Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer very slow, web link redirects, start-up error messages


  • This topic is locked This topic is locked
9 replies to this topic

#1 rarco2

rarco2

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 12 December 2014 - 04:17 PM

My son recently worked with 'nasdaq' on some similar issues with his laptop.  His computer is now working like new and my son continues to speak great things about nasdaq's services and Bleeping Computer in general :grinner:  I too have some similar issues that I would like assitance with if possible.  Basic info below.

 

Issues:

- Slow start up and basically in all operations (opening apps, downloading, web, email, even typing)

- Slow web (use IE) - many times a web link will redirect me to places I don't want to go (i.e. Facebook, etc). I don't even use FB.

 

Error messages at start-up:

 

1. ArcSoft Connect Daemon has stopped working. A problem caused the program to stop working correctly.

2. Ask Toolbar Notifier has stopped working. A problem caused the program to stop working correctly.

 

Error when opening MS Outlook 2003:

 

1. the add-in "C:\Windows\system32\ActExt.dll" could not be installed or loaded.  This problem may be resolved by using Detect and Repair on the help menu.  (tried and that did not work).

 

Hardware:

 

Gateway laptop (T-1628) running Vista (Home Premium) service pack 2, 32 bit OS

 

Any help or assistance you could offer would be greatly appreciated!

 

Thanks,

 

rarco2

 

 

 

FRST log details below...

