Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible virus-Windows Explorer crashing after Norton warning


  • This topic is locked This topic is locked
7 replies to this topic

#1 despBond

despBond

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 26 December 2014 - 09:15 PM

Hi all, 

 

after visiting some random websites tonight, my Norton 360 antivirus showed me a message saying it blocked a "Web Attack: Malicious file download 24". I didn't download anything. Checking my Norton logs, I see that the intrusion attempt came from IP 80.252.188.229, 80. URL: adrotator.se/(.....).

 

Soon after, I kept on receiving a repeated error message "Windows Explorer has to shut down". When I restart the Windows Explorer, I keep on getting the same error every 10-20 seconds, so I cannot really access any directory or file through the usual windows menu. At the same time, all my System Restore points disappeared. I ran a Norton 360 full scan and mysteriously enough I get no threats.

 

The details of the error are as follows: InPageError  code: c00009c. I have tried multiple suggestions online, but nothing works. Namely, sfc /scannow exits after ~9% progress with an error "Windows Resource Protection could not perform the requested operation". I checked whether the PendingDeletes and PendingRenames folders are in place and they are, albeit the first is hidden. Also, chkdsk doesn't do the job; when I boot I receive an error "autochk not found, skipping autochk". My computer is borderline functional when I boot on Safe mode with or without networking, but totally non-functional when I boot on Normal mode.

 

Many thanks in advance

 

 

