Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Netservice runs up memory


  • This topic is locked This topic is locked
2 replies to this topic

#1 THEDoc19

THEDoc19

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 02 October 2015 - 04:37 PM

This seems to be a problem happening every few days or times I turn on my computer, sometimes if I shut it off and restart my computer it will fix it but it happens again where the memory goes crazy, I figured I'd probably be smart to just let someone take a look at the logs from here so I can know why this is happening..Also, I looked at the logs and I don't know why the media server program is there, I did uninstall the other day, and oddly enough around when I got it is when the memory issues started, so I'm wondering if its still on my comp

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-09-2015
Ran by Mike (administrator) on MIKE-HP (02-10-2015 04:57:43)
Running from C:\Users\Mike\Desktop
Loaded Profiles: Mike (Available Profiles: Mike)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7466600 2011-09-14] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2821416 2011-08-19] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-08-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-09-29] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2014-10-31] (BlackBerry Limited)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-18] (Avast Software s.r.o.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RIM PeerManager] => C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4861688 2015-03-19] (BlackBerry Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-02-25] (Hewlett-Packard)
HKU\S-1-5-21-1537839669-3915188379-138352656-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-1537839669-3915188379-138352656-1001\...\MountPoints2: G - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1537839669-3915188379-138352656-1001\...\MountPoints2: {16198176-2f46-11e4-911e-009c0290d217} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1537839669-3915188379-138352656-1001\...\MountPoints2: {839d334c-2457-11e2-a867-009c0290d217} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1537839669-3915188379-138352656-1001\...\MountPoints2: {dec85871-8610-11e1-bf08-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-1537839669-3915188379-138352656-1001\...\MountPoints2: {e5ad4028-466d-11e2-acc0-009c0290d217} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1537839669-3915188379-138352656-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-18] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{A7939E31-C8B8-4D60-AC38-1A1DF43FBE1C}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-21-1537839669-3915188379-138352656-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
HKU\S-1-5-21-1537839669-3915188379-138352656-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
SearchScopes: HKLM -> {3E63A8B1-08E2-4D0E-BD33-2474D4244681} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {3E63A8B1-08E2-4D0E-BD33-2474D4244681} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1537839669-3915188379-138352656-1001 -> {3E63A8B1-08E2-4D0E-BD33-2474D4244681} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1537839669-3915188379-138352656-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-19] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-18] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-19] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Zonealarm Helper Object -> {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} -> C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.29.17\bh\zonealarm.dll No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-19] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-18] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-01] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-19] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-01] (Microsoft Corporation.)
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmTlbr.dll No File
DPF: HKLM {AEA3991E-3109-4C98-989E-33994FEB1A91} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri64_4.5.1.0.cab
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\naz4bub2.default
FF Homepage: hxxps://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll [2014-09-28] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll [2014-09-28] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-19] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2015-03-19] ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: @worldwinner.com/Launcher2,version=1.10.0.25 -> C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll [2011-03-17] (WorldWinner.com, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1537839669-3915188379-138352656-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mike\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-12-07] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1537839669-3915188379-138352656-1001: electronicarts.com/GameFacePlugin -> C:\Users\Mike\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2012-07-26] (Electronic Arts)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\naz4bub2.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-09-24]
FF Extension: Classic Toolbar Buttons - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\naz4bub2.default\Extensions\CSTBB@NArisT2_Noia4dev.xpi [2013-02-18]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-06-25]

Chrome:
=======
CHR Profile: C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-14]
CHR Extension: (Google Drive) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-14]
CHR Extension: (YouTube) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-14]
CHR Extension: (Google Search) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-14]
CHR Extension: (Gmail) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-18]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-18] (Avast Software s.r.o.)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
R2 FreeAgentGoFlex Service; C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe [91432 2011-02-10] (Seagate Technology LLC)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2012-04-05] (Hi-Rez Studios) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2015-03-19] (Apple Inc.)
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1354488 2015-03-19] (BlackBerry Limited)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-18] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-18] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-18] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-18] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-18] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-18] ()
R3 blackberryncm; C:\Windows\System32\DRIVERS\blackberryncm6_AMD64.sys [25088 2014-09-08] (BlackBerry)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-10-02] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2014-05-06] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-03-19] (BlackBerry Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-02 04:57 - 2015-10-02 04:59 - 00023801 _____ C:\Users\Mike\Desktop\FRST.txt
2015-10-02 04:56 - 2015-10-02 04:56 - 02192384 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe
2015-10-02 04:56 - 2015-10-02 04:56 - 00000000 ____D C:\Users\Mike\Downloads\FRST-OlderVersion
2015-10-02 01:40 - 2015-10-02 01:40 - 00003288 ____N C:\bootsqm.dat
2015-09-30 18:10 - 2015-10-01 03:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-25 20:21 - 2015-09-21 05:50 - 00000000 ____D C:\Users\Mike\Desktop\News
2015-09-25 15:16 - 2015-09-25 15:17 - 00231760 _____ C:\Users\Mike\Downloads\CrucialScan(1).exe
2015-09-25 01:55 - 2015-09-25 01:58 - 27564849 _____ (Plex, Inc.) C:\Users\Mike\Downloads\Plex-Media-Server-0.9.1211.1406-8403350-en-US.exe.part
2015-09-25 00:33 - 2015-09-25 03:47 - 00000000 ____D C:\ProgramData\PMS
2015-09-25 00:26 - 2015-09-25 00:28 - 54431910 _____ C:\Users\Mike\Downloads\pms-1.90.1-setup-full-x64.exe


