# Windows 7 Memory Issue (?); ubd.exe entry point error



## jwdrums0

Hi there,

First off, thanks ever so much for your help. I've picked up something from irresponsible surfing  

This laptop was bought new and, apart from having iTunes and Skype onboard, is solely used for streaming video in my home theatre system. I streamed some latest season episodes of a TV show illegally from a 3rd-party site about 8 months ago...i wasnt running an antivirus at the time...voila, the pc began running super slow. Stupid, stupid me. :facepalm:

Boot up time feels like forever, but I timed it to actually be around 4:45. The first error message on screen upon the desktop being populated is titled

'ubd.exe - Entry Point Not Found
The procedure entry point _objc_init_image could not be located in the dynamic link library objc.dll.'

The next thing that alerts me is from the Intel Rapid Storage Technology application, which tells me that an error exists on port:0. I open the application and the status of port:0 is 'At Risk'. There is a prompt option for me to reset disk to normal, which immediately changes the status to normal. Upon exiting the application the application pops up again almost immediately with the same issue. 

Other than that, Firefox takes a long time to boot up, and videos also take a long time and often hang up after entering full screen mode which often causes them to automatically exit full screen mode. Everything just drags. 

I thought i may have a corrupted hard drive at first, but checking the hardware status in Control Panel seemed fine. Please help! Thank you!

The laptop came with a retail version of Windows 7 Home Edition already loaded; so as such I have no copy of a boot disk for it. 

I hope I have provided sufficient detail for you to get an impression of what I have on my hands. Thank you again for your generous service. Kind regards, --Joe

Here are my logs:

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.17344
Run by Joe at 9:11:55 on 2014-10-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3000.1812 [GMT 8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\nvvsvc.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
C:\Windows\System32\ThpSrv.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Razer\Mamba\RazerMambaSysTray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://toshiba.msn.com
uDefault_Page_URL = hxxp://toshiba.msn.com
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.150\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - c:\program files\toshiba\toshiba media controller plug-in\TOSHIBAMediaControllerIE.dll
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [RtHDVBg] c:\program files\realtek\audio\hda\RtHDVBg.exe /FORPCEE3
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TOSDCR] c:\program files\toshiba\passwordutility\TOSDCR.exe
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [HSON] c:\program files\toshiba\tbs\HSON.exe
mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [SmartFaceVWatcher] c:\program files\toshiba\smartfacev\SmartFaceVWatcher.exe
mRun: [ITSecMng] c:\program files\toshiba\bluetooth toshiba stack\ItSecMng.exe /START
mRun: [HDMICtrlMan] c:\program files\toshiba\hdmictrlman\HDMICtrlMan.exe
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [TRCMan] c:\program files\toshiba\trcman\TRCMan.exe
mRun: [Teco] "c:\program files\toshiba\teco\Teco.exe" /r
mRun: [TosWaitSrv] c:\program files\toshiba\tphm\TosWaitSrv.exe
mRun: [TSleepSrv] c:\program files\toshiba\toshiba sleep utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TosVolRegulator] c:\program files\toshiba\tosvolregulator\TosVolRegulator.exe
mRun: [TosNC] c:\program files\toshiba\bulletinboard\TosNcCore.exe
mRun: [TosReelTimeMonitor] c:\program files\toshiba\reeltime\TosReelTimeMonitor.exe
mRun: [WireLessMouse] c:\program files\nortek\activo wireless and wired mouse\StartAutorun.exe KMConfig.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Razer Mamba Elite Driver] c:\program files\razer\mamba\RazerMambaSysTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.150\SSScheduler.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6CF44091-6599-4CE2-8265-9A885985C2E8} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6CF44091-6599-4CE2-8265-9A885985C2E8}\5416379724F687D2444424134353 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{6CF44091-6599-4CE2-8265-9A885985C2E8}\64259445A51224F6870264F6E60275C414E40273134313 : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{6CF44091-6599-4CE2-8265-9A885985C2E8}\64275656F575966496F5746514 : DHCPNameServer = 195.186.152.32 195.186.216.32
TCP: Interfaces\{C22C2105-F383-4F24-A4BD-F12F0C8D184E} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\joe\appdata\roaming\mozilla\firefox\profiles\mp3ksrrk.default-1398267199374\
FF - prefs.js: browser.startup.homepage - hxxp://www.nba.tv/
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2009-6-30 30272]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2009-6-30 13120]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2010-1-29 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-11 46448]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-7-16 47104]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-7-16 48128]
R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-7-16 38400]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-20 12920]
R3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\drivers\hidshim.sys [2009-9-1 5632]
R3 nuvotonhidcir;Nuvoton HID CIR Receiver;c:\windows\system32\drivers\nuvotonhidcir.sys [2009-9-1 23040]
R3 nuvotonir;Nuvoton CIR Transceiver;c:\windows\system32\drivers\nuvotonir.sys [2009-9-1 67072]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-7-16 24064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-7-16 230912]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-7-16 862208]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [2009-4-29 17024]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-15 52224]
.
=============== Created Last 30 ================
.
2014-10-28 10:12:46	8901368	----a-w-	c:\programdata\microsoft\windows defender\definition updates\{39818c82-5d3c-400c-bc43-b9193d755c93}\mpengine.dll
2014-10-18 02:58:37	230912	----a-w-	c:\windows\system32\generaltel.dll
2014-10-18 02:58:31	396288	----a-w-	c:\windows\system32\aepdu.dll
2014-10-18 02:58:29	302592	----a-w-	c:\windows\system32\aeinv.dll
2014-10-18 02:45:47	372736	----a-w-	c:\windows\system32\rastls.dll
2014-10-18 02:44:21	3221504	----a-w-	c:\windows\system32\mstscax.dll
2014-10-18 02:44:19	1051136	----a-w-	c:\windows\system32\mstsc.exe
2014-10-18 02:44:15	523264	----a-w-	c:\windows\system32\termsrv.dll
2014-10-18 02:44:14	304128	----a-w-	c:\windows\system32\winlogon.exe
2014-10-18 02:44:14	157696	----a-w-	c:\windows\system32\winsta.dll
2014-10-18 02:44:13	65536	----a-w-	c:\windows\system32\TSpkg.dll
2014-10-18 02:44:13	184320	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2014-10-18 02:44:13	131584	----a-w-	c:\windows\system32\aaclient.dll
2014-10-18 02:44:13	130048	----a-w-	c:\windows\system32\rdpcorekmts.dll
2014-10-18 02:44:12	31232	----a-w-	c:\windows\system32\drivers\tssecsrv.sys
2014-10-18 02:44:12	17408	----a-w-	c:\windows\system32\credssp.dll
2014-10-18 02:42:30	67072	----a-w-	c:\windows\system32\packager.dll
2014-10-18 02:42:15	2379264	----a-w-	c:\windows\system32\win32k.sys
2014-10-18 02:39:50	156824	----a-w-	c:\windows\system32\mscorier.dll
2014-10-18 02:39:50	1131664	----a-w-	c:\windows\system32\dfshim.dll
2014-10-18 02:39:48	81560	----a-w-	c:\windows\system32\mscories.dll
2014-10-18 02:39:05	2363904	----a-w-	c:\windows\system32\msi.dll
2014-10-12 02:35:09	--------	d-----w-	c:\users\joe\appdata\local\Adobe
2014-10-02 07:03:33	519680	----a-w-	c:\windows\system32\qdvd.dll
2014-10-02 07:02:54	2048	----a-w-	c:\windows\system32\tzres.dll
.
==================== Find3M ====================
.
2014-10-12 02:35:51	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-12 02:35:51	701104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-10-02 07:53:02	231568	------w-	c:\windows\system32\MpSigStub.exe
2014-09-25 22:32:04	2017280	----a-w-	c:\windows\system32\inetcpl.cpl
2014-09-19 01:25:12	4201472	----a-w-	c:\windows\system32\jscript9.dll
2014-09-19 01:14:57	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-09-19 01:14:44	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-09-19 01:02:07	454656	----a-w-	c:\windows\system32\vbscript.dll
2014-09-19 01:01:47	61952	----a-w-	c:\windows\system32\iesetup.dll
2014-09-19 01:01:03	51200	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-09-19 00:59:40	61952	----a-w-	c:\windows\system32\MshtmlDac.dll
2014-09-19 00:50:16	112128	----a-w-	c:\windows\system32\ieUnatt.exe
2014-09-19 00:50:15	108032	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-09-19 00:49:31	597504	----a-w-	c:\windows\system32\jscript9diag.dll
2014-09-19 00:44:23	646144	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-09-19 00:36:23	60416	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-19 00:18:55	1068032	----a-w-	c:\windows\system32\mshtmlmedia.dll
2014-09-18 23:59:11	1810944	----a-w-	c:\windows\system32\wininet.dll
2014-08-23 01:46:55	305152	----a-w-	c:\windows\system32\gdi32.dll
2014-08-01 11:35:06	793600	----a-w-	c:\windows\system32\TSWorkspace.dll
.
============= FINISH: 9:20:04.71 ===============