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-12-2014 02
Ran by bob (administrator) on BOB-PC on 12-12-2014 15:57:04
Running from C:\Users\bob\Downloads
Loaded Profile: bob (Available profiles: bob)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple, Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe
() C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Chicony) C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(IDT, Inc.) C:\Windows\sttray.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\Fitbit Connect.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_246_ActiveX.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
() C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-11-17] (Synaptics, Inc.)
HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Gateway\traybar.exe [638976 2007-06-29] (Chicony)
HKLM\...\Run: [NapsterShell] => C:\Program Files\Napster\napster.exe /systray
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [413696 2008-05-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [267048 2008-06-02] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-10-15] (Adobe Systems Incorporated)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [WorkFlowTray] => "C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe"
HKLM\...\Run: [Opware14] => "C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe"
HKLM\...\Run: [OpScheduler] => "C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe"
HKLM\...\Run: [OP14 Reminder] => "C:\Program Files\ScanSoft\OmniPagePro14.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPagePro14.0\EregEng\ereg.ini"
HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1564872 2012-06-06] (Ask)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2039192 2014-11-20] (APN)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Windows\sttray.exe [405504 2007-07-27] (IDT, Inc.)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKLM\...\RunOnce: [Launcher] => C:\Windows\SMINST\launcher.exe [40072 2008-01-18] (soft thinks)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\...\MountPoints2: F - F:\WDSetup.exe
HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\...\MountPoints2: {3ecd738c-e41c-11de-8a8a-0003255b63de} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\...\MountPoints2: {b16e4747-86f2-11df-a379-0003255b63de} - F:\Setup_FlipShare.exe
HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\...\MountPoints2: {c9188947-b790-11df-a4b9-0003255b63de} - F:\WDSetup.exe
HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\...\MountPoints2: {f14d36a2-075e-11df-8cd9-0003255b63de} - F:\LinksysConnectPC.exe
Startup: C:\Users\bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-1628
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-1628
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-1628
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-1628
HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-1819276629-3356792198-2940103775-1000 - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
URLSearchHook: HKU\S-1-5-21-1819276629-3356792198-2940103775-1000 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKU\S-1-5-21-1819276629-3356792198-2940103775-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1819276629-3356792198-2940103775-1000 -> DefaultScope {349008F9-DE5D-4546-BA9F-E76AD32171AE} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US679D20141001&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1819276629-3356792198-2940103775-1000 -> {349008F9-DE5D-4546-BA9F-E76AD32171AE} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US679D20141001&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1819276629-3356792198-2940103775-1000 -> {547EEAAC-3665-4e6c-B326-C622D698543A} URL = http://www.bing.com/search?q={searchTerms}&FORM=SOLTDF&pc=SOLTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1819276629-3356792198-2940103775-1000 -> {BE34F474-7BAB-478C-AC84-F8C7ECB345FA} URL = http://www.search.ask.com/web?p2=%5EB3O%5EYYYYYY%5EYY%5EUS&gct=&itbv=12.2.1.555&o=APN11002&tpid=WBV7&apn_uid=D70E5D49-ABFA-4CEF-8C2A-1B1D02DE5ED9&apn_ptnrs=%5EB3O&apn_dtid=%5EYYYYYY%5EYY%5EUS&apn_dbr=ie_9.0.8112.16496&doi=2013-07-23&trgb=IE&q={searchTerms}&psv=
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Ask Toolbar -> {57425637-0076-A76A-76A7-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\WBV7\Passport.dll (APN LLC.)
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ->  No File
BHO: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: No Name -> {7E853D72-626A-48EC-A868-BA8D5E23E045} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> c:\windows\system32\BAE.dll (Gateway Inc.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - Ask Toolbar - {57425637-0076-A76A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\WBV7\Passport.dll (APN LLC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\.DEFAULT -> Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKU\S-1-5-21-1819276629-3356792198-2940103775-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1819276629-3356792198-2940103775-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-1819276629-3356792198-2940103775-1000 -> Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://68.109.238.194/activex/AMC.cab
DPF: {F9BF64A0-5A65-43E0-ACDB-B223E7F9DDD9} http://68.109.238.194/WEBWATCH2.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Winsock: Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Winsock: Catalog5 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1819276629-3356792198-2940103775-1000: @citrixonline.com/appdetectorplugin -> C:\Users\bob\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-15]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2009-06-26]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Weatherbug Toolbar) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaodccgghcfficmpomnifhhlmlbfef [2014-06-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-25]
CHR Extension: (SiteAdvisor) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2011-09-09]
CHR Extension: (Google Wallet) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-25]
CHR HKLM\...\Chrome\Extension: [aaaaodccgghcfficmpomnifhhlmlbfef] - C:\Users\bob\AppData\Local\APN\GoogleCRXs\aaaaodccgghcfficmpomnifhhlmlbfef_7.15.4.0.crx [2012-09-20]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
CHR HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\bob\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
CHR HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-10-30] (APN LLC.)
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [110592 2008-02-18] (Apple, Inc.) [File not signed]
S3 BlackBerry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-02-06] (Research In Motion Limited) [File not signed]
