Jump to content


Photo

Excessive CPU usage, running slow, need clean up!


  • This topic is locked This topic is locked
10 replies to this topic

#1 errantVOL

errantVOL

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 28 April 2014 - 09:53 PM

My cpu and memory seem to be constantly running at near 100% usage. Also seem to have excessive heat and fan usage. Please help!

 

 

 

 Results of screen317's Security Check version 0.99.82  
 Windows Vista Service Pack 1 x86 (UAC is enabled)  
 Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 SUPERAntiSpyware     
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Java version out of Date!
 Adobe Flash Player 9 Flash Player out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player     13.0.0.206  
 Adobe Reader 10.1.4 Adobe Reader out of Date!  
 Mozilla Firefox (28.0)
````````Process Check: objlist.exe by Laurent````````  
 McAfee VirusScan Enterprise Mcshield.exe  
 McAfee VirusScan Enterprise VsTskMgr.exe  
 McAfee VirusScan Enterprise shstat.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````
 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6001.18639  BrowserJavaVersion: 10.45.2
Run by Windows Vista at 23:34:36 on 2014-04-28
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.3030.865 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Windows Vista\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.comcast.net/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uProxyServer = :0
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.141\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan enterprise\ScriptCl.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Facebook Update] "c:\users\windows vista\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [OA001Cfg.exe] OA001Cfg.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\window~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\window~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\windows vista\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.141\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: NoResolveTrack = dword:1
uPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-System: dontdisplaylastusername = 1
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: bxwa.com
Trusted Zone: bxwa.com
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{1D9A7320-9C14-404F-A9C4-ADE7618171AA} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{4C091BA3-F66C-4CA1-B0CC-1207E6F98DAA} : DHCPNameServer = 192.168.1.254
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\windows vista\appdata\roaming\mozilla\firefox\profiles\lk6a2jqu.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee security scan\3.8.141\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\windows vista\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_182.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_206.dll
FF - ExtSQL: !HIDDEN! 2009-07-02 21:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-10-5 65584]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-10-6 31816]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-4-21 112128]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-4-21 203264]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-4-27 72904]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-4-27 34344]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-4-27 177672]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-4-21 133472]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-4-21 279488]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-6-19 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2009-9-15 23936]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904]
.
=============== Created Last 30 ================
.
2014-04-24 22:36:59    119408    ----a-w-    c:\program files\mozilla firefox\maintenanceservice.exe
2014-04-24 22:36:58    647280    ----a-w-    c:\program files\mozilla firefox\libGLESv2.dll
2014-04-24 22:36:58    53360    ----a-w-    c:\program files\mozilla firefox\libEGL.dll
2014-04-24 22:36:57    5779568    ----a-w-    c:\program files\mozilla firefox\gkmedias.dll
2014-04-24 22:36:57    307824    ----a-w-    c:\program files\mozilla firefox\freebl3.dll
2014-04-24 22:36:56    275568    ----a-w-    c:\program files\mozilla firefox\firefox.exe
2014-04-24 22:36:41    352256    ---ha-w-    c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