Here are the details of the DDS file:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 8.0.7600.17267  BrowserJavaVersion: 1.6.0_17
Run by stathis1 at 2:32:33 on 2014-12-27
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3891.2753 [GMT 2:00]
.
AV: Norton 360 *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\ctfmon.exe
C:\windows\helppane.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\WerFault.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig?brand=tsna&bmod=tsna
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coieplg.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [Akamai NetSession Interface] "C:\Users\stathis1\AppData\Local\Akamai\netsession_win.exe"
uRun: [Norton Download Manager{NBRT70-B18-Retail-4abb-B07C-C084B04B4F12}] C:\Users\Public\Downloads\Norton\{NBRT70-B18-Retail-4abb-B07C-C084B04B4F12}\NBRT-Retail-Downloader.exe /m
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\stathis1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download with Xilisoft iPad Magic Platinum - C:\Program Files (x86)\Xilisoft\iPad Magic Platinum\upod_link.HTM
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{983B8FFF-1DA8-4425-A037-D2E3E77F3BE2} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{983B8FFF-1DA8-4425-A037-D2E3E77F3BE2}\1565655334 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{983B8FFF-1DA8-4425-A037-D2E3E77F3BE2}\34963736F6B483031303 : DHCPNameServer = 68.237.161.12 71.243.0.12
TCP: Interfaces\{983B8FFF-1DA8-4425-A037-D2E3E77F3BE2}\36F6E6E6D287364633230303 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{983B8FFF-1DA8-4425-A037-D2E3E77F3BE2}\36F6E6E6D287931353135683 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{983B8FFF-1DA8-4425-A037-D2E3E77F3BE2}\65F6461666F6E656D20333333383 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{983B8FFF-1DA8-4425-A037-D2E3E77F3BE2}\B6E6F607B616 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{983B8FFF-1DA8-4425-A037-D2E3E77F3BE2}\D497B6F6E6F63745865616 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BE9E6659-C0B4-4303-9CA9-94583E73D258} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coieplg.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coieplg.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\System32\NvCpl.dll,NvStartup
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [SmartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [FAHConsole] C:\Program Files\File Association Helper\FAHConsole.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\stathis1\AppData\Roaming\Mozilla\Firefox\Profiles\tblahbcu.default\
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\N360x64\1506000.020\symds64.sys [2014-10-4 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\N360x64\1506000.020\symefa64.sys [2014-10-4 1148120]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-30 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2014-6-25 482384]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-20 14472]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2014-6-24 56344]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2014-6-24 331880]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\System32\drivers\rtl8192se.sys [2014-6-24 1103904]
S1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [2014-12-11 1587416]
S1 ccSet_N360;N360 Settings Manager;C:\windows\System32\drivers\N360x64\1506000.020\ccsetx64.sys [2014-10-4 162392]
S1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\IPSDefs\20141222.001\IDSviA64.sys [2014-12-23 637656]
S1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\N360x64\1506000.020\ironx64.sys [2014-10-4 266968]
S1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\N360x64\1506000.020\symnets.sys [2014-10-4 593112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe [2014-10-4 265040]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2014-6-25 103792]
S2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2014-6-25 126392]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2014-6-24 2320920]
S3 acpials;ALS Sensor Filter;C:\windows\System32\drivers\acpials.sys [2009-7-14 9728]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-12-12 142640]
S3 ExampleBloomberg;OpenGamma Example Engine (Bloomberg);C:\Program Files\OpenGamma Ltd\OpenGamma Server\Bloomberg\bin\Service.exe [2013-10-9 121328]
S3 ExampleSimulated;OpenGamma Example Engine (simulated market data);C:\Program Files\OpenGamma Ltd\OpenGamma Server\Simulated\bin\Service.exe [2013-10-9 121328]
S3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-2-27 158976]
S3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]
S3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2010-5-19 164464]
S3 OpenGammaLanguageAPI;OpenGamma Language Integration;C:\Program Files\OpenGamma Ltd\Language Integration Service\x64\ServiceRunner.exe [2013-10-9 154096]
S3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2014-6-25 35008]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2014-6-25 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-6 137560]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-24 835952]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2014-6-27 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2014-12-27 00:10:13 -------- d-----w- C:\windows\System32\drivers\NBRTWizardx64\0700000.012
2014-12-27 00:10:13 -------- d-----w- C:\windows\System32\drivers\NBRTWizardx64
2014-12-27 00:10:12 -------- d-----w- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2014-12-26 23:54:31 -------- d-----w- C:\Users\stathis1\AppData\Local\NPE
2014-12-19 09:54:59 -------- d-----w- C:\Program Files\WinDjView
2014-12-18 17:43:59 -------- d-----w- C:\Users\stathis1\miniIpadBackupDec2014
2014-12-18 15:55:45 -------- d-----w- C:\Users\stathis1\tutorial
2014-12-18 15:06:13 -------- d-----w- C:\Anaconda1
2014-12-18 06:21:30 -------- d-----w- C:\Anaconda2.7
2014-12-06 16:28:50 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2014-12-06 16:28:50 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2014-12-06 16:28:50 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2014-12-06 16:28:50 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2014-12-06 16:28:50 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2014-12-06 16:28:50 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2014-12-06 16:28:50 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2014-12-06 16:28:50 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2014-12-06 16:28:50 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2014-12-06 16:28:50 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2014-12-06 16:25:21 -------- d-----w- C:\Program Files\iPod
2014-12-06 16:25:19 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-06 16:25:19 -------- d-----w- C:\Program Files\iTunes
2014-12-06 16:25:19 -------- d-----w- C:\Program Files (x86)\iTunes
2014-12-05 20:40:47 49536 ----a-w- C:\windows\SysWow64\agremove.exe
2014-12-02 19:12:07 -------- d-----w- C:\Users\stathis1\AppData\Local\anaconda-launcher
2014-12-02 16:58:46 -------- d-----w- C:\b59d36914db38c676b6299e1a0bb
2014-12-02 16:29:35 -------- d-----w- C:\ProgramData\VS
2014-12-02 16:26:59 -------- d-----w- C:\e962c7d5f5384abbf939
2014-12-02 16:16:14 -------- d-----w- C:\Users\stathis1\.spyder2
2014-12-02 16:13:10 -------- d-----w- C:\Users\stathis1\AppData\Roaming\Continuum
2014-12-02 16:13:10 -------- d-----w- C:\Users\stathis1\.continuum
2014-12-02 16:04:35 -------- d-----w- C:\Anaconda
2014-11-30 06:47:59 78872 ----a-w- C:\windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2014-11-30 06:47:59 50200 ----a-w- C:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2014-11-30 06:47:47 79896 ----a-w- C:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2014-11-30 06:47:47 111640 ----a-w- C:\windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2014-11-30 06:46:41 -------- d-----w- C:\windows\System32\RsFx
2014-11-30 06:45:14 -------- d-----w- C:\windows\SysWow64\1033
2014-11-30 06:45:14 -------- d-----w- C:\windows\System32\1033
2014-11-30 06:42:34 -------- d-----w- C:\Program Files\Microsoft SQL Server
2014-11-30 06:39:51 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2014-11-30 06:39:51 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2014-11-30 06:39:43 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2014-11-30 06:38:06 112832 ----a-w- C:\ProgramData\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2014-11-30 06:34:47 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2014-11-30 06:34:47 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
2014-11-30 06:33:52 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0
2014-11-30 06:33:52 -------- d-----w- C:\Program Files\Microsoft Help Viewer
2014-11-29 18:21:41 -------- d-----w- C:\Users\stathis1\.ssh
2014-11-29 18:20:14 -------- d-----w- C:\Users\stathis1\AppData\Roaming\GitHub
2014-11-29 18:20:14 -------- d-----w- C:\Users\stathis1\AppData\Local\GitHub
2014-11-29 18:14:57 -------- d-----w- C:\Users\stathis1\AppData\Local\Apps
2014-11-29 18:14:54 -------- d-----w- C:\Users\stathis1\AppData\Local\Deployment
2014-11-29 07:15:27 -------- d-----w- C:\0f2ad90e59a5f37d5cd438c33887d0f8
2014-11-28 16:26:22 -------- d-----w- C:\RBuildTools
2014-11-28 16:15:06 -------- d-----w- C:\Rtools
2014-11-28 06:39:49 -------- d-----w- C:\Program Files (x86)\GnuWin32
.
==================== Find3M  ====================
.
2014-12-17 19:05:40 17920 ----a-w- C:\windows\System32\rpcnetp.exe
2014-11-20 01:22:42 111016 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2014-11-18 18:47:48 1247904 ----a-w- C:\windows\SysWow64\FM20.DLL
2014-11-06 02:44:31 309760 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll
2014-11-06 02:30:07 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll
2014-10-02 12:23:20 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
2014-10-02 12:23:20 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts
.
============= FINISH:  2:33:42.34 ===============

Attached Files


Edited by despBond, 26 December 2014 - 09:43 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:08 PM

Posted 30 December 2014 - 11:40 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 despBond

despBond
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 31 December 2014 - 06:21 AM

Hi nasdaq,

 

thanks very much for your reply. First of all, let me say I managed to restore most of my computer's functionality by deleting Thumbnails (MyComputer->Disk Cleanup->delete Thumbnails file). However, running windows repair from the partition drive and then running sfc /scannow, it seems that some features cannot be repaired. For example disk autochk still cant be found and run.