R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.)
R2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [455944 2010-05-14] ()
S3 GameConsoleService; C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe [165416 2008-05-05] (WildTangent, Inc.)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [133696 2014-11-13] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-09-04] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2010-02-11] (SolidWorks) [File not signed]
S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation)
S2 Automatic LiveUpdate Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [X]
S3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [X]
S2 OneTouch 4.0 Monitor; "C:\Program Files\Application Folder\OtService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [350240 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81296 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217224 2014-06-20] (McAfee, Inc.)
S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [253952 2007-06-08] (Realtek Semiconductor Corporation                           )
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [11776 2007-05-23] (Chicony Electronics Co., Ltd.)
S3 APL531; System32\Drivers\ov550i.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-12 15:57 - 2014-12-12 16:05 - 00029574 _____ () C:\Users\bob\Downloads\FRST.txt
2014-12-12 15:55 - 2014-12-12 15:57 - 00000000 ____D () C:\FRST
2014-12-12 15:49 - 2014-12-12 15:49 - 01111040 _____ (Farbar) C:\Users\bob\Downloads\FRST.exe
2014-12-12 15:40 - 2014-12-12 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-12-12 15:10 - 2014-11-03 19:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-12 15:08 - 2014-11-06 20:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 17:01 - 2014-12-02 21:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-10 10:27 - 2014-11-24 15:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 10:27 - 2014-11-24 15:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 10:27 - 2014-11-24 15:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 10:27 - 2014-11-24 15:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 10:27 - 2014-11-24 15:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 10:27 - 2014-11-24 15:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 10:27 - 2014-11-24 15:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 10:27 - 2014-11-24 15:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-10 10:27 - 2014-11-24 15:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 10:27 - 2014-11-24 15:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 10:27 - 2014-11-24 15:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 10:27 - 2014-11-24 15:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 10:27 - 2014-11-24 15:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 10:27 - 2014-11-24 15:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 10:27 - 2014-11-24 15:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-10 10:27 - 2014-11-24 15:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 10:27 - 2014-11-24 15:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 10:27 - 2014-11-24 15:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 10:27 - 2014-11-24 15:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 10:27 - 2014-11-24 15:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 10:27 - 2014-11-24 15:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-10 10:27 - 2014-11-24 15:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-20 09:43 - 2014-10-23 20:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL
2014-11-13 11:05 - 2014-12-12 15:10 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfff5b9c97e58f.job
2014-11-12 15:47 - 2014-10-09 20:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 15:47 - 2014-10-09 20:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 15:47 - 2014-10-09 20:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 15:47 - 2014-10-09 18:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 15:45 - 2014-08-26 19:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 15:45 - 2014-08-26 19:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 15:44 - 2014-10-23 20:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 15:42 - 2014-08-11 21:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 15:40 - 2014-10-17 20:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 15:40 - 2014-10-02 20:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 15:40 - 2014-10-02 20:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 15:40 - 2014-10-02 20:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 15:40 - 2014-10-02 20:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 15:37 - 2014-10-12 18:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-12 16:03 - 2008-02-26 20:44 - 01237566 _____ () C:\Windows\WindowsUpdate.log
2014-12-12 15:53 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2014-12-12 15:34 - 2011-09-09 14:54 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-12 15:31 - 2008-01-20 21:47 - 00234736 _____ () C:\Windows\PFRO.log
2014-12-12 15:31 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-12 15:31 - 2006-11-02 07:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-12 15:31 - 2006-11-02 07:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-12 15:28 - 2006-11-02 08:01 - 00032584 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-12 15:18 - 2008-06-23 15:02 - 00000376 _____ () C:\Windows\ODBC.INI
2014-12-12 15:17 - 2012-07-19 07:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-12 15:17 - 2008-02-26 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-12-12 15:17 - 2006-11-02 05:23 - 00000346 _____ () C:\Windows\win.ini
2014-12-12 15:14 - 2014-06-19 09:52 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8bceab9dedc.job
2014-12-12 15:07 - 2008-02-26 21:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 10:17 - 2012-05-30 07:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-10 10:17 - 2011-06-20 18:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-01 20:00 - 2008-06-20 20:08 - 00000542 _____ () C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - bob.job
2014-11-21 11:01 - 2011-08-26 13:53 - 00018799 _____ () C:\Users\bob\AppData\Roaming\Rim.Desktop.Exception.log
2014-11-21 11:01 - 2011-08-26 13:53 - 00012089 _____ () C:\Users\bob\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-11-21 10:06 - 2006-11-02 05:33 - 00765276 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-12 16:42 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-12 16:16 - 2006-11-02 07:47 - 00304320 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 15:34 - 2008-02-26 21:14 - 00000000 ____D () C:\Program Files\Google
2014-11-12 11:29 - 2014-11-11 11:42 - 00000000 ___RD () C:\Users\bob\Google Drive