----------



## DrDOS

jwdrums0,

Hi and welcome to TSF.

I am currently reviewing your logs. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

http://www.techsupportforum.com/forums/f50/please-read-who-is-helping-you-93034.html

You may wish to *Subscribe to this Thread* to get immediate notification of replies as soon as they are posted. To do this click *Thread Tools* (near the top), then click *Subscribe to this Thread*. Make sure it is set to *Instant Notification by email*, then click *Add Subscription*.

Please be patient with me during this time.


----------



## DrDOS

jwdrums0,



> The laptop came with a retail version of Windows 7 Home Edition already loaded; so as such I have no copy of a boot disk for it.


There is a way with Windows 7, to create a boot disc. Please refer to this Microsoft article on how to do that Create a system repair disc. 



> 'ubd.exe - Entry Point Not Found
> The procedure entry point _objc_init_image could not be located in the dynamic link library objc.dll.'


That error seems Apple-related. Read this.


Welcome to TSF. My name is Drew. I will be helping you with the concern that brought you here. 

I am currently reviewing any log(s) you posted. If you haven't done so, Read This Before Posting For Malware Removal Help. This might be a good time to get familiar with what we can do, how you can help (by running the tools and providing their logs) and what you can expect from your visit at TSF.

Digest the following when you can if there is no problem following my instructions. Take note of some guidelines (sorry for the length .. they are kind of important) for this fix so we can work together to resolve any issues.


Read my instructions completely. If you do not understand any step(s) provided, feel free to *Stop*. Let me know what is unclear. I would much rather clarify instructions or explain them in a different way than have something important broken. There really is no "dumb" question here.


Perform everything in the order offered. Sometimes one step requires the previous one.


"Save it to your DeskTop" is said in many of our tools. In later versions of Windows, "where" to save a file is not always offered. The default location is 

*C:\Users\Joe\Downloads*​
Move (there are many ways to do this; ask if not sure how) (or at least copy; do NOT _Send To > ShortCut to DeskTop_) your download from here and put it on your DeskTop. Run the tool from your DeskTop based on the instructions given.


Post all log files in your reply rather than as an attachment unless I specifically ask you to do so. If you can not post all log files in one reply, feel free to use several posts. Please post these log files in their entirety. If you are trying to show me something, just add a NOTE and say so. I really need to see the whole picture.


Some malware may take a lot of steps to resolve, or in the worst case, reloading your system entirely. I can't stress enough the importance for you to backup any data. Whatever your method, it is an important step to do this before beginning any malware fix.


Refrain from making any changes to your computer including installing/uninstalling any programs, deleting files, modifying the registry, and running any scanners or tools unless I tell you to do so. Doing so could be confusing for me and cause changes to the directions I have to give you and extend the time required to fix your computer. Furthermore, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.


If you need to change any passwords, please do so from another, clean computer. Using this one may make things worse for you.


Even if things appear to be better, it might not mean we are truly done. Please continue to follow my instructions and reply back until I give you the *all clear*. We do not want to clean you part-way, only to have the system re-infected for some reason. I will also give you some advice about prevention. Absence of symptoms does not always mean the computer is clean.


Please set your system to show all files. Each system is a bit different so again, ask if you're not sure how. Return this setting when done.


You may wish to *Subscribe to this Thread* to get immediate notification of replies as soon as they are posted. To do this click *Thread Tools* (near the top), then click *Subscribe to this Thread*. Make sure it is set to *Instant Notification by email*, then click *Add Subscription*.

If I haven't lost you, let's get started. I look forward to fixing your computer and getting you back to safe surfing. :smile:



I see that you have McAfee installed for your Antivirus (AV). Is it working ok and updating as it should? If not, remove it through *Control Panel>Programs*, reboot and reinstall and reboot. This must be done first before proceeding with this fix. 