2014-04-24 22:36:24    2106216    ----a-w-    c:\program files\mozilla firefox\D3DCompiler_43.dll
2014-04-24 22:36:23    117360    ----a-w-    c:\program files\mozilla firefox\crashreporter.exe
2014-04-24 22:36:20    46704    ----a-w-    c:\program files\mozilla firefox\browser\components\browsercomps.dll
2014-04-24 22:36:19    75376    ----a-w-    c:\program files\mozilla firefox\breakpadinjector.dll
2014-04-24 22:36:19    20080    ----a-w-    c:\program files\mozilla firefox\AccessibleMarshal.dll
2014-04-22 13:53:30    --------    d-----w-    c:\program files\McAfee Security Scan
2014-04-22 13:10:35    --------    d-----w-    c:\programdata\McAfee Security Scan
2014-03-30 04:29:54    --------    d-----w-    c:\users\windows vista\appdata\local\Intuit
2014-03-30 04:21:59    3833856    ----a-w-    c:\windows\system32\cdintf300.dll
2014-03-30 04:14:37    --------    d-----w-    c:\program files\common files\Intuit
2014-03-30 04:14:35    --------    d-----w-    c:\programdata\Intuit
2014-03-30 04:14:35    --------    d-----w-    c:\program files\Intuit
2014-03-30 04:09:22    --------    d-----w-    c:\programdata\COMMON FILES
2014-03-30 04:01:29    --------    d-----w-    c:\program files\Akamai
.
==================== Find3M  ====================
.
2014-04-28 19:34:38    70832    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-28 19:34:38    692400    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 23:36:04.94 ===============
 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.22.04

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Windows Vista :: WINDOWSVISTA-PC [administrator]

4/22/2014 12:06:42 PM
mbam-log-2014-04-22 (12-06-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 249787
Time elapsed: 15 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 



#2 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,258 posts

Posted 29 April 2014 - 05:46 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Nothing suspicious was found on your DDS log.
You need to update some programs as reported by the SecutityCheck tool. Will do that when you computer is back to normal.

I would suggest that you install the Microsoft Security Essential it's free and is better then the Windows Defender.
http://windows.micro...ntials-download
Run the tool when installed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#3 errantVOL

errantVOL

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 29 April 2014 - 10:30 AM

Hi nasdaq. Thanks for the help. I installed Microsoft Security Essentials as per your recommendation but it required me to remove my current antivirus software. From looking at these logs it seems some traces of McAfee are still remaining. How can we get rid of this?

 

 

# AdwCleaner v3.205 - Report created 29/04/2014 at 12:03:22
# Updated 28/04/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 1 (32 bits)
# Username : Windows Vista - WINDOWSVISTA-PC
# Running from : C:\Users\Windows Vista\Downloads\Cleaners\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\tuguu sl

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\tuguu sl
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV

Player
[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App

Management\ARPCache\FLV Player

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6001.18639


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Windows

Vista\AppData\Roaming\Mozilla\Firefox\Profiles\lk6a2jqu.default\prefs.js ]

Line Deleted : user_pref("plugin.blocklisted.npviewpoint", true);

*************************

AdwCleaner[R0].txt - [1142 octets] - [29/04/2014 12:00:04]
AdwCleaner[S0].txt - [1081 octets] - [29/04/2014 12:03:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1141 octets] ##########

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-04-2014
Ran by Windows Vista (administrator) on WINDOWSVISTA-PC on 29-04-2014 12:11:23
Running from C:\Users\Windows Vista\Downloads\Cleaners
Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Dell Inc.) C:\Windows\System32\bcmwltry.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\UdaterUI.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Dropbox, Inc.) C:\Users\Windows Vista\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\McTray.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\gs_agent\dsc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [196608 2008-07-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3810304 2008-12-22] (Dell Inc.)