 

Here are the logs:

 

-> Malwarebyte

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 31-Dec-14
Scan Time: 12:04:59 PM
Logfile: malwarescan.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.31.02
Rootkit Database: v2014.12.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7
CPU: x64
File System: NTFS
User: stathis1
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 384082
Time Elapsed: 27 min, 0 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUP.Optional.InstallCore.A, HKU\S-1-5-21-4185136276-2238137883-2632714361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [966b7aef1d5f38fe40c37a2a31d22cd4], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-4185136276-2238137883-2632714361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [3cc5a0c904783cfa938bfcbe897b51af], 
 
Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-4185136276-2238137883-2632714361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0M2P0U0F0B1O1O1G, , [3cc5a0c904783cfa938bfcbe897b51af]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

->AdwCleaner

# AdwCleaner v4.106 - Report created 31/12/2014 at 12:38:20
# Updated 21/12/2014 by Xplode
# Database : 2014-12-30.1 [Live]
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : stathis1 - STATHIS1-PC
# Running from : C:\Users\stathis1\Downloads\adwcleaner_4.106.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\stathis1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
Folder Found : C:\ProgramData\Partner
Folder Found : C:\Users\stathis1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Folder Found : C:\Users\stathis1\Documents\Software
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7600.17267
 
 
-\\ Mozilla Firefox v30.0 (en-US)
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\stathis1\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\stathis1\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\stathis1\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\stathis1\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxps://opengamma-docs.atlassian.net/wiki/dosearchsite.action?queryString={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [2476 octets] - [31/12/2014 12:38:20]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2536 octets] ##########
 
-> FRST LOG
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by stathis1 (administrator) on STATHIS1-PC on 31-12-2014 13:16:19
Running from C:\Users\stathis1\Downloads
Loaded Profiles: UpdatusUser & stathis1 (Available profiles: UpdatusUser & stathis1)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Akamai Technologies, Inc.) C:\Users\stathis1\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Akamai Technologies, Inc.) C:\Users\stathis1\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-11] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-10] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-25] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-04-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-24] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3165040 2013-08-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-26] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-05] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-23] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252728 2010-03-17] (TOSHIBA)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-08-10] (Toshiba)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-08-14] (Western Digital Technologies, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4185136276-2238137883-2632714361-1000\...\Run: [] => [X]
HKU\S-1-5-21-4185136276-2238137883-2632714361-1000\...\RunOnce: [SysOff] => C:\Windows\SysWOW64\SYSPREP\ClosespV.exe
HKU\S-1-5-21-4185136276-2238137883-2632714361-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-29] (Google Inc.)
HKU\S-1-5-21-4185136276-2238137883-2632714361-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-4185136276-2238137883-2632714361-1001\...\Run: [Akamai NetSession Interface] => C:\Users\stathis1\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [95848 2010-05-06] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [90216 2010-05-06] (NVIDIA Corporation)
Startup: C:\Users\stathis1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
BootExecute: autocheck autochk /r \??\C:autocheck autochk * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
HKU\S-1-5-21-4185136276-2238137883-2632714361-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
HKU\S-1-5-21-4185136276-2238137883-2632714361-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
HKU\S-1-5-21-4185136276-2238137883-2632714361-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?brand=tsna&bmod=tsna
HKU\S-1-5-21-4185136276-2238137883-2632714361-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig?brand=TSNA&bmod=TSNA
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4185136276-2238137883-2632714361-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4185136276-2238137883-2632714361-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-4185136276-2238137883-2632714361-1000 -> {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-4185136276-2238137883-2632714361-1001 -> {21A3124C-FAB9-4C16-BEAC-50BBFD0DEFEF} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-4185136276-2238137883-2632714361-1001 -> {887B028F-B2B4-44D9-B711-36EA0DF75A36} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-4185136276-2238137883-2632714361-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-4185136276-2238137883-2632714361-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\stathis1\AppData\Roaming\Mozilla\Firefox\Profiles\tblahbcu.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\coFFPlgn [2014-12-31]
 