Please download  Malwarebytes' Anti-Malware to your desktop.
Double-click *mbam-setup.exe* and follow the prompts to install the program.
At the end, be sure a check mark is placed next to:
 *Launch Malwarebytes' Anti-Malware*, and removed from
*Enable free trial of Malwarebytes Anti-Malware Premium*, unless you plan on purchasing

Then click *Finish*.
If an update is ever found during any part of the scan, it will prompt you to download the latest version. Please do so.
Click on *Scan Now*.
When the scan is complete, click *Quarantine All* if anything found. 

Click *View detailed log* if No malicious items detected. Export and save as _*.txt_ Name should be latest-mbam.txt. Here's an example:

*latest-mbam.txt*​
Save this log to your desktop.
Post it in your next reply.


*Of Special Note:
**Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

**If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. *

** *A Further Note* **
Enable rootkit scanning before you start your scan. Here's how:


Launch Malwarebytes and click on '*Settings*'
In the next window, look on the left hand side and click '*Detection and Protection*'
Place a check in the box next to '*scan for rootkits*'


----------



## jwdrums0

Hi Drew,

This process took me some time...I had a BSOD during the first attempt at scanning. My second attempt yielded 1 malware bug, but I don't feel like I actually had the chance to delete it from the system. I clicked 'Quarantine All' after MBAM gave me the list of threats found, and then exported the log to the desktop (after restarting the pc), but saw no sight of the bug that was quarantined before. I don't know if this is normal but am mentioning it just in case it isn't..to repeat, I actually did not delete anything that came up from the scan. Here is the log that I saved as latest-mbam.txt :

Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Scan Date: 2/11/2014
Scan Time: 3:36:36 PM
Logfile: latest-mbam.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.02.02
Rootkit Database: v2014.11.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Joe

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 302765
Time Elapsed: 1 hr, 7 min, 21 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)




Thank you, --Joe

PS. Also I wanted to mention that the McAfee that you spoke of before on my system is not an AV (to my knowledge) it is simply Security Scan Plus and was a free download that bundled with Flash player when I upgraded it one time. Nonetheless to be sure I followed your instructions properly, I deleted, rebooted and re-installed that same program, then re-booted before continuing on to download MBAM.

Thanks again; what's the next move ?


----------



## DrDOS

jwdrums0,

Thanks for the MBAM log. Buy it or run that at least once a week. 



*Your Java is out of date.* Older versions have vulnerabilities that malware can use to infect your system. *Please follow these steps to update.*

Download the latest version of *Java Runtime Environment (JRE) 7*.
Read the License Agreement then select *Accept License Agreement*
Click on the link to download *Windows x86 Offline* and save the file.
Close any programs you may have running - especially your web browser.
*[*]Go to Start > Control Panel > Programs, and remove all older versions of Java. Specifically*

*Java(TM) 6 Update 17*​
*[*]Click the Remove or Change/Remove button.*
Then from your desktop double-click on * jre-7u71-windows-i586.exe* to install the newest version. If a different version, always get the latest.

After the install is complete, go into the Control Panel > Programs > Java (this is using the default *Category* view - if you are using something different, the Java Icon looks like a coffee cup)

On the General tab, under Temporary Internet Files, click the *Settings* button.
Next, click on the Delete Files button
There are two options in the window to clear the cache - *Leave BOTH Checked*
*Applications and Applets
Trace and Log Files*​
Click OK on Delete Temporary Files Window

*Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.*


Click OK to leave the Temporary Files Window
Click OK to leave the Java Control Panel.



Please run this online scan to help look for remnants. 

Go *here* to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
*Note:* For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan.  Here's how.
Click the blue Run ESET Online Scanner button
Tick the box next to *YES, I accept the Terms of Use.*
Click *Start*
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on *Enable detection of potentially unwanted applications*
Click on *Advanced Settings*
Make sure that the option *Remove found threats* is *unticked*.
Ensure these options are ticked
*Scan archives*
*Scan for potentially unsafe applications*
*Enable Anti-Stealth Technology*

Click *Start*
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
 Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan, and let me know how things are now.


----------



## jwdrums0

Hi Drew,

Thanks for your help and attention thus far. I got the latest Java installed (and all the old files deleted) without a problem.

The ESET online scan did not go smoothly. The first scan took over 22 hours, during which time I left the PC to go to bed (around the 21 hour mark, I think)...and by that stage it had found 32 threats. I came back to the PC a few hours later, and it had gone into shutdown. Upon turning the computer back on (in the first 'Windows had to be shut down unexpectedly...' screen where it asks if you want to start Windows in safe mode, or just normally- I just chose normal), the scan and hence all the scan results had disappeared. So I re-ran the scan. It took a lot shorter- about 7.5 hours total- however it found 0 threats this time, so unfortunately I have nothing to report about what was in the system that the scan found originally.

The PC seems to be running slower now. I timed a restart from the time I click 'restart' to the time the ubd.exe error prompt comes on screen to take 11min 56sec. I didn't see any indication that the restart process was entailing any windows updates either.
Also, this probably won't give you any more insight but I'll mention it because I noticed it- the music for the Windows 7 default welcome screen comes in several seconds AFTER the desktop has been populated with icons, whereas when operating normally it happens right with the screen that briefly displays the solitary 'welcome' word.

I'm ready for the next move  --Joe


----------



## DrDOS

jwdrums0,

Could be we need to wait for that patch but we can to do more searching. Let's try this.


Please download Farbar Recovery Scan Tool and save it to your Desktop.

*Note*: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


When the tool opens click *Yes* to disclaimer. (Let the UAC work.)
If the tool needs to be updated, it will close momentarily and place the older version in a folder. The updated version will open, ready for use.

Press *Scan* button.
It will produce a log called *FRST.txt* in the same directory the tool is run from. 
Please copy and paste log back here.
The first time the tool is run it generates another log (*Addition.txt* - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