HKLM\...\Run: [dellsupportcenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-01-30] (SupportSoft, Inc.)
HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\udaterui.exe [136512 2008-03-14] (McAfee, Inc.)
HKLM\...\Run: [OA001Cfg.exe] => C:\Windows\OA001Cfg.exe [32768 2009-01-19] (Creative Technology Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [483420 2008-12-22] (IDT, Inc.)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [300400 2010-03-11] (Citrix Systems, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-235758290-2098719861-1985192771-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-235758290-2098719861-1985192771-1000\...\Run: [Facebook Update] => C:\Users\Windows Vista\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\S-1-5-21-235758290-2098719861-1985192771-1000\...\Policies\Explorer: [NoSMMyDocs] 0
HKU\S-1-5-21-235758290-2098719861-1985192771-1000\...\Policies\Explorer: [NoRecentDocsMenu] 0
HKU\S-1-5-21-235758290-2098719861-1985192771-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-235758290-2098719861-1985192771-1000\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-235758290-2098719861-1985192771-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-235758290-2098719861-1985192771-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-235758290-2098719861-1985192771-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-235758290-2098719861-1985192771-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-235758290-2098719861-1985192771-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
ShortcutTarget: QuickSet.lnk -> C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Windows Vista\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Windows Vista\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Windows Vista\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - ComcastSearch URL = http://search.comcas...cat=Web&con=ie7
SearchScopes: HKCU - ComcastSearch URL = http://search.comcas...cat=Web&con=ie7
SearchScopes: HKCU - {4BEFA0F1-E998-42E3-918B-90E2AA1D9666} URL = http://www.google.co...age={startPage}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Windows Vista\AppData\Roaming\Mozilla\Firefox\Profiles\lk6a2jqu.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Windows Vista\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npViewpoint.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF Extension: Garmin Communicator - C:\Users\Windows Vista\AppData\Roaming\Mozilla\Firefox\Profiles\lk6a2jqu.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}(73) [2011-12-06]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Windows Vista\AppData\Roaming\Mozilla\Firefox\Profiles\lk6a2jqu.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-12-10]
FF Extension: The Browser Highlighter - C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com [2014-04-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-23] (SUPERAntiSpyware.com)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [81920 2008-12-22] (Andrea Electronics Corporation)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation)
R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [103744 2008-03-14] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2009-01-30] (SupportSoft, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe [241746 2008-12-22] (IDT, Inc.)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-12-22] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-22] (Broadcom Corporation)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2008-07-28] (ITE Tech. Inc. )
S3 motport; C:\Windows\System32\DRIVERS\motport.sys [23936 2009-09-15] (Motorola)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [133472 2009-01-19] (Creative Technology Ltd.)
R3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [279488 2009-01-19] (Creative Technology Ltd.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\WINDOW~1\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U4 Messenger;
S1 mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104}; \??\C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-29 12:10 - 2014-04-29 12:11 - 00000000 ____D () C:\FRST
2014-04-29 12:09 - 2014-04-29 12:09 - 00001221 _____ () C:\Users\Windows Vista\Desktop\AdwCleaner[S0].txt
2014-04-29 12:01 - 2014-04-29 12:01 - 00001142 _____ () C:\Users\Windows Vista\Desktop\AdwCleaner[R0].txt
2014-04-29 11:59 - 2014-04-29 12:03 - 00000000 ____D () C:\AdwCleaner