Chrome: 
=======
CHR Profile: C:\Users\stathis1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\stathis1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-24]
CHR Extension: (Google Drive) - C:\Users\stathis1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\stathis1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-24]
CHR Extension: (YouTube) - C:\Users\stathis1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-24]
CHR Extension: (Google Search) - C:\Users\stathis1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-24]
CHR Extension: (Norton Identity Safe) - C:\Users\stathis1\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-20]
CHR Extension: (Google Wallet) - C:\Users\stathis1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-24]
CHR Extension: (Gmail) - C:\Users\stathis1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-24]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ExampleBloomberg; C:\Program Files\OpenGamma Ltd\OpenGamma Server\Bloomberg\bin\Service.exe [121328 2013-10-09] (OpenGamma Ltd) [File not signed]
S3 ExampleSimulated; C:\Program Files\OpenGamma Ltd\OpenGamma Server\Simulated\bin\Service.exe [121328 2013-10-09] (OpenGamma Ltd) [File not signed]
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [103792 2010-01-29] (Symantec Corporation)
S3 OpenGammaLanguageAPI; C:\Program Files\OpenGamma Ltd\Language Integration Service\x64\ServiceRunner.exe [154096 2013-10-09] (OpenGamma Ltd) [File not signed]
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [126392 2009-08-25] (Symantec Corporation)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-08-14] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-07-10] (Western Digital Technologies, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\IPSDefs\20141230.001\IDSvia64.sys [637656 2014-12-01] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\VirusDefs\20141230.020\ENG64.SYS [129752 2014-12-09] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\VirusDefs\20141230.020\EX64.SYS [2137304 2014-12-09] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-08-09] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-31 13:16 - 2014-12-31 13:17 - 00028388 _____ () C:\Users\stathis1\Downloads\FRST.txt
2014-12-31 13:16 - 2014-12-31 13:16 - 00000000 ____D () C:\FRST
2014-12-31 12:57 - 2014-12-31 12:57 - 02123264 _____ (Farbar) C:\Users\stathis1\Downloads\FRST64.exe
2014-12-31 12:38 - 2014-12-31 12:49 - 00000000 ____D () C:\AdwCleaner
2014-12-31 12:37 - 2014-12-31 12:37 - 02173952 _____ () C:\Users\stathis1\Downloads\adwcleaner_4.106.exe
2014-12-31 12:03 - 2014-12-31 12:04 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-31 12:03 - 2014-12-31 12:03 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-31 12:03 - 2014-12-31 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-31 12:02 - 2014-12-31 12:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-31 12:02 - 2014-12-31 12:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-31 12:02 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-31 12:02 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-12-31 12:02 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-12-31 12:00 - 2014-12-31 12:01 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\stathis1\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-29 22:59 - 2014-12-29 22:59 - 05104015 _____ () C:\Users\stathis1\Downloads\frbus_package.zip
2014-12-29 18:37 - 2014-12-29 18:37 - 00460806 _____ () C:\Users\stathis1\Downloads\JPM_Forecast_Revision_In_2014-12-08_1572651.xlsx
2014-12-29 18:28 - 2014-12-29 18:28 - 00007801 _____ () C:\Users\stathis1\Downloads\regreetings.zip
2014-12-29 15:27 - 2014-12-29 15:31 - 00000000 ____D () C:\Users\stathis1\Documents\DBresearc
2014-12-29 14:50 - 2014-12-29 23:23 - 00000000 ____D () C:\Users\stathis1\Documents\JPMresearch
2014-12-29 13:20 - 2014-12-29 13:20 - 00002726 _____ () C:\Users\stathis1\Downloads\latest (35).jnlp
2014-12-29 12:29 - 2014-12-29 12:29 - 00003715 _____ () C:\Users\stathis1\Downloads\export.csv
2014-12-28 05:15 - 2014-12-28 05:15 - 00000000 __SHD () C:\found.000
2014-12-27 22:34 - 2014-12-27 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-12-27 13:15 - 2014-12-27 13:15 - 00000000 ____D () C:\Users\stathis1\AppData\Local\Western_Digital_Technolog
2014-12-27 13:15 - 2014-12-27 13:15 - 00000000 ____D () C:\Users\stathis1\AppData\Local\Western Digital
2014-12-27 13:13 - 2014-12-31 12:51 - 00008192 _____ () C:\windows\SysWOW64\WDPABKP.dat
2014-12-27 13:13 - 2014-12-27 13:13 - 00001155 _____ () C:\Users\Public\Desktop\WD SmartWare.lnk
2014-12-27 13:13 - 2014-12-27 13:13 - 00000000 ____D () C:\Program Files\Western Digital
2014-12-27 13:13 - 2014-12-27 13:13 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-12-27 13:12 - 2014-12-27 13:13 - 00000000 ____D () C:\ProgramData\Western Digital
2014-12-27 13:12 - 2014-12-27 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2014-12-27 13:12 - 2014-12-27 13:13 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2014-12-27 13:12 - 2014-12-27 13:12 - 00001208 _____ () C:\Users\Public\Desktop\WD Security.lnk