----------



## jwdrums0

Hi Drew,

OK, FRST.txt; then addition.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-11-2014
Ran by Joe (administrator) on NBA on 05-11-2014 11:05:59
Running from C:\Users\Joe\Downloads
Loaded Profile: Joe (Available profiles: Joe)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
(TOSHIBA Corporation.) C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Razer USA Ltd) C:\Program Files\Razer\Mamba\RazerMambaSysTray.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(TOSHIBA Corporation.) C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-03] (Intel Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8526368 2010-03-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [686624 2010-03-10] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1697064 2010-03-11] (Synaptics Incorporated)
HKLM\...\Run: [TOSDCR] => C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-29] ()
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [480608 2009-11-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [55160 2009-03-10] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [460088 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [742712 2010-03-26] (TOSHIBA Corporation)
HKLM\...\Run: [TWebCamera] => C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-10-20] (TOSHIBA Corporation)
HKLM\...\Run: [ITSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-23] (TOSHIBA CORPORATION)
HKLM\...\Run: [HDMICtrlMan] => C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [832856 2010-04-06] (TOSHIBA Corporation.)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2010-02-06] (TOSHIBA Corporation)
HKLM\...\Run: [TRCMan] => C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe [701752 2009-07-22] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1328480 2010-04-07] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [611672 2010-02-24] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252728 2010-04-02] (TOSHIBA)
HKLM\...\Run: [ToshibaServiceStation] => C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-07] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [22840 2009-11-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [467816 2010-03-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [30040 2010-03-04] (TOSHIBA Corporation)
HKLM\...\Run: [WireLessMouse] => C:\Program Files\Nortek\Activo Wireless and wired mouse\StartAutorun.exe KMConfig.exe
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM\...\Run: [Razer Mamba Elite Driver] => C:\Program Files\Razer\Mamba\RazerMambaSysTray.exe [973720 2011-11-25] (Razer USA Ltd)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-1967268300-1953964472-619797983-1004\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ksrrk.default-1398267199374
FF DefaultSearchEngine: omiga-plus
FF SelectedSearchEngine: omiga-plus
FF Homepage: hxxp://www.nba.tv/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-10-30]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2010-01-29] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-11] (TOSHIBA CORPORATION)
S3 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [238328 2009-12-04] (WildTangent, Inc.)
R2 LMS; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-10-07] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [189808 2010-04-07] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2010-02-06] (TOSHIBA Corporation)
R3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2010-02-24] (TOSHIBA Corporation)
R2 UNS; C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 FTDIBUS; C:\windows\System32\drivers\ftdibus.sys [57536 2009-06-03] (FTDI Ltd.)
R3 hidshim; C:\windows\System32\DRIVERS\hidshim.sys [5632 2009-09-01] (Windows (R) Win 7 DDK provider)
S3 KMWDFilter; C:\windows\System32\Drivers\KMWDFilter.SYS [17024 2008-03-22] (Windows (R) Codename Longhorn DDK provider) [File not signed]
S3 KMWDFILTERx86; C:\windows\System32\DRIVERS\KMWDFILTER.sys [17024 2008-03-22] (Windows (R) Codename Longhorn DDK provider) [File not signed]
R3 mod7700; C:\windows\System32\Drivers\dvb7700all.sys [626688 2009-06-12] (DiBcom)
R3 nuvotonhidcir; C:\windows\System32\DRIVERS\nuvotonhidcir.sys [23040 2009-09-01] (Nuvoton Technology Corporation)
R3 nuvotonir; C:\windows\System32\DRIVERS\nuvotonir.sys [67072 2009-09-01] (Nuvoton Technology Corporation)
R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-23] (TOSHIBA Corporation)
R2 risdpcie; C:\windows\System32\DRIVERS\risdpe86.sys [48128 2009-11-28] (REDC)
R2 rixdpcie; C:\windows\System32\DRIVERS\rixdpe86.sys [38400 2009-07-05] (REDC)
R2 TVALZFL; C:\windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-20] (TOSHIBA Corporation)
S3 Tosrfcom; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 11:05 - 2014-11-05 11:08 - 00017202 _____ () C:\Users\Joe\Downloads\FRST.txt
2014-11-05 11:03 - 2014-11-05 11:06 - 00000000 ____D () C:\FRST
2014-11-05 11:01 - 2014-11-05 11:01 - 01106432 _____ (Farbar) C:\Users\Joe\Downloads\FRST.exe
2014-11-04 07:56 - 2014-11-04 07:56 - 02347384 _____ (ESET) C:\Users\Joe\Downloads\esetsmartinstaller_enu(1).exe
2014-11-04 07:46 - 2014-11-04 07:47 - 00555272 _____ () C:\windows\Minidump\110414-34913-01.dmp
2014-11-03 09:39 - 2014-11-03 09:39 - 00000000 ____D () C:\Program Files\ESET
2014-11-03 09:35 - 2014-11-03 09:36 - 02347384 _____ (ESET) C:\Users\Joe\Downloads\esetsmartinstaller_enu.exe
2014-11-03 09:29 - 2014-11-03 09:29 - 00000000 ____D () C:\ProgramData\Sun
2014-11-03 09:29 - 2014-11-03 09:29 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-11-03 09:20 - 2014-11-03 09:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-03 09:20 - 2014-11-03 09:19 - 00096680 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2014-11-03 09:18 - 2014-11-03 09:26 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-03 09:14 - 2014-11-03 09:14 - 29727656 _____ (Oracle Corporation) C:\Users\Joe\Downloads\jre-8u25-windows-i586.exe
2014-11-03 09:12 - 2014-11-03 09:12 - 00638376 _____ (Oracle Corporation) C:\Users\Joe\Downloads\jre-8u25-windows-i586-iftw.exe
2014-11-02 16:46 - 2014-11-05 08:22 - 00001356 _____ () C:\Users\Joe\Desktop\latest-mbam.txt
2014-11-02 15:35 - 2014-11-02 15:35 - 00000350 _____ () C:\malware latest.txt
2014-11-02 15:34 - 2014-11-02 15:34 - 00000350 _____ () C:\rootkit latest.txt
2014-11-02 15:25 - 2014-11-02 15:25 - 00553584 _____ () C:\windows\Minidump\110214-31184-01.dmp
2014-11-02 10:42 - 2014-11-04 19:19 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-02 10:41 - 2014-11-02 10:41 - 00001071 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-02 10:41 - 2014-11-02 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-02 10:40 - 2014-11-02 10:41 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-02 10:40 - 2014-11-02 10:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-02 10:40 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-11-02 10:40 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-11-02 10:40 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-11-02 10:38 - 2014-11-04 02:57 - 00000000 ____D () C:\Program Files\f552dd4c52e3
2014-11-02 10:38 - 2014-11-02 10:47 - 00000000 ____D () C:\Program Files\0ca45c95134d
2014-11-02 10:37 - 2014-11-02 10:37 - 00000000 ____D () C:\Program Files\predm
2014-11-02 10:34 - 2014-11-02 10:34 - 00000000 ____D () C:\Users\Joe\Documents\Optimizer Pro
2014-11-02 10:33 - 2014-11-02 10:33 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-11-02 10:31 - 2014-11-02 10:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2014-11-02 10:26 - 2014-11-02 10:26 - 00000000 ____D () C:\ProgramData\Kromtech
2014-11-02 10:08 - 2014-11-02 10:08 - 00002127 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-11-02 10:08 - 2014-11-02 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-11-02 10:04 - 2014-11-02 10:06 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-11-02 10:03 - 2014-11-02 10:03 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-11-02 10:01 - 2014-11-02 10:01 - 08461968 _____ (McAfee, Inc.) C:\Users\Joe\Downloads\SecurityScan_Release.exe
2014-10-30 18:38 - 2014-10-30 18:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-29 09:48 - 2014-11-04 07:46 - 409224626 _____ () C:\windows\MEMORY.DMP
2014-10-29 09:48 - 2014-11-04 07:46 - 00000000 ____D () C:\windows\Minidump
2014-10-29 09:48 - 2014-10-29 09:48 - 00131072 _____ () C:\windows\Minidump\102914-37065-01.dmp
2014-10-29 09:32 - 2014-10-29 09:32 - 00370943 _____ () C:\Users\Joe\Downloads\gmer.zip
2014-10-29 09:10 - 2014-10-29 09:10 - 00688992 ____R (Swearware) C:\Users\Joe\Downloads\dds.scr
2014-10-22 19:41 - 2014-10-22 19:41 - 01054912 _____ (Adobe) C:\Users\Joe\Downloads\install_flashplayer15x32au_ltr5x32d_awc_aih.exe
2014-10-18 11:01 - 2014-10-07 10:04 - 00331448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-18 11:01 - 2014-09-26 06:46 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-10-18 11:01 - 2014-09-26 06:46 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-18 11:01 - 2014-09-26 06:46 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-18 11:01 - 2014-09-26 06:43 - 11807232 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-18 11:01 - 2014-09-26 06:32 - 02017280 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-18 11:01 - 2014-09-19 09:44 - 17484800 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-18 11:01 - 2014-09-19 09:25 - 04201472 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-18 11:01 - 2014-09-19 09:14 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-10-18 11:01 - 2014-09-19 09:14 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-10-18 11:01 - 2014-09-19 09:02 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-10-18 11:01 - 2014-09-19 09:01 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-10-18 11:01 - 2014-09-19 09:01 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-10-18 11:01 - 2014-09-19 08:59 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-10-18 11:01 - 2014-09-19 08:55 - 02187264 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-18 11:01 - 2014-09-19 08:54 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-10-18 11:01 - 2014-09-19 08:53 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-10-18 11:01 - 2014-09-19 08:51 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-10-18 11:01 - 2014-09-19 08:50 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-10-18 11:01 - 2014-09-19 08:50 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-10-18 11:01 - 2014-09-19 08:49 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-10-18 11:01 - 2014-09-19 08:44 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-10-18 11:01 - 2014-09-19 08:36 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-10-18 11:01 - 2014-09-19 08:32 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-10-18 11:01 - 2014-09-19 08:20 - 00677888 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-18 11:01 - 2014-09-19 08:20 - 00607744 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-18 11:01 - 2014-09-19 08:18 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-10-18 11:01 - 2014-09-19 07:59 - 01810944 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-18 11:01 - 2014-09-19 07:53 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-10-18 11:01 - 2014-09-19 07:52 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-10-18 10:58 - 2014-10-10 09:44 - 00396288 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-10-18 10:58 - 2014-10-10 09:44 - 00230912 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-10-18 10:58 - 2014-10-10 09:39 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-10-18 10:45 - 2014-09-04 13:04 - 00372736 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-10-18 10:44 - 2014-07-17 09:40 - 00157696 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-10-18 10:44 - 2014-07-17 09:39 - 03221504 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-10-18 10:44 - 2014-07-17 09:39 - 01051136 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-10-18 10:44 - 2014-07-17 09:39 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-10-18 10:44 - 2014-07-17 09:39 - 00304128 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-10-18 10:44 - 2014-07-17 09:39 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2014-10-18 10:44 - 2014-07-17 09:39 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2014-10-18 10:44 - 2014-07-17 09:39 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-10-18 10:44 - 2014-07-17 09:39 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-10-18 10:44 - 2014-07-17 09:03 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2014-10-18 10:44 - 2014-07-17 09:02 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2014-10-18 10:42 - 2014-09-29 08:41 - 02379264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-18 10:42 - 2014-09-13 09:40 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-10-18 10:39 - 2014-09-18 09:32 - 02363904 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-10-18 10:39 - 2014-06-19 06:23 - 01131664 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2014-10-18 10:39 - 2014-06-19 06:23 - 00156824 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2014-10-18 10:39 - 2014-06-19 06:23 - 00081560 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2014-10-12 10:35 - 2014-10-30 13:42 - 00000000 ____D () C:\Users\Joe\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 11:00 - 2010-07-16 06:42 - 01293825 _____ () C:\windows\WindowsUpdate.log
2014-11-05 10:59 - 2012-04-09 13:35 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-05 08:37 - 2009-07-14 12:39 - 00167804 _____ () C:\windows\setupact.log
2014-11-04 17:04 - 2009-07-14 12:34 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-04 17:04 - 2009-07-14 12:34 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-04 16:52 - 2009-07-14 12:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-03 09:19 - 2010-04-19 13:19 - 00272296 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-11-03 09:19 - 2010-04-19 13:19 - 00176552 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-11-03 09:19 - 2010-04-19 13:19 - 00176552 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-11-03 09:18 - 2010-04-19 13:18 - 00000000 ____D () C:\Program Files\Java
2014-11-03 09:05 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\system32\NDF
2014-11-02 10:57 - 2011-05-03 21:48 - 00001119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-02 10:57 - 2011-05-03 21:48 - 00001107 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-02 10:57 - 2010-12-01 01:55 - 00001424 _____ () C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-02 10:36 - 2011-01-28 20:32 - 00000000 ____D () C:\Users\Joe\AppData\Local\CrashDumps
2014-11-02 09:56 - 2012-05-06 19:38 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-30 13:38 - 2012-04-09 13:35 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-10-30 13:38 - 2011-05-27 21:53 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-29 09:56 - 2014-01-28 18:36 - 00380416 _____ () C:\Users\Joe\Desktop\gmer.exe
2014-10-28 06:35 - 2010-12-25 18:02 - 00229000 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-10-21 20:05 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\rescache
2014-10-21 19:31 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\Microsoft.NET
2014-10-21 19:13 - 2009-07-14 12:33 - 00430448 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-21 19:10 - 2010-07-16 06:53 - 00658124 _____ () C:\windows\PFRO.log
2014-10-21 19:04 - 2014-05-07 13:51 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-10-19 16:47 - 2010-07-16 07:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-18 10:59 - 2013-08-30 16:49 - 00000000 ____D () C:\windows\system32\MRT
2014-10-18 10:23 - 2011-03-13 14:56 - 100290944 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Joe\AppData\Local\Temp\104630CE-A29A-07FE-EA56-0A24EAF73328.dll
C:\Users\Joe\AppData\Local\Temp\104630CE-A29A-07FE-EA56-0A24EAF73328.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-18 12:00