2014-04-29 11:12 - 2014-04-29 11:12 - 00001828 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-04-29 11:10 - 2014-04-29 11:12 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-29 10:54 - 2014-04-29 11:13 - 00002154 _____ () C:\Windows\epplauncher.mif
2014-04-29 10:54 - 2014-04-29 10:54 - 00001774 _____ () C:\Users\Windows Vista\Desktop\instructions.txt
2014-04-29 10:37 - 2014-04-22 09:53 - 00000426 _____ () C:\AVScanner.ini
2014-04-29 10:14 - 2014-04-29 10:14 - 11241816 _____ (Microsoft Corporation) C:\Users\Windows Vista\Downloads\mseinstall.exe
2014-04-29 00:05 - 2014-04-29 00:05 - 00001296 _____ () C:\Users\Windows Vista\Desktop\checkup.txt
2014-04-28 23:36 - 2014-04-28 23:36 - 00015490 _____ () C:\Users\Windows Vista\Desktop\dds.txt
2014-04-28 23:36 - 2014-04-28 23:36 - 00011051 _____ () C:\Users\Windows Vista\Desktop\attach.txt
2014-04-28 23:34 - 2014-04-28 23:34 - 00688992 ____R (Swearware) C:\Users\Windows Vista\Downloads\dds.scr
2014-04-24 18:36 - 2014-04-24 18:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-07 09:44 - 2014-04-07 09:44 - 00318904 _____ (Microsoft Corporation) C:\Users\Windows Vista\Downloads\wmpfirefoxplugin.exe
2014-03-30 00:31 - 2014-03-30 00:31 - 00002048 _____ () C:\Users\Public\Desktop\QuickBooks Premier - Contractor Edition 2008.lnk
2014-03-30 00:29 - 2014-03-30 00:30 - 00000000 ____D () C:\Users\Windows Vista\AppData\Local\Intuit
2014-03-30 00:21 - 2014-03-30 00:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
2014-03-30 00:21 - 2009-01-20 15:33 - 03833856 _____ (Amyuni Technologies http://www.amyuni.com) C:\Windows\system32\cdintf300.dll
2014-03-30 00:14 - 2014-03-30 10:01 - 00000000 ____D () C:\ProgramData\Intuit
2014-03-30 00:14 - 2014-03-30 00:17 - 00000000 ____D () C:\Program Files\Common Files\Intuit
2014-03-30 00:14 - 2014-03-30 00:14 - 00000000 ____D () C:\Users\Public\Documents\Intuit
2014-03-30 00:14 - 2014-03-30 00:14 - 00000000 ____D () C:\Program Files\Intuit
2014-03-30 00:01 - 2014-03-30 00:01 - 00000794 _____ () C:\Users\Windows Vista\Desktop\Setup_QuickBooksPremier2008.lnk
2014-03-30 00:01 - 2014-03-30 00:01 - 00000000 ____D () C:\Program Files\Akamai

==================== One Month Modified Files and Folders =======

2014-04-29 12:12 - 2009-04-21 00:24 - 01295844 _____ () C:\Windows\WindowsUpdate.log
2014-04-29 12:12 - 2006-11-02 06:33 - 00748622 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-29 12:11 - 2014-04-29 12:10 - 00000000 ____D () C:\FRST
2014-04-29 12:11 - 2013-07-25 09:16 - 00000000 ____D () C:\Users\Windows Vista\Downloads\Cleaners
2014-04-29 12:09 - 2014-04-29 12:09 - 00001221 _____ () C:\Users\Windows Vista\Desktop\AdwCleaner[S0].txt
2014-04-29 12:08 - 2014-01-03 14:32 - 00000000 ___RD () C:\Users\Windows Vista\Dropbox
2014-04-29 12:08 - 2014-01-03 14:10 - 00000000 ____D () C:\Users\Windows Vista\AppData\Roaming\Dropbox
2014-04-29 12:07 - 2011-04-26 12:31 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-29 12:05 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-29 12:05 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-29 12:05 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-29 12:04 - 2008-01-20 22:47 - 00084326 _____ () C:\Windows\PFRO.log
2014-04-29 12:04 - 2006-11-02 09:01 - 00032584 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-29 12:03 - 2014-04-29 11:59 - 00000000 ____D () C:\AdwCleaner
2014-04-29 12:01 - 2014-04-29 12:01 - 00001142 _____ () C:\Users\Windows Vista\Desktop\AdwCleaner[R0].txt
2014-04-29 11:44 - 2011-04-26 12:31 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-29 11:35 - 2014-02-27 10:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-29 11:13 - 2014-04-29 10:54 - 00002154 _____ () C:\Windows\epplauncher.mif
2014-04-29 11:13 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-04-29 11:12 - 2014-04-29 11:12 - 00001828 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-04-29 11:12 - 2014-04-29 11:10 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-29 10:57 - 2012-05-02 08:58 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-29 10:54 - 2014-04-29 10:54 - 00001774 _____ () C:\Users\Windows Vista\Desktop\instructions.txt
2014-04-29 10:39 - 2009-04-27 17:27 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-29 10:39 - 2009-04-27 17:27 - 00000000 ____D () C:\Program Files\McAfee
2014-04-29 10:31 - 2009-04-21 06:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-04-29 10:31 - 2009-04-21 06:24 - 00000000 ____D () C:\Program Files\Windows Live