2014-12-27 13:12 - 2014-12-27 13:12 - 00001128 _____ () C:\Users\Public\Desktop\WD Drive Utilities.lnk
2014-12-27 02:38 - 2014-12-27 02:38 - 00017812 _____ () C:\Users\stathis1\Documents\Attach.txt
2014-12-27 02:36 - 2014-12-27 02:36 - 00023497 _____ () C:\Users\stathis1\Documents\DDS.txt
2014-12-27 02:33 - 2014-12-27 02:33 - 00023497 _____ () C:\Users\stathis1\Desktop\dds.txt
2014-12-27 02:33 - 2014-12-27 02:33 - 00017812 _____ () C:\Users\stathis1\Desktop\attach.txt
2014-12-27 02:32 - 2014-12-27 02:32 - 00688992 ____R (Swearware) C:\Users\stathis1\Downloads\dds.com
2014-12-27 02:10 - 2014-12-27 02:10 - 00000000 ____D () C:\windows\system32\Drivers\NBRTWizardx64
2014-12-27 02:10 - 2014-12-27 02:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
2014-12-27 02:10 - 2014-12-27 02:10 - 00000000 ____D () C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2014-12-27 02:01 - 2014-12-27 02:01 - 01022080 _____ (Symantec Corporation) C:\Users\stathis1\Downloads\NBRT-Retail-Downloader.exe
2014-12-27 01:54 - 2014-12-27 01:55 - 00000000 ____D () C:\Users\stathis1\AppData\Local\NPE
2014-12-23 23:48 - 2014-12-23 23:48 - 00114061 _____ () C:\Users\stathis1\Documents\fwd_flies.csv
2014-12-23 18:14 - 2014-12-23 18:14 - 00000000 ____D () C:\Users\stathis1\Documents\OneNote Notebooks
2014-12-19 16:41 - 2014-12-19 16:41 - 00002726 _____ () C:\Users\stathis1\Downloads\latest (34).jnlp
2014-12-19 12:47 - 2014-12-19 12:47 - 00003056 _____ () C:\Users\stathis1\Desktop\iTools_ipad to PC transfer.lnk
2014-12-19 11:55 - 2014-12-19 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDjView
2014-12-19 11:54 - 2014-12-19 11:55 - 00000000 ____D () C:\Program Files\WinDjView
2014-12-19 11:53 - 2014-12-19 11:53 - 01743445 _____ (Andrew Zhezherun) C:\Users\stathis1\Downloads\WinDjView-2.0.2-Setup.exe
2014-12-18 19:43 - 2014-12-18 19:48 - 00000000 ____D () C:\Users\stathis1\miniIpadBackupDec2014
2014-12-18 19:25 - 2014-12-18 19:25 - 00000000 ____D () C:\Users\stathis1\Documents\iTools
2014-12-18 19:24 - 2014-12-18 19:24 - 03492429 _____ () C:\Users\stathis1\Downloads\iTools0520E.zip
2014-12-18 19:22 - 2014-12-18 19:22 - 00230784 _____ () C:\Users\stathis1\Downloads\iTools0520E.exe
2014-12-18 19:18 - 2014-12-18 19:18 - 09386032 _____ () C:\Users\stathis1\Downloads\CopyTransv4.872_DLC.zip
2014-12-18 19:08 - 2014-12-18 19:08 - 00014552 _____ () C:\Users\stathis1\Downloads\Xilisoft_iPad_Magic_Platinum_5.4.9_build_20130108_+_Serial (1).torrent
2014-12-18 19:07 - 2014-12-18 19:07 - 00014552 _____ () C:\Users\stathis1\Downloads\Xilisoft_iPad_Magic_Platinum_5.4.9_build_20130108_+_Serial.torrent
2014-12-18 18:42 - 2014-12-18 18:50 - 58283632 _____ () C:\Users\stathis1\Downloads\x-ipad-magic-platinum-cnet.exe
2014-12-18 17:55 - 2014-12-18 17:55 - 00000000 ____D () C:\Users\stathis1\tutorial
2014-12-18 17:06 - 2014-12-18 17:13 - 00000000 ____D () C:\Anaconda1
2014-12-18 09:12 - 2014-12-18 09:12 - 00444011 _____ () C:\Users\stathis1\Downloads\Scrapy-0.24.4-py2-none-any.whl
2014-12-18 08:29 - 2014-12-18 09:42 - 00000000 ____D () C:\Users\stathis1\Documents\Python Scripts
2014-12-18 08:21 - 2014-12-18 08:30 - 00000000 ____D () C:\Anaconda2.7
2014-12-18 07:43 - 2014-12-18 08:00 - 384818768 _____ (Continuum Analytics, Inc.) C:\Users\stathis1\Downloads\Anaconda-2.1.0-Windows-x86_64 (3).exe
2014-12-12 17:31 - 2014-12-12 17:31 - 00002726 _____ () C:\Users\stathis1\Downloads\latest (33).jnlp
2014-12-08 19:14 - 2014-12-08 19:14 - 00408291 _____ () C:\Users\stathis1\Downloads\fume_1.0.tar.gz
2014-12-08 03:34 - 2014-12-08 03:40 - 57665478 _____ () C:\Users\stathis1\Downloads\9DEAAA248BC0472A943D7D4D595E617F.zip
2014-12-08 03:22 - 2014-12-08 03:23 - 03156526 _____ () C:\Users\stathis1\Downloads\DE5CF7EA5D844FF7A602E563E338DA47 (1).zip
2014-12-08 02:19 - 2014-12-08 02:19 - 03156526 _____ () C:\Users\stathis1\Downloads\DE5CF7EA5D844FF7A602E563E338DA47.zip
2014-12-07 19:48 - 2014-12-23 18:11 - 00000000 ____D () C:\Users\stathis1\Documents\russianlibrary
2014-12-06 18:28 - 2014-12-06 18:28 - 00001856 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-12-06 18:28 - 2014-12-06 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-12-06 18:28 - 2014-12-06 18:28 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-12-06 18:26 - 2014-12-06 18:26 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-12-06 18:26 - 2014-12-06 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-12-06 18:25 - 2014-12-06 18:25 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-06 18:25 - 2014-12-06 18:25 - 00000000 ____D () C:\Program Files\iTunes
2014-12-06 18:25 - 2014-12-06 18:25 - 00000000 ____D () C:\Program Files\iPod
2014-12-06 18:25 - 2014-12-06 18:25 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-12-05 22:40 - 2014-12-17 21:09 - 00049536 _____ (Absolute Software Corp.) C:\windows\SysWOW64\agremove.exe
2014-12-02 21:12 - 2014-12-02 21:21 - 00000000 ____D () C:\Users\stathis1\AppData\Local\anaconda-launcher