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-11-2014
Ran by Joe at 2014-11-05 11:09:00
Running from C:\Users\Joe\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader 9.5.3 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.3 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 2 Deluxe (Version: 2.2.0.82 - WildTangent) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.10.12(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Chuzzle Deluxe (Version: 2.2.0.82 - WildTangent) Hidden
Corel WinDVD (HKLM\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.349 - Corel Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (Version: 1.00.0000 - Corel Corporation) Hidden
DVD MovieFactory for TOSHIBA (HKLM\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
DVD MovieFactory for TOSHIBA (Version: 7.0.0 - Corel Corporation) Hidden
Escape Rosecliff Island (Version: 2.2.0.82 - WildTangent) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FATE - The Traitor Soul (Version: 2.2.0.82 - WildTangent) Hidden
Final Drive Nitro (Version: 2.2.0.82 - WildTangent) Hidden
HDMI Control Manager (HKLM\...\{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}) (Version: 2.0 - TOSHIBA CORPORATION)
iCloud (HKLM\...\{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}) (Version: 1.1.0.40 - Apple Inc.)
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
iTunes (HKLM\...\{0A37EE62-9A58-420D-90CC-4E52153112EE}) (Version: 11.3.0.54 - Apple Inc.)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jewel Quest 3 (Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mamba Firmware Updater 1.13 (HKLM\...\{6C6ED584-9F75-4235-8718-1F35B59814E8}) (Version: 1.13.00 - Razer USA Ltd.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 33.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Internet Security (Version: 17.5.0.127 - Symantec Corporation) Hidden
Nuvoton CIR Device Drivers (HKLM\...\{FBC79D04-051E-4367-8051-1DB0C893FBE0}) (Version: 8.60.2002 - Nuvoton Technology Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
Penguins! (Version: 2.2.0.82 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (Version: 2.2.0.82 - WildTangent) Hidden
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Razer Mamba (HKLM\...\{BF60B320-3AA3-4DFB-B542-BDA6D4F1A60E}) (Version: 2.01.05 - Razer USA Ltd.)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6062 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
RICOH R5U230 Media Driver ver.2.08.03.03 (HKLM\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.08.03.03 - RICOH)
Skype Toolbars (HKLM\...\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}) (Version: 5.0.4137 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.13 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM\...\InstallShield_{B2FB7DBA-CEEC-41F1-BC23-3323D96290F6}) (Version: 1.6.07.32 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM\...\{607BE7BF-7C28-4ADB-A4A0-385962B901C3}) (Version: 8.0.28 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.2.07-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.2.11.0 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.1.3.32 - TOSHIBA Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.4 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.80.5 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.0 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM\...\InstallShield_{B894522E-C079-4DC8-A305-30BA6E2F4459}) (Version: 1.6.06.32 - TOSHIBA Corporation)
TOSHIBA Remote Control Manager (HKLM\...\{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}) (Version: 3.0.1.0 - TOSHIBA CORPORATION)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.1.2 - TOSHIBA Corporation)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.3.6 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Virtual Villagers - The Secret City (Version: 2.2.0.82 - WildTangent) Hidden
WildTangent Games (HKLM\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.80 - WildTangent)
WildTangent ORB Game Console (Version: - WildTangent) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Zuma's Revenge (Version: 2.2.0.82 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1967268300-1953964472-619797983-1004_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1967268300-1953964472-619797983-1004_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1967268300-1953964472-619797983-1004_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1967268300-1953964472-619797983-1004_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1967268300-1953964472-619797983-1004_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1967268300-1953964472-619797983-1004_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:04 - 2009-06-11 05:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {49D134A5-82B7-4220-BDBD-2E7DE2ECBF16} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {5F43F6B8-0B87-49E4-A569-8FB36B514A85} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-30] (Adobe Systems Incorporated)
Task: {801440D9-1827-400A-83C4-7B37F1F19767} - System32\Tasks\{8B8449F7-D326-44B5-8EF7-BE8306600A73} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {8C392AAB-C81F-4B44-B097-D7FD7B420F79} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2010-02-23] (TOSHIBA CORPORATION)
Task: {995E7592-EB47-4670-A07F-5F303991F8E6} - \NewPlayer Update No Task File <==== ATTENTION
Task: {A3B39B23-0316-4A5A-B4D8-380BD360009C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-04 05:14 - 2010-03-04 05:14 - 08783160 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-04 04:26 - 2009-11-04 04:26 - 00058680 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-04 05:14 - 2010-03-04 05:14 - 00016184 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-04 05:14 - 2010-03-04 05:14 - 00016184 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-04-19 13:21 - 2009-06-23 06:38 - 00015160 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2009-03-13 10:08 - 2009-03-13 10:08 - 00049152 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2009-07-26 02:07 - 2009-07-26 02:07 - 00058704 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-07-30 06:35 - 2009-07-30 06:35 - 00014648 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2010-03-24 10:25 - 2010-03-24 10:25 - 00427320 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2010-02-06 08:40 - 2010-02-06 08:40 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-10-30 18:38 - 2014-10-30 18:38 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1967268300-1953964472-619797983-500 - Administrator - Disabled)
Guest (S-1-5-21-1967268300-1953964472-619797983-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1967268300-1953964472-619797983-1006 - Limited - Enabled)
Joe (S-1-5-21-1967268300-1953964472-619797983-1004 - Administrator - Enabled) => C:\Users\Joe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/05/2014 08:41:58 AM) (Source: VSS) (EventID: 12344) (User: )
Description: Volume Shadow Copy Error: An error 0x00000000c000014d was encountered while Registry Writer was preparing the registry for a shadow
copy. Check the Application and System event logs for any related errors.