Some content of TEMP:
====================
C:\Users\bob\AppData\Local\Temp\ApnStub.exe
C:\Users\bob\AppData\Local\Temp\G2MInstallerExtractor.exe
C:\Users\bob\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\bob\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\bob\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\bob\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\bob\AppData\Local\Temp\mpegc.dll
C:\Users\bob\AppData\Local\Temp\Offercast2802_WBV5_.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-12 15:39

==================== End Of Log ============================

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:44 AM

Posted 13 December 2014 - 09:59 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 

Ask Toolbar Notifier has stopped working. A problem caused the program to stop working correctly.

This tool bar is not recommended and it's supporting Ads.
It probably was installed with a 3rd party program.
===
 

Error when opening MS Outlook 2003:
1. the add-in "C:\Windows\system32\ActExt.dll" could not be installed or loaded. This problem may be resolved by using Detect and Repair on the help menu. (tried and that did not work)


Refer to this article. See what you can do about it.
http://answers.microsoft.com/en-us/office/forum/office_2007-outlook/actextdll-cannot-be-loaded-by-outlook/a8ca588a-e672-44cb-9ee7-4150135678cf
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
HKLM\...\Run: [] => [X]
HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1564872 2012-06-06] (Ask)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2039192 2014-11-20] (APN)
URLSearchHook: HKU\S-1-5-21-1819276629-3356792198-2940103775-1000 - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
URLSearchHook: HKU\S-1-5-21-1819276629-3356792198-2940103775-1000 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1819276629-3356792198-2940103775-1000 -> {547EEAAC-3665-4e6c-B326-C622D698543A} URL = http://www.bing.com/search?q={searchTerms}&FORM=SOLTDF&pc=SOLTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1819276629-3356792198-2940103775-1000 -> {BE34F474-7BAB-478C-AC84-F8C7ECB345FA} URL = http://www.search.ask.com/web?p2=^B3O^YYYYYY^YY^US&gct=&itbv=12.2.1.555&o=APN11002&tpid=WBV7&apn_uid=D70E5D49-ABFA-4CEF-8C2A-1B1D02DE5ED9&apn_ptnrs=^B3O&apn_dtid=^YYYYYY^YY^US&apn_dbr=ie_9.0.8112.16496&doi=2013-07-23&trgb=IE&q={searchTerms}&psv=
BHO: Ask Toolbar -> {57425637-0076-A76A-76A7-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\WBV7\Passport.dll (APN LLC.)
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ->  No File
BHO: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll No File
BHO: No Name -> {7E853D72-626A-48EC-A868-BA8D5E23E045} ->  No File
BHO: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - Ask Toolbar - {57425637-0076-A76A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\WBV7\Passport.dll (APN LLC.)
Toolbar: HKU\.DEFAULT -> Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKU\S-1-5-21-1819276629-3356792198-2940103775-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1819276629-3356792198-2940103775-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-1819276629-3356792198-2940103775-1000 -> Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Wallet) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-25]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
CHR HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\bob\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
CHR HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-10-30] (APN LLC.)
S2 Automatic LiveUpdate Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [X]
S3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [X]
S2 OneTouch 4.0 Monitor; "C:\Program Files\Application Folder\OtService.exe" [X]
S3 APL531; System32\Drivers\ov550i.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\Users\bob\AppData\Local\Temp\ApnStub.exe
C:\Users\bob\AppData\Local\Temp\G2MInstallerExtractor.exe
C:\Users\bob\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\bob\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\bob\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\bob\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\bob\AppData\Local\Temp\mpegc.dll
C:\Users\bob\AppData\Local\Temp\Offercast2802_WBV5_.exe
C:\Program Files\AskPartnerNetwork
C:\Program Files\Ask.com

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#3 rarco2

rarco2
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 14 December 2014 - 04:55 PM

Computer is marginally faster but still seems to be redirecting and slow. 

 

Posted logs per your request:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-12-2014
Ran by bob at 2014-12-14 15:38:07 Run:1
Running from C:\Users\bob\Downloads
Loaded Profile: bob (Available profiles: bob)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start

CloseProcesses:

(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
HKLM\...\Run: [] => [X]
HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1564872 2012-06-06] (Ask)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2039192 2014-11-20] (APN)
URLSearchHook: HKU\S-1-5-21-1819276629-3356792198-2940103775-1000 - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
URLSearchHook: HKU\S-1-5-21-1819276629-3356792198-2940103775-1000 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1819276629-3356792198-2940103775-1000 -> {547EEAAC-3665-4e6c-B326-C622D698543A} URL = http://www.bing.com/search?q={searchTerms}&FORM=SOLTDF&pc=SOLTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1819276629-3356792198-2940103775-1000 -> {BE34F474-7BAB-478C-AC84-F8C7ECB345FA} URL = http://www.search.ask.com/web?p2=^B3O^YYYYYY^YY^US&gct=&itbv=12.2.1.555&o=APN11002&tpid=WBV7&apn_uid=D70E5D49-ABFA-4CEF-8C2A-1B1D02DE5ED9&apn_ptnrs=^B3O&apn_dtid=^YYYYYY^YY^US&apn_dbr=ie_9.0.8112.16496&doi=2013-07-23&trgb=IE&q={searchTerms}&psv=
BHO: Ask Toolbar -> {57425637-0076-A76A-76A7-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\WBV7\Passport.dll (APN LLC.)
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ->  No File
BHO: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll No File
BHO: No Name -> {7E853D72-626A-48EC-A868-BA8D5E23E045} ->  No File
BHO: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - Ask Toolbar - {57425637-0076-A76A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\WBV7\Passport.dll (APN LLC.)
Toolbar: HKU\.DEFAULT -> Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKU\S-1-5-21-1819276629-3356792198-2940103775-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1819276629-3356792198-2940103775-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-1819276629-3356792198-2940103775-1000 -> Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Wallet) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-25]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
CHR HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\bob\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
CHR HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-10-30] (APN LLC.)
S2 Automatic LiveUpdate Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [X]
S3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [X]
S2 OneTouch 4.0 Monitor; "C:\Program Files\Application Folder\OtService.exe" [X]
S3 APL531; System32\Drivers\ov550i.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\Users\bob\AppData\Local\Temp\ApnStub.exe
C:\Users\bob\AppData\Local\Temp\G2MInstallerExtractor.exe
C:\Users\bob\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\bob\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\bob\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\bob\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\bob\AppData\Local\Temp\mpegc.dll
C:\Users\bob\AppData\Local\Temp\Offercast2802_WBV5_.exe
C:\Program Files\AskPartnerNetwork
C:\Program Files\Ask.com