2014-12-02 18:58 - 2014-12-02 18:58 - 00000000 ____D () C:\b59d36914db38c676b6299e1a0bb
2014-12-02 18:29 - 2014-12-02 18:29 - 00000000 ____D () C:\ProgramData\VS
2014-12-02 18:26 - 2014-12-02 18:46 - 00000000 ____D () C:\e962c7d5f5384abbf939
2014-12-02 18:16 - 2014-12-19 12:47 - 00000000 ____D () C:\Users\stathis1\.spyder2
2014-12-02 18:13 - 2014-12-02 18:13 - 00000000 ____D () C:\Users\stathis1\AppData\Roaming\Continuum
2014-12-02 18:13 - 2014-12-02 18:13 - 00000000 ____D () C:\Users\stathis1\.continuum
2014-12-02 18:04 - 2014-12-02 20:02 - 00000000 ____D () C:\Anaconda
2014-12-02 03:50 - 2014-12-02 03:50 - 00113136 _____ () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-02 03:50 - 2014-12-02 03:50 - 00113136 _____ () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-02 03:50 - 2014-12-02 03:50 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2010
2014-12-02 03:50 - 2014-12-02 03:50 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2010
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-31 13:04 - 2009-07-14 06:45 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-31 13:04 - 2009-07-14 06:45 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-31 13:01 - 2014-06-24 15:25 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-31 12:55 - 2014-06-24 23:16 - 01449593 _____ () C:\windows\WindowsUpdate.log
2014-12-31 12:51 - 2014-06-24 15:25 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-31 12:51 - 2010-05-29 03:53 - 00488020 _____ () C:\windows\PFRO.log
2014-12-31 12:51 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-31 12:51 - 2009-07-14 06:51 - 00038773 _____ () C:\windows\setupact.log
2014-12-31 12:35 - 2014-06-24 16:43 - 00000000 ____D () C:\Users\stathis1\Documents\miscellaneous
2014-12-29 13:36 - 2014-09-22 13:03 - 00000000 ____D () C:\Users\stathis1\Documents\pa
2014-12-29 13:23 - 2014-06-24 21:40 - 00000000 ____D () C:\Jts
2014-12-28 00:01 - 2014-06-25 18:27 - 00000000 ____D () C:\Users\stathis1\Documents\bank research
2014-12-27 22:21 - 2009-07-14 07:13 - 00891836 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-27 14:50 - 2014-11-28 08:24 - 00000000 ____D () C:\Users\stathis1\Documents\software
2014-12-27 13:17 - 2014-11-28 14:01 - 00358400 ___SH () C:\Users\stathis1\Thumbs.db
2014-12-27 13:13 - 2014-06-24 23:55 - 00022018 _____ () C:\windows\DPINST.LOG
2014-12-27 04:34 - 2014-08-09 19:12 - 00000000 ____D () C:\Users\stathis1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-12-27 04:34 - 2014-06-25 00:09 - 00000000 ____D () C:\ProgramData\Norton
2014-12-27 04:31 - 2014-08-09 19:12 - 00001351 _____ () C:\Users\stathis1\Desktop\Norton Installation Files.lnk
2014-12-27 03:30 - 2014-06-26 18:25 - 00000000 ____D () C:\Users\stathis1\AppData\Local\CrashDumps
2014-12-27 02:01 - 2014-08-09 19:12 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-12-23 22:42 - 2014-11-14 03:43 - 00000000 ____D () C:\Users\stathis1\Documents\R
2014-12-19 11:55 - 2014-08-20 19:13 - 00000000 ____D () C:\Users\stathis1\.matplotlib
2014-12-18 19:44 - 2014-06-24 12:22 - 00000000 ____D () C:\Users\stathis1
2014-12-18 19:14 - 2014-08-20 16:40 - 00000000 ____D () C:\Users\stathis1\AppData\Roaming\BitTorrent
2014-12-18 18:56 - 2014-08-09 15:36 - 00000000 ____D () C:\Users\stathis1\Documents\Xilisoft
2014-12-18 18:56 - 2014-08-09 15:36 - 00000000 ____D () C:\Users\stathis1\AppData\Roaming\Xilisoft
2014-12-18 18:56 - 2014-08-09 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft
2014-12-18 18:55 - 2014-08-09 15:34 - 00000000 ____D () C:\ProgramData\Xilisoft
2014-12-18 18:55 - 2014-08-09 15:34 - 00000000 ____D () C:\Program Files (x86)\Xilisoft
2014-12-18 17:57 - 2014-08-20 19:06 - 00000000 ____D () C:\Users\stathis1\Documents\Python
2014-12-18 17:13 - 2014-08-20 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anaconda (64-bit)
2014-12-18 07:43 - 2014-08-20 19:13 - 00000000 ____D () C:\Users\stathis1\.spyder2-py3
2014-12-17 21:05 - 2014-11-14 03:08 - 00017920 _____ () C:\windows\system32\rpcnetp.exe
2014-12-14 02:06 - 2014-10-19 22:53 - 00000000 ____D () C:\Users\stathis1\AppData\Local\Akamai
2014-12-13 03:06 - 2014-08-09 14:36 - 00000000 ____D () C:\Users\stathis1\AppData\Roaming\Apple Computer
2014-12-12 06:10 - 2014-06-24 15:37 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 20:04 - 2014-10-28 20:53 - 00000000 ____D () C:\Users\stathis1\Documents\job
2014-12-11 06:10 - 2014-06-24 23:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 03:16 - 2014-11-26 06:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-12-09 15:35 - 2014-08-09 15:56 - 00000000 ____D () C:\Users\stathis1\Documents\booklibrary
2014-12-08 19:15 - 2014-11-14 03:44 - 00000000 ____D () C:\Users\stathis1\Documents\Rproj
2014-12-06 18:25 - 2014-10-13 18:26 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-12-06 18:25 - 2014-08-09 14:35 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-04 03:06 - 2014-11-30 08:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
2014-12-03 14:37 - 2014-07-01 15:14 - 00000000 ____D () C:\Users\stathis1\AppData\Local\Tific