2014-04-29 10:14 - 2014-04-29 10:14 - 11241816 _____ (Microsoft Corporation) C:\Users\Windows Vista\Downloads\mseinstall.exe
2014-04-29 09:42 - 2012-05-14 18:32 - 00000960 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-235758290-2098719861-1985192771-1000UA.job
2014-04-29 00:05 - 2014-04-29 00:05 - 00001296 _____ () C:\Users\Windows Vista\Desktop\checkup.txt
2014-04-28 23:36 - 2014-04-28 23:36 - 00015490 _____ () C:\Users\Windows Vista\Desktop\dds.txt
2014-04-28 23:36 - 2014-04-28 23:36 - 00011051 _____ () C:\Users\Windows Vista\Desktop\attach.txt
2014-04-28 23:34 - 2014-04-28 23:34 - 00688992 ____R (Swearware) C:\Users\Windows Vista\Downloads\dds.scr
2014-04-28 23:27 - 2009-04-27 15:58 - 00000000 ____D () C:\Users\Windows Vista\AppData\Local\SupportSoft
2014-04-28 23:27 - 2009-04-21 06:16 - 00000000 ____D () C:\ProgramData\SupportSoft
2014-04-28 23:27 - 2009-04-21 06:15 - 00000000 ____D () C:\Program Files\Common Files\supportsoft
2014-04-28 23:05 - 2009-04-27 15:08 - 00000000 ____D () C:\Users\Windows Vista\AppData\Local\Adobe
2014-04-28 21:42 - 2012-05-14 18:32 - 00000938 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-235758290-2098719861-1985192771-1000Core.job
2014-04-28 18:07 - 2009-05-27 16:27 - 00000000 ____D () C:\Users\Windows Vista\AppData\Roaming\Skype
2014-04-28 15:34 - 2012-10-25 00:45 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-28 15:34 - 2011-06-21 15:28 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-28 14:26 - 2009-05-27 15:31 - 00000434 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{1BE0B09F-1051-4658-A455-1D212ED0DEA0}.job
2014-04-24 18:38 - 2014-04-24 18:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-23 17:48 - 2013-11-14 19:21 - 00000000 ____D () C:\Users\Windows Vista\gata
2014-04-22 11:39 - 2009-04-27 14:58 - 00000000 ____D () C:\Users\Windows Vista\AppData\Roaming\Adobe
2014-04-22 09:53 - 2014-04-29 10:37 - 00000426 _____ () C:\AVScanner.ini
2014-04-21 11:02 - 2011-01-20 16:19 - 00000000 ____D () C:\Users\Windows Vista\Desktop\buckner
2014-04-14 17:58 - 2012-03-21 21:33 - 00000000 ____D () C:\Users\Windows Vista\Desktop\OP research
2014-04-07 09:44 - 2014-04-07 09:44 - 00318904 _____ (Microsoft Corporation) C:\Users\Windows Vista\Downloads\wmpfirefoxplugin.exe
2014-03-30 11:50 - 2009-04-27 14:52 - 00108840 _____ () C:\Users\Windows Vista\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-30 10:05 - 2006-11-02 08:47 - 06317040 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-30 10:01 - 2014-03-30 00:14 - 00000000 ____D () C:\ProgramData\Intuit
2014-03-30 00:31 - 2014-03-30 00:31 - 00002048 _____ () C:\Users\Public\Desktop\QuickBooks Premier - Contractor Edition 2008.lnk
2014-03-30 00:31 - 2014-03-30 00:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
2014-03-30 00:30 - 2014-03-30 00:29 - 00000000 ____D () C:\Users\Windows Vista\AppData\Local\Intuit
2014-03-30 00:22 - 2009-04-27 14:51 - 00000000 ____D () C:\Users\Windows Vista
2014-03-30 00:17 - 2014-03-30 00:14 - 00000000 ____D () C:\Program Files\Common Files\Intuit
2014-03-30 00:14 - 2014-03-30 00:14 - 00000000 ____D () C:\Users\Public\Documents\Intuit
2014-03-30 00:14 - 2014-03-30 00:14 - 00000000 ____D () C:\Program Files\Intuit
2014-03-30 00:06 - 2012-03-02 09:19 - 00000000 ____D () C:\Users\Windows Vista\AppData\Roaming\Download Manager
2014-03-30 00:01 - 2014-03-30 00:01 - 00000794 _____ () C:\Users\Windows Vista\Desktop\Setup_QuickBooksPremier2008.lnk
2014-03-30 00:01 - 2014-03-30 00:01 - 00000000 ____D () C:\Program Files\Akamai

Files to move or delete:
====================
C:\ProgramData\2697064126.dat


Some content of TEMP:
====================
C:\Users\Windows Vista\AppData\Local\Temp\catchme.dll
C:\Users\Windows Vista\AppData\Local\Temp\ddk97.exe
C:\Users\Windows Vista\AppData\Local\Temp\Intuit.Spc.Map.EntitlementClient.Install.dll
C:\Users\Windows Vista\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Windows Vista\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Windows Vista\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Windows Vista\AppData\Local\Temp\qbinstal.dll
C:\Users\Windows Vista\AppData\Local\Temp\Quarantine.exe
C:\Users\Windows Vista\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Windows Vista\AppData\Local\Temp\stlport_r50.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-29 12:10

==================== End Of Log ============================

Attached Files



#4 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,258 posts

Posted 29 April 2014 - 12:00 PM