End
*****************

Processes closed successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe => No running process found
C:\Program Files\Ask.com\Updater\Updater.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon => Value not found.
HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{D8278076-BC68-4484-9233-6E7F1628B56C} => value deleted successfully.
HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} => Value not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
"HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{547EEAAC-3665-4e6c-B326-C622D698543A}" => Key deleted successfully.
"HKCR\CLSID\{547EEAAC-3665-4e6c-B326-C622D698543A}" => Key not found.
"HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE34F474-7BAB-478C-AC84-F8C7ECB345FA}" => Key deleted successfully.
"HKCR\CLSID\{BE34F474-7BAB-478C-AC84-F8C7ECB345FA}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57425637-0076-A76A-76A7-7A786E7484D7}" => Key not found.
"HKCR\CLSID\{57425637-0076-A76A-76A7-7A786E7484D7}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" => Key deleted successfully.
"HKCR\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => Key deleted successfully.
"HKCR\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}" => Key deleted successfully.
"HKCR\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key not found.
"HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value not found.
"HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{57425637-0076-A76A-76A7-7A786E7484D7} => Value not found.
"HKCR\CLSID\{57425637-0076-A76A-76A7-7A786E7484D7}" => Key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
"HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key not found.
HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.
"HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" => Key not found.
HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
"HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully.
"HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully.
C:\Program Files\Google\Chrome\Application\35.0.1916.153\gcswf32.dll not found.
C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll not found.
C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll not found.
C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll not found.
C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll not found.
C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll not found.
C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho" => Key deleted successfully.
"HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf" => Key deleted successfully.
"HKU\S-1-5-21-1819276629-3356792198-2940103775-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully.
APNMCP => Service not found.
Automatic LiveUpdate Scheduler => Service deleted successfully.
LiveUpdate => Service deleted successfully.
OneTouch 4.0 Monitor => Service deleted successfully.
APL531 => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
C:\Users\bob\AppData\Local\Temp\ApnStub.exe => Moved successfully.
C:\Users\bob\AppData\Local\Temp\G2MInstallerExtractor.exe => Moved successfully.
C:\Users\bob\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\bob\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\bob\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\bob\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe => Moved successfully.
C:\Users\bob\AppData\Local\Temp\mpegc.dll => Moved successfully.
C:\Users\bob\AppData\Local\Temp\Offercast2802_WBV5_.exe => Moved successfully.
"C:\Program Files\AskPartnerNetwork" => File/Directory not found.
"C:\Program Files\Ask.com" => File/Directory not found.

The system needed a reboot.

==== End of Fixlog ====

 

 

AdwCleaner log before clean:

 

 AdwCleaner v4.105 - Report created 14/12/2014 at 15:56:45
# Updated 08/12/2014 by Xplode
# Database : 2014-12-08.2 [Local]
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : bob - BOB-PC
# Running from : C:\Users\bob\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\Ask
Folder Found : C:\Users\bob\AppData\Local\apn
Folder Found : C:\Users\bob\AppData\Local\Temp\apn
Folder Found : C:\Users\bob\AppData\Local\Temp\AskSearch

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16599

-\\ Google Chrome v39.0.2171.95

[C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=WBV5&o=14540&locale=en_US&apn_uid=82d09870-78ec-4d2d-8786-ca9932d6e2b4&apn_ptnrs=WK&apn_sauid=A959783E-B0B8-4885-8CFA-E54052266406&apn_dtid=YYYYYYYYUS&q={searchTerms}
[C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=WBV5&o=14540&locale=en_US&apn_uid=82d09870-78ec-4d2d-8786-ca9932d6e2b4&apn_ptnrs=WK&apn_sauid=A959783E-B0B8-4885-8CFA-E54052266406&apn_dtid=YYYYYYYYUS&q={searchTerms}
[C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=WBV5&o=14540&locale=en_US&apn_uid=&apn_ptnrs=WK&apn_sauid=&apn_dtid=YYYYYYYYUS&psv=&q={searchTerms}
[C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=WBV5&o=14540&locale=en_US&apn_uid=&apn_ptnrs=WK&apn_sauid=&apn_dtid=YYYYYYYYUS&psv=&q={searchTerms}
[C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [3283 octets] - [14/12/2014 15:56:45]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3343 octets] ##########