2014-12-03 02:06 - 2014-11-28 18:26 - 00000000 ____D () C:\RBuildTools
2014-12-02 20:44 - 2014-11-30 08:45 - 00000000 ____D () C:\windows\SysWOW64\1033
2014-12-02 20:44 - 2014-11-30 08:45 - 00000000 ____D () C:\windows\system32\1033
2014-12-02 20:44 - 2014-11-30 08:33 - 00000000 ____D () C:\windows\symbols
2014-12-02 20:44 - 2014-10-19 23:55 - 00000000 ____D () C:\windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-12-02 20:44 - 2009-07-14 09:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-02 20:43 - 2014-11-29 20:20 - 00000000 ____D () C:\Users\stathis1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2014-12-02 20:43 - 2014-11-14 03:37 - 00000000 ____D () C:\Users\stathis1\AppData\Roaming\RStudio
2014-12-02 20:43 - 2014-10-19 23:28 - 00000000 ____D () C:\Users\stathis1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-02 20:43 - 2014-07-17 14:28 - 00000000 ____D () C:\Users\stathis1\Desktop\Tor Browser
2014-12-02 20:43 - 2014-07-15 16:22 - 00000000 ____D () C:\Users\stathis1\AppData\Roaming\Skype
2014-12-02 20:43 - 2014-06-24 23:34 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-02 20:43 - 2014-06-24 23:34 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-02 20:43 - 2014-06-24 12:22 - 00000000 ___RD () C:\Users\stathis1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-02 20:43 - 2014-06-24 12:22 - 00000000 ___RD () C:\Users\stathis1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-02 20:42 - 2014-11-30 08:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 9.0
2014-12-02 20:42 - 2014-11-30 08:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2014-12-02 20:42 - 2014-11-30 08:42 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-12-02 20:42 - 2014-11-30 08:33 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 10.0
2014-12-02 20:42 - 2014-11-29 20:20 - 00000000 ____D () C:\Users\stathis1\AppData\Local\GitHub
2014-12-02 20:42 - 2014-11-29 20:14 - 00000000 ____D () C:\Users\stathis1\AppData\Local\Apps\2.0
2014-12-02 20:42 - 2014-11-28 18:15 - 00000000 ____D () C:\Rtools
2014-12-02 20:42 - 2014-11-28 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GnuWin32
2014-12-02 20:42 - 2014-11-26 06:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-12-02 20:42 - 2014-08-22 16:18 - 00000000 ____D () C:\Users\stathis1\AppData\Local\Microsoft Help
2014-12-02 20:42 - 2014-07-19 22:11 - 00000000 ____D () C:\Users\stathis1\AppData\Local\WinZip
2014-12-02 20:42 - 2014-06-26 11:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-02 20:42 - 2010-05-29 03:38 - 00000000 ____D () C:\ProgramData\Toshiba
2014-12-02 20:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-02 20:41 - 2014-11-29 09:15 - 00000000 ____D () C:\0f2ad90e59a5f37d5cd438c33887d0f8
2014-12-02 20:41 - 2014-11-28 08:39 - 00000000 ____D () C:\Program Files (x86)\GnuWin32
2014-12-02 20:41 - 2014-06-24 23:30 - 00000000 ____D () C:\Intel
2014-12-02 20:41 - 2014-06-24 23:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-12-02 20:40 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration
2014-12-02 20:33 - 2014-11-26 05:33 - 00000000 ____D () C:\Users\stathis1\torrents
2014-12-02 20:32 - 2014-11-30 09:03 - 00000000 ____D () C:\Users\stathis1\Documents\quantlib
2014-12-02 20:31 - 2014-07-19 22:13 - 00000000 ____D () C:\Users\stathis1\Documents\gnuradio-3.7.4
2014-12-02 20:31 - 2014-06-26 11:54 - 00000000 ____D () C:\Users\stathis1\AppData\Roaming\Mozilla
2014-12-02 20:30 - 2014-08-20 16:12 - 00000000 ____D () C:\Users\stathis1\AppData\Local\eMule
2014-12-02 20:30 - 2014-07-15 16:22 - 00000000 ____D () C:\Users\stathis1\AppData\Local\Skype
2014-12-02 20:30 - 2014-06-26 11:54 - 00000000 ____D () C:\Users\stathis1\AppData\Local\Mozilla
2014-12-02 20:30 - 2014-06-24 15:26 - 00000000 ____D () C:\Users\stathis1\AppData\Roaming\Adobe
2014-12-02 20:30 - 2014-06-24 14:30 - 00000000 ____D () C:\Users\stathis1\AppData\Local\Google
2014-12-02 20:30 - 2014-06-24 14:09 - 00000000 ____D () C:\Users\stathis1\AppData\Local\Microsoft Games
2014-12-02 20:30 - 2014-06-24 12:42 - 00000000 ____D () C:\Users\stathis1\AppData\Local\TOSHIBA_Corporation
2014-12-02 20:29 - 2014-11-30 08:45 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0
2014-12-02 20:29 - 2014-11-30 08:39 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2014-12-02 20:29 - 2014-11-30 08:39 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-12-02 20:29 - 2014-11-30 08:33 - 00000000 ____D () C:\Program Files\Microsoft Help Viewer
2014-12-02 20:29 - 2014-08-20 19:08 - 00000000 ____D () C:\Users\stathis1\.ipython
2014-12-02 20:29 - 2014-06-24 23:34 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-02 20:29 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-12-02 20:28 - 2014-11-30 08:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2014-12-02 20:28 - 2014-11-30 08:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0
2014-12-02 20:28 - 2014-11-30 08:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-12-02 20:28 - 2010-05-29 03:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
 
