thunderbird checking them for SPAM designation without my help caused it.

Results of screen317's Security Check version 0.99.91
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 2.0.3.1025
CCleaner
Java 8 Update 25
Java version 32-bit out of Date!
Adobe Flash Player 12.0.0.43 Flash Player out of Date!
Adobe Reader 10.1.6 Adobe Reader out of Date!
Mozilla Firefox 32.0.3 Firefox out of Date!
Mozilla Thunderbird (3.1.9) Thunderbird out of Date!
Google Chrome 38.0.2125.104 Google Chrome out of date!
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast ng vbox\AvastVBoxSVC.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Attached Files


Edited by Oh My!, 02 December 2014 - 05:30 PM.


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,558 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:25 AM

Posted 02 December 2014 - 05:48 PM

I don't know how Thunderbird archives email messages. I recall years ago I ran into the same situation but not with Thunderbird. My scanner kept flagging an archived email folder but I was not really able to access the specific email causing concern.

The last entry seems to be the one relevant to your current situation: 

Wed, 5 Nov 2014 07:35:36 -0600] -> (MIME part) -> VOICE557-664-4657.zip -> VOICE748-348736.scr detected: Trojan.GenericKD.1959935 ( B)
C:\Users\bss\AppData\Roaming\Thunderbird\Profiles\ajsef1ng.default\Mail\Local Folders\Junk -> (message 1452) -> [From: PayPal Review Team <acctdept@payreview] -> (MIME part) -> Form-Attached.html -> (INFECTED_JS) detected: JS:Trojan.Script.CLR ( B)

As you can see there are quite a number of programs in need of updating. Do you need instructions for updating those?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 BobintheBox

BobintheBox
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:25 PM

Posted 02 December 2014 - 07:24 PM

No, I can do the updates. Thanks.

 

Do you think that Paypal message could have run its script without ever being looked at? I don't click on attachments in phony Paypal messages... they rarely even get looked at aside from scanning subjects or senders before a mass delete.

 

Or is it more likely I picked up this rash at a web site? I run a clean operation... but sometimes a google search result sends you somewhere less than where you want to be.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users