 

 

AdwCleaner after clean:

 

# AdwCleaner v4.105 - Report created 14/12/2014 at 16:17:44
# Updated 08/12/2014 by Xplode
# Database : 2014-12-08.2 [Local]
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : bob - BOB-PC
# Running from : C:\Users\bob\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Users\bob\AppData\Local\Temp\apn
Folder Deleted : C:\Users\bob\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\bob\AppData\Local\apn

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16599

-\\ Google Chrome v39.0.2171.95

[C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=WBV5&o=14540&locale=en_US&apn_uid=82d09870-78ec-4d2d-8786-ca9932d6e2b4&apn_ptnrs=WK&apn_sauid=A959783E-B0B8-4885-8CFA-E54052266406&apn_dtid=YYYYYYYYUS&q={searchTerms}
[C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=WBV5&o=14540&locale=en_US&apn_uid=82d09870-78ec-4d2d-8786-ca9932d6e2b4&apn_ptnrs=WK&apn_sauid=A959783E-B0B8-4885-8CFA-E54052266406&apn_dtid=YYYYYYYYUS&q={searchTerms}
[C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=WBV5&o=14540&locale=en_US&apn_uid=&apn_ptnrs=WK&apn_sauid=&apn_dtid=YYYYYYYYUS&psv=&q={searchTerms}
[C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=WBV5&o=14540&locale=en_US&apn_uid=&apn_ptnrs=WK&apn_sauid=&apn_dtid=YYYYYYYYUS&psv=&q={searchTerms}
[C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [3423 octets] - [14/12/2014 15:56:45]
AdwCleaner[S0].txt - [3386 octets] - [14/12/2014 16:17:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3446 octets] ##########

 

Security Check log below:

 

Results of screen317's Security Check version 0.99.93 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled! 
McAfee Anti-Virus and Anti-Spyware  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 McAfee SiteAdvisor   
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Out of date Malwarebytes Anti-Malware installed!
 Java™ 6 Update 31 
 Java™ 6 Update 4 
 Java™ 6 Update 5 
 Java™ 6 Update 7 
 Java version 32-bit out of Date!
 Adobe Reader 8 Adobe Reader out of Date!
 Google Chrome (39.0.2171.71)
 Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 5 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:44 AM

Posted 17 December 2014 - 10:33 AM


Sorry for this long delay.

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

ipconfig /release

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
The latest version is Java 7 Update 71 for the 32 bit Operating system.
Java 8 Update 25 for the 64 bit Operating system.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java™ 6 Update 31
Java™ 6 Update 4
Java™ 6 Update 5
Java™ 6 Update 7


===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

How is the computer running now?

#5 rarco2

rarco2
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 22 December 2014 - 11:30 AM

requested actions complete:

 

- Java 7 update 71 installed

- Removed the 4 old versions

- Latest ver of Adobe reader installed with McAfee Security scan plus

 

Still having issues in IE (slow).  Some links in your email didn't successfully open in IE (Internet Explorer cannot display the webpage).   The weblink actually shows (ieframe.dll then says the webpage cannnot be displayed)

 

Chrome however has no problem going to those same pages.

 

When the computer shutdowns/restarts it sometimes displays 'shutting down CCC.exe'

 

-rarco2



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:44 AM

Posted 22 December 2014 - 02:40 PM


When the computer shutdowns/restarts it sometimes displays 'shutting down CCC.exe'


Refer to this page.
http://www.howtogeek.com/howto/8679/what-is-ccc.exe-and-why-is-it-running/

===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

How is the computer running now?

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:44 AM

Posted 28 December 2014 - 09:01 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#8 rarco2

rarco2
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 30 December 2014 - 06:56 PM

Computer is seems to continue to improve in terms of perfomance.  In looking at the temp file (typing '%temp%' in the start menu) there is over 4200 files.  Would running TFC by Oldtimer be OK to do?

 

Thanks for your continued support!

 

Regards,

 

rarco2



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:44 AM

Posted 31 December 2014 - 09:36 AM

Yes run it.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:44 AM

Posted 06 January 2015 - 10:13 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users