Some content of TEMP:
====================
C:\Users\stathis1\AppData\Local\Temp\ose00001.exe
C:\Users\stathis1\AppData\Local\Temp\ose00003.exe
C:\Users\stathis1\AppData\Local\Temp\ose00005.exe
C:\Users\stathis1\AppData\Local\Temp\Quarantine.exe
C:\Users\stathis1\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-16 20:55
 
==================== End Of Log ============================
 
 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:08 PM

Posted 31 December 2014 - 10:04 AM



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM\...\Run: [] => [X]
HKU\S-1-5-21-4185136276-2238137883-2632714361-1000\...\Run: [] => [X]
HKU\S-1-5-21-4185136276-2238137883-2632714361-1000\...\RunOnce: [SysOff] => C:\Windows\SysWOW64\SYSPREP\ClosespV.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4185136276-2238137883-2632714361-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (Google Wallet) - C:\Users\stathis1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-24]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
C:\Users\stathis1\AppData\Local\Temp\ose00001.exe
C:\Users\stathis1\AppData\Local\Temp\ose00003.exe
C:\Users\stathis1\AppData\Local\Temp\ose00005.exe

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#5 despBond

despBond
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 31 December 2014 - 12:57 PM

Hi nasdaq, here are the logs:
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by stathis1 at 2014-12-31 19:43:13 Run:1
Running from C:\Users\stathis1\Documents\bleeping_computer_tools
Loaded Profiles: UpdatusUser & stathis1 (Available profiles: UpdatusUser & stathis1)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-4185136276-2238137883-2632714361-1000\...\Run: [] => [X]
HKU\S-1-5-21-4185136276-2238137883-2632714361-1000\...\RunOnce: [SysOff] => C:\Windows\SysWOW64\SYSPREP\ClosespV.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4185136276-2238137883-2632714361-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (Google Wallet) - C:\Users\stathis1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-24]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
C:\Users\stathis1\AppData\Local\Temp\ose00001.exe
C:\Users\stathis1\AppData\Local\Temp\ose00003.exe
C:\Users\stathis1\AppData\Local\Temp\ose00005.exe
 
End
*****************
 
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-4185136276-2238137883-2632714361-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKU\S-1-5-21-4185136276-2238137883-2632714361-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SysOff => Value not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-4185136276-2238137883-2632714361-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.65.2" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\stathis1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
C:\Users\stathis1\AppData\Local\Temp\ose00001.exe => Moved successfully.
C:\Users\stathis1\AppData\Local\Temp\ose00003.exe => Moved successfully.
C:\Users\stathis1\AppData\Local\Temp\ose00005.exe => Moved successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 19:43:15 ====
 
---->security check

 Results of screen317's Security Check version 0.99.93  
 Windows 7  x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Norton 360    
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java™ 6 Update 17  
 Java version 32-bit out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
  Adobe Flash Player 14.0.0.125 Flash Player out of Date!  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox 30.0 Firefox out of Date!  
 Google Chrome (39.0.2171.71) 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 
 


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:08 PM

Posted 31 December 2014 - 02:21 PM

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
The latest version is Java 7 Update 71 for the 32 bit Operating system.
Java 8 Update 25 for the 64 bit Operating system.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java™ 6 Update 17

===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine

Remove these old versions of Flash.
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 14.0.0.125 Flash Player out of Date!
===

For your Added security and when all is well get the Windows 7 Special Pack 1.

Windows 7 x64 (UAC is enabled)
Navigate to this page and follow the instructions.
http://windows.microsoft.com/en-US/windows7/install-windows-7-service-pack-1

How is the computer running now?

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:08 PM

Posted 06 January 2015 - 10:15 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:08 PM

Posted 12 January 2015 - 08:31 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users