Operation:
OnFreeze event
Freeze Event

Context:
Execution Context: Registry Writer
Execution Context: Writer
Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Writer Name: Registry Writer
Writer Instance ID: {b1cb0da2-9539-4378-97a5-aa3a7aabd9db}

Error: (11/05/2014 06:12:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15585

Error: (11/05/2014 06:12:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15585

Error: (11/05/2014 06:12:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/05/2014 05:20:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31184

Error: (11/05/2014 05:20:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31184

Error: (11/05/2014 05:20:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/05/2014 05:20:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15584

Error: (11/05/2014 05:20:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15584

Error: (11/05/2014 05:20:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (11/05/2014 08:43:53 AM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (11/04/2014 07:30:47 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\000000a0CMDre 00000002 00000080 00000000 00000005 0000000b

Error: (11/04/2014 07:30:47 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\000000a0CMDre 00000002 00000810 ffffcffc 00000004 00000084

Error: (11/04/2014 07:30:46 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\000000a0CMDre 00000002 00000080 00000000 00000005 0000000b

Error: (11/04/2014 07:30:46 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\000000a0CMDre 00000002 00000810 ffffcffc 00000004 00000084

Error: (11/04/2014 04:54:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel(R) Rapid Storage Technology service failed to start due to the following error: 
%%1053

Error: (11/04/2014 04:54:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Rapid Storage Technology service to connect.