Download and run the McAfee's removal tool.
http://mcafee-removal-tool.com/
===

The program found by the AdwCleaner is not recommended.
Your call if you want to keep it.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npViewpoint.dll ()
S3 catchme; \??\C:\Users\WINDOW~1\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U4 Messenger;
S1 mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104}; \??\C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [X]

End
Save the files as fixlist.txt in to the same folder as FRST

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u55.

You can manually check your present version and update as recommended.
https://www.java.com...d/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmic...java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.co...oads/index.html

How to disable Java in your browsers
http://www.infoworld...browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 45

===

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com...re/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.c...on_your_machine

Remove these two old versions if still present.
Adobe Flash Player 9 Flash Player out of Date!
Adobe Flash Player 10 Flash Player out of Date!

===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

Let me know if the problem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#5 errantVOL

errantVOL

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 29 April 2014 - 08:27 PM

Had a scary moment there...something called McAfee Agent wouldnt uninstall so I attempted a manual uninstall via regedit...bad idea. Performed a system restore to a previous point and miraculously the uninstall and the removal tool worked.

Ive updated the 3rd party programs and have since disabled Java in all browsers.

 

I have noticed this problem now which I am encountering only on start up (see attachment) Note, I seldom use IE

 

 

Fix Log Below

 

 

 

29-04-2014
Ran by Windows Vista at 2014-04-29 20:02:21 Run:1
Running from C:\Users\Windows Vista\Downloads\Cleaners
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start

BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npViewpoint.dll ()
S3 catchme; \??\C:\Users\WINDOW~1\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U4 Messenger;
S1 mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104}; \??\C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [X]

End
*****************

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
catchme => Service deleted successfully.
IpInIp => Service deleted successfully.
Messenger => Service deleted successfully.
mferkdk => Service not found.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
PCD5SRVC{3F6A8B78-EC003E00-05040104} => Service deleted successfully.

==== End of Fixlog ====

Attached Files



#6 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,258 posts

Posted 30 April 2014 - 06:29 AM

Try this let me know if the problem persists.

How to Reset Internet Explorer Settings (RIES)
http://support.microsoft.com/kb/923737

Restart IE to test the fix.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#7 errantVOL

errantVOL

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 30 April 2014 - 10:09 AM

Same problem. Note this error only appears on startup. What about deleting the URL file from the C:/ location?



#8 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,258 posts

Posted 30 April 2014 - 12:01 PM

Same problem. Note this error only appears on startup. What about deleting the URL file from the C:/ location?


If you can see the bad file then yes delete it.
There may still be a registry setting that I do not see.

If the problem persists post the exact filename in your next post.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#9 errantVOL

errantVOL

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 01 May 2014 - 08:16 AM

Deleting it resolved the issue!

Thanks again for all the help!



#10 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,258 posts

Posted 01 May 2014 - 11:11 AM

If all is well:

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful add-ons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#11 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,258 posts

Posted 05 May 2014 - 06:01 AM

Since the issue appears to be resolved this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




Member of UNITE
Support SpywareInfo Forum - click the button