==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-02 04:57 - 2015-06-13 20:55 - 00000000 ____D C:\FRST
2015-10-02 04:56 - 2015-06-13 20:54 - 02192384 _____ (Farbar) C:\Users\Mike\Downloads\FRST64.exe
2015-10-02 04:54 - 2012-04-13 21:16 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B4007AE8-08D4-48A2-8F10-2DD0823ED7C3}
2015-10-02 04:44 - 2009-07-14 00:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-02 04:44 - 2009-07-14 00:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-02 04:41 - 2012-03-07 20:51 - 01729579 _____ C:\Windows\WindowsUpdate.log
2015-10-02 04:35 - 2015-06-01 02:27 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-02 04:35 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-02 04:35 - 2009-07-14 00:51 - 00104066 _____ C:\Windows\setupact.log
2015-10-02 04:34 - 2010-11-20 23:47 - 00889312 _____ C:\Windows\PFRO.log
2015-10-02 04:31 - 2009-07-14 01:08 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-02 04:30 - 2012-04-14 02:24 - 00000000 ____D C:\Users\Mike\AppData\Local\CrashDumps
2015-10-01 22:07 - 2013-03-19 02:02 - 00000000 ____D C:\Users\Mike\Documents\Youcam
2015-10-01 05:11 - 2012-11-19 11:02 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMike
2015-10-01 05:11 - 2012-11-19 11:02 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForMike.job
2015-10-01 03:35 - 2012-08-02 17:14 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-10-01 03:32 - 2013-02-17 00:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-01 02:39 - 2014-10-10 02:34 - 00007600 _____ C:\Users\Mike\AppData\Local\Resmon.ResmonCfg
2015-09-30 04:35 - 2014-07-21 00:02 - 00000000 ____D C:\Users\Mike\Desktop\Desktop5
2015-09-29 01:56 - 2009-07-14 01:13 - 00778250 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-29 01:52 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2015-09-24 21:17 - 2012-04-13 22:19 - 00000000 ____D C:\Users\Mike\AppData\Roaming\BitTorrent
2015-09-24 06:18 - 2013-03-29 23:12 - 00000000 ____D C:\Users\Mike\AppData\Roaming\vlc

==================== Files in the root of some directories =======

2013-07-26 02:24 - 2013-07-26 02:24 - 0000132 _____ () C:\Users\Mike\AppData\Roaming\Adobe GIF Format CS5 Prefs
2014-02-12 23:35 - 2014-05-21 01:12 - 0000132 _____ () C:\Users\Mike\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-12-25 17:41 - 2012-12-25 17:44 - 0099384 _____ () C:\Users\Mike\AppData\Roaming\inst.exe
2012-12-25 17:41 - 2012-12-25 17:44 - 0007859 _____ () C:\Users\Mike\AppData\Roaming\pcouffin.cat
2012-12-25 17:41 - 2012-12-25 17:44 - 0001167 _____ () C:\Users\Mike\AppData\Roaming\pcouffin.inf
2012-12-25 17:41 - 2012-12-25 17:44 - 0000055 _____ () C:\Users\Mike\AppData\Roaming\pcouffin.log
2012-12-25 17:41 - 2012-12-25 17:44 - 0082816 _____ (VSO Software) C:\Users\Mike\AppData\Roaming\pcouffin.sys
2013-01-16 19:14 - 2014-06-13 02:02 - 0000231 _____ () C:\Users\Mike\AppData\Roaming\Rim.Desktop.Exception.log
2013-01-16 19:13 - 2013-01-16 19:13 - 0001153 _____ () C:\Users\Mike\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-01-16 19:14 - 2014-06-13 02:02 - 0000231 _____ () C:\Users\Mike\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-12-25 17:54 - 2013-01-21 20:44 - 0001057 _____ () C:\Users\Mike\AppData\Roaming\vso_ts_preview.xml
2012-06-04 17:43 - 2014-03-01 02:53 - 0008192 _____ () C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-10 02:34 - 2015-10-01 02:39 - 0007600 _____ () C:\Users\Mike\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Mike\AppData\Local\Temp\jna2468193498784936327.dll
C:\Users\Mike\AppData\Local\Temp\jna6249811180018244951.dll
C:\Users\Mike\AppData\Local\Temp\jna6622178897108851427.dll
C:\Users\Mike\AppData\Local\Temp\jna7659529022289534946.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-01 07:35

==================== End of FRST.txt ============================

Attached Files


Edited by THEDoc19, 02 October 2015 - 04:41 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:35 AM

Posted 04 October 2015 - 08:18 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 

don't know why the media server program is there, I did uninstall the other day,


If the items in bold below are associated with the Media server program I suggest that you add these lines to the fix below before you save the fixlist.txt file.
FirewallRules: [TCP Query User{95C71113-93B0-4A3C-8EE5-C9DD5BBEAD35}C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe] => (Allow) C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe
FirewallRules: [UDP Query User{B972888A-E46D-4B89-8DA8-3A982B360675}C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe] => (Allow) C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe
C:\Users\Mike\Downloads\Plex-Media-Server-0.9.1211.1406-8403350-en-US.exe.part



Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
cmd: ipconfig /flushdns

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Zonealarm Helper Object -> {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} -> C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.29.17\bh\zonealarm.dll No File
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmTlbr.dll No File
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-18]
C:\Users\Mike\AppData\Local\Temp\jna2468193498784936327.dll
C:\Users\Mike\AppData\Local\Temp\jna6249811180018244951.dll
C:\Users\Mike\AppData\Local\Temp\jna6622178897108851427.dll
C:\Users\Mike\AppData\Local\Temp\jna7659529022289534946.dll


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

How is the computer running now?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:35 AM

Posted 10 October 2015 - 08:37 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users