Error: (11/04/2014 04:48:41 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UNS service.

Error: (11/04/2014 00:26:32 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (11/04/2014 07:47:41 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x00000003, 0x85cbf028, 0x83543ae0, 0x8687dca0)C:\windows\MEMORY.DMP110414-34913-01


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-11-08 21:47:50.330
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-08 21:47:50.166
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-08 21:47:50.008
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-08 21:47:49.773
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-12-22 18:44:50.266
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-12-22 18:44:50.094
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-12-22 18:44:49.793
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-12-22 18:44:49.727
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-12-22 18:44:49.647
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-12-22 18:44:49.504
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU Q 740 @ 1.73GHz
Percentage of memory in use: 43%
Total physical RAM: 3000.43 MB
Available physical RAM: 1706.22 MB
Total Pagefile: 5999.14 MB
Available Pagefile: 4606.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.95 MB

==================== Drives ================================

Drive c: (S3A5860D001) (Fixed) (Total:685.27 GB) (Free:640.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 96023752)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=685.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.9 GB) - (Type=17)

==================== End Of Log ============================


----------



## jwdrums0

^^ I'm seeing all these games installed by Wild Tangent in the addition.txt file under 'installed programs'. I know nothing about those; can we get rid of them all?


----------



## DrDOS

jwdrums0,

Thanks for those logs. 



> I'm seeing all these games installed by Wild Tangent in the addition.txt file under 'installed programs'. I know nothing about those; can we get rid of them all?


Yes. They should be in your Control Panel and were probably installed by your vendor. See Toshiba bloatware.



Download attached *fixlist.txt* file and save it to the Desktop.

*NOTE.* It's important that both files, *FRST/FRST64* and *fixlist.txt* are in the same location or the fix will not work.

*NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system*

Run *FRST/FRST64* and press the *Fix* button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. 
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


----------



## jwdrums0

Thanks Drew; here they are-


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-11-2014
Ran by Joe at 2014-11-08 14:05:38 Run:1
Running from C:\Users\Joe\Downloads
Loaded Profile: Joe (Available profiles: Joe)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKLM\...\Run: [] => [X]
Task: {49D134A5-82B7-4220-BDBD-2E7DE2ECBF16} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {995E7592-EB47-4670-A07F-5F303991F8E6} - \NewPlayer Update No Task File <==== ATTENTION
FF DefaultSearchEngine: omiga-plus
FF SelectedSearchEngine: omiga-plus
2014-11-02 10:38 - 2014-11-04 02:57 - 00000000 ____D () C:\Program Files\f552dd4c52e3
2014-11-02 10:38 - 2014-11-02 10:47 - 00000000 ____D () C:\Program Files\0ca45c95134d
2014-11-02 10:37 - 2014-11-02 10:37 - 00000000 ____D () C:\Program Files\predm
2014-11-02 10:34 - 2014-11-02 10:34 - 00000000 ____D () C:\Users\Joe\Documents\Optimizer Pro
C:\Users\Joe\AppData\Local\Temp\104630CE-A29A-07FE-EA56-0A24EAF73328.dll
C:\Users\Joe\AppData\Local\Temp\104630CE-A29A-07FE-EA56-0A24EAF73328.exe
end

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49D134A5-82B7-4220-BDBD-2E7DE2ECBF16}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49D134A5-82B7-4220-BDBD-2E7DE2ECBF16}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{995E7592-EB47-4670-A07F-5F303991F8E6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{995E7592-EB47-4670-A07F-5F303991F8E6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NewPlayer Update" => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
C:\Program Files\f552dd4c52e3 => Moved successfully.
C:\Program Files\0ca45c95134d => Moved successfully.
C:\Program Files\predm => Moved successfully.
C:\Users\Joe\Documents\Optimizer Pro => Moved successfully.
C:\Users\Joe\AppData\Local\Temp\104630CE-A29A-07FE-EA56-0A24EAF73328.dll => Moved successfully.
C:\Users\Joe\AppData\Local\Temp\104630CE-A29A-07FE-EA56-0A24EAF73328.exe => Moved successfully.

==== End of Fixlog ====


----------



## DrDOS

jwdrums0,

Thanks again for that log.

How are things now, and what symptoms remain?


----------



## jwdrums0

Hi Drew,

Thanks for writing that fixlist for me! It has helped for sure.

The PC is running slightly better, but is still very slow to boot up...A restart takes around 8 min...when timing just the bootup from scratch it takes around 3.45. I remember it booting much faster than this before. 

The Apple-related ubd.exe error message on startup, I have side-stepped by de-selecting the 'Apple push' and 'iTunes' checkboxes in msconfig-->startup. So that's out of sight and mind for now.

Flash Player is the key component I wish ran properly. After running the FRST fix that you gave me it _is_ improved, but I still get the 'Unresponsive script' popup after I fullscreen a video, which prompts me to choose to either continue or stop the script which then crashes Flash. It also automatically escapes out of full screen mode. The video I stream is both Youtube and NBA.tv which is the American basketball subscription service. This was the primary purpose for me buying the computer, and FYI I am running the HDMI output of the laptop into my Denon receiver and on to two TV's which act as monitors. I mention this in an effort to give you as much detail as I can. Flash is updated regularly and has been the whole time I've been using it. 

Those WildTangent games I asked about before were indeed easy to uninstall so I did that. Just because I had never seen them before, and their titles led me to think they might have been spyware or something. 

So, where to from here? 

Thanks again


----------



## DrDOS

jwdrum0,



> It has helped for sure.


Good to hear.


Please run this online scan again.


Go *here* to run an online scannner from ESET. 
*Note:* For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan.  Here's how.
Click the blue Run ESET Online Scanner button
Tick the box next to *YES, I accept the Terms of Use.*
Click *Start*
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on *Enable detection of potentially unwanted applications*
Click on *Advanced Settings*
Make sure that the option *Remove found threats* is *unticked*.
Ensure these options are ticked
*Scan archives*
*Scan for potentially unsafe applications*
*Enable Anti-Stealth Technology*

Click *Start*
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
 Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan, and let me know how things are now.


Since it took so darned long for you before, conduct the Eset scan from Safe Mode with Networking. Do not do anything else while the scan is running.


----------



## jwdrums0

G'day Drew,

OK, we had a good run with the ESET scan this time. I have a list of the 5 files it found, so it feels great to know I'm hopefully getting somewhere here 

Here they are:

C:\FRST\Quarantine\C\Program Files\0ca45c95134d\5596b4e010aa.exe	a variant of Win32/Adware.Salus.B application
C:\FRST\Quarantine\C\Program Files\0ca45c95134d\cf3e08d747e4.exe	a variant of Win32/Adware.Salus.B application
C:\Users\Joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNT4570R\salus_1_0_0_1[1].exe	Win32/Adware.Salus.C application
C:\Users\Joe\AppData\Local\Temp\FC97tmp\salus_1_0_0_1.exe	Win32/Adware.Salus.C application
C:\Users\Joe\AppData\Local\Temp\nseF3E.tmp\ConsoleLauncher.exe	a variant of Win32/Adware.Salus.B application


Thank you sir  --Joe


----------



## DrDOS

jwdrums0,

We can delete those three files doing the following. 

Download the attached *fixlist.txt* file (like you did before) and save it to the Desktop.

*NOTE.* It's important that both files, *FRST/FRST64* and *fixlist.txt* are in the same location or the fix will not work.

*NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system*

Run *FRST/FRST64* and press the *Fix* button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. 
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


The first two files are essentially "inert", and will be deleted soon.

How is the machine behaving now?


----------



## jwdrums0

Hi Drew,

I quickly ran the scan and am attaching the fixlog for your perusal now.

I need to run out of the house for a few hours so I will report back with the system's performance after I return and have a little spare time.

Here is the fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-11-2014
Ran by Joe at 2014-11-12 09:02:58 Run:2
Running from C:\Program Files
Loaded Profile: Joe (Available profiles: Joe)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
EmptyTemp:
end

*****************

EmptyTemp: => Removed 825.4 MB temporary data.


The system needed a reboot. 

==== End of Fixlog ====

Thankyou again, --Joe


----------



## jwdrums0

OK, the laptop is running much better now. Flash Player is better, although it still hangs up from time to time with the 'Unresponsive Plugin' popup...but it has stopped auto-exiting full screen mode now. This is the smoothest it has run in months and months.

Boot up time is around 3 min from power on to a populated desktop. 
Can this be any better?


----------



## DrDOS

jwdrums0,

Regarding speeding up your boot time, you'd be better served seeking advice from our Experts over in the Windows 7 Support, Windows Vista Support. Post in there.

Look at Safe Mode and hibernate vs sleep.



> the laptop is running much better now. Flash Player is better, although it still hangs up from time to time with the 'Unresponsive Plugin' popup...but it has stopped auto-exiting full screen mode now. This is the smoothest it has run in months and months.


Good to hear. You might consider removing Flash Player in Control Panel, rebooting, and reinstalling Flash Player again. This may have no effect and you'll just have to wait for patch/fix from Apple, regardless.


*All your logs are now clean.*

You may delete any other remaining tools and/or their associated logs/folders (like C:\FRST) from the desktop/or where you ran them from: simply right-click and delete.

Now that your system is clean, it is recommended that you update your Operating System to close any vulnerabilities and help make your system more secure against attack. You should visit Windows Updates and download any required patches for your system.

To help protect your computer in the future I recommend that you read the following articles:

Staying Safe on the Internet
Making Internet Explorer Safer.
Think Prevention!

Some further reading: Disable Java in browsers

Please ensure you have an Anti Virus installed and updated regularly as well as a firewall to block intrusion attempts. For additional protection, I would suggest using a Hosts file that blocks access to thousands of known bad sites. Full details can be found in the link below:

MVPS Hosts file

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs:



*AdblockPlus* from here

AdblockPlus, Surf the web without annoying ads!
Blocks banners, pop-ups and video ads - even on Facebook and YouTube
Protects your online privacy
Two-click installation, It's free!
click the icon that corresponds to your browser and download.


Download and install Secunia Personal Software Inspector (PSI): Free Computer Security - Personal Software Inspector (PSI) - Secunia. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.


SpywareBlaster to help prevent spyware from installing in the first place.
Install & update SpywareBlaster with the latest definitions.
After you have updated, click the button - enable protection for all unprotected items. Check for updates weekly.


*WOT* from here. 

Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an add on available for both Firefox and IE.


*Winpatrol*

A heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

You can get a free copy of Winpatrol or use the Plus version for more features.

You can read Winpatrol's FAQ if you run into problems.


*MVPS HOST FILE*

The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.


*ANTIVIRUS SOFTWARE*

It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

Do not install more than one AntiVirus program because they will conflict with each other.


*IM* from here or here.

Trillian or Miranda-IM are Malware free Instant Messenger programs which allows you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)


*ERUNT* from here. A useful freeware utility for users of Windows 2000/XP/7/Vista. It's made up of two parts - ERUNT & NTREGOPT.

ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders and disables System Restore. With ERUNT, you're able to restore the damaged Registry.

NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.


*Passwords*

Tired of having to remember many passwords for many sites? Or falling into the lowered security habit of using the same password wherever you go on the internet? Kick that habit with the free program keepass which will remember all those usernames and passwords for you. Just remember one master password and let the program remember the rest. Get the latest version and enjoy!


*Hardware/Software Inventory*

The Belarc Advisor displays a detailed profile of your installed software and hardware, network inventory, missing Microsoft hotfixes, anti-virus status, security benchmarks, and displays all the results in your Web browser. The *Belarc Advisor* is licensed for personal use only and is not permitted to be used for any commercial or government purposes.

Prevention


*Please respond to this thread one more time so we can mark this thread as resolved.*


----------



## jwdrums0

Hi Drew,

Thank you for your time and attention and for helping me cleanse my PC of any threats. I am experiencing some major hangups with my Firefox and video playback, but I will start a new post out of the Virus/Malware/Spyware forum seeing as my logs are now clean.

Kind regards, --Joe


----------

