Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Potential virus on computer [Closed]

Started by rancho82 , Feb 28 2016 07:00 AM
virus

  • This topic is locked This topic is locked

#1
rancho82
Posted 28 February 2016 - 07:00 AM

rancho82

    New Member

  • Member
  • Pip
  • 3 posts

Hi,

 

Most times the computer is restarted, the home page of the internet browser is changed from the one we have manually set to ask.com. Sometimes the manually set homepage does open up but a message appears saying a program is trying to change the homepage to 'ask.com' - clicking continue then changes it to ask.com

 

Many thanks for your help,

 

Jane

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-02-2016 01
Ran by Edna's & Eddie's (administrator) on EDNAS_EDDIES (21-02-2016 22:53:07)
Running from C:\Users\Edna's & Eddie's\Downloads
Loaded Profiles: Edna's & Eddie's (Available Profiles: Edna's & Eddie's)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Toshiba Europe GmbH) C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
() C:\Users\Edna's & Eddie's\AppData\Roaming\Update Manager\UM.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft® Corporation) C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft® Corporation) C:\Program Files (x86)\Microsoft Works\WksCal.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35160 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [596328 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050000 2009-08-06] (Toshiba Europe GmbH)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [134032 2009-07-30] (Toshiba Europe GmbH)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TWebCamera] => "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2009-08-12] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [417792 2010-02-15] (Apple Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2009-06-02] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1529347761-1154123923-3702463948-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2988488 2011-03-16] (SUPERAntiSpyware.com)
HKU\S-1-5-21-1529347761-1154123923-3702463948-1002\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-1529347761-1154123923-3702463948-1002\...\Run: [HP Officejet 4620 series (NET) #2] => C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1529347761-1154123923-3702463948-1002\...\Run: [HP Officejet 4620 series (NET)] => C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1529347761-1154123923-3702463948-1002\...\Run: [ctfmon.exe] => C:\WINDOWS\system32\ctfmon.exe [9728 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1529347761-1154123923-3702463948-1002\...\Run: [UM] => C:\Users\Edna's & Eddie's\AppData\Roaming\Update Manager\UM.EXE [814336 2016-02-12] ()
HKU\S-1-5-21-1529347761-1154123923-3702463948-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57981568 2015-09-28] (Skype Technologies S.A.)
HKU\S-1-5-21-1529347761-1154123923-3702463948-1002\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1529347761-1154123923-3702463948-1002\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1529347761-1154123923-3702463948-1002\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1529347761-1154123923-3702463948-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\WLXPGSS.SCR
HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-09-04]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-09-04]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Edna's & Eddie's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK [2010-02-06]
ShortcutTarget: wkcalrem.LNK -> C:\Program Files (x86)\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{77932DF2-1F00-4827-95F3-EB7F106F33D2}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A86212AF-FEC7-4A24-88EB-4348EBAE599C}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-1529347761-1154123923-3702463948-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.newsnow.co.uk/h/Sport/Football/SPL/Celtic
HKU\S-1-5-21-1529347761-1154123923-3702463948-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
HKU\S-1-5-21-1529347761-1154123923-3702463948-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-GB&Src=MSE&Tid=00033BCD&OHP=http%3A%2F%2Fwww.newsnow.co.uk%2Fh%2FSport%2FFootball%2FSPL%2FCeltic&OSP=https%3A%2F%2Fuk.search.yahoo.com%2Fsearch%3Ffr%3Dchr%2Dgreentree%5Fie%26ei%3Dutf%2D8%26ilc%3D12%26type%3D903578%26p%3D%7BsearchTerms%7D
URLSearchHook: HKU\S-1-5-21-1529347761-1154123923-3702463948-1002 - (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1529347761-1154123923-3702463948-1002 -> DefaultScope {04E14DCB-B62B-46A6-94B5-84CFAAA34CDA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1529347761-1154123923-3702463948-1002 -> {04E14DCB-B62B-46A6-94B5-84CFAAA34CDA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1529347761-1154123923-3702463948-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1529347761-1154123923-3702463948-1002 -> {5DC8B2E1-E4E4-4C36-A908-A36D7CAC45BF} URL = hxxp://rover.ebay.com/rover/1/710-44557-9400-9/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-1529347761-1154123923-3702463948-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1529347761-1154123923-3702463948-1002 -> {995A00CE-6787-44F0-9629-E622572D6D51} URL = hxxp://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
BHO: avast! Online Security -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-09-04] (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKU\S-1-5-21-1529347761-1154123923-3702463948-1002 -> No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} -  No File
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413
FF DefaultSearchEngine: Ask Web Search
FF SelectedSearchEngine: Ask Web Search
FF Homepage: hxxp://home.tb.ask.com/index.jhtml?ptb=DDBFF41E-0220-4988-BD3F-E68F7FEBA776&n=781b3d61&p2=^ZX^xdm087^LAENUK^gb&si=TFRR500095494_39382090
FF Keyword.URL: hxxp://int.search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=DDBFF41E-0220-4988-BD3F-E68F7FEBA776&n=781b3d61&ind=2015051105&p2=^ZX^xdm087^LAENUK^gb&si=TFRR500095494_39382090&searchfor=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2010-03-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2010-03-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2010-03-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2010-03-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2010-03-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2010-03-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2010-03-06] (Apple Inc.)
FF SearchPlugin: C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\searchplugins\ask-web-search.xml [2015-05-11]
FF SearchPlugin: C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\searchplugins\yahoo_ff.xml [2015-05-06]
FF Extension: ADB Helper - C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\Extensions\[email protected] [2016-02-05]
FF Extension: Valence - C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\Extensions\[email protected] [2016-01-24]
FF Extension: RadioRage - C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\Extensions\[email protected] [2015-12-05]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-01-07] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-01-07] [not signed]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-10-26] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Edna's & Eddie's\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Edna's & Eddie's\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-01]
CHR Extension: (Google Wallet) - C:\Users\Edna's & Eddie's\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-24]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [128752 2010-06-29] (SUPERAntiSpyware.com) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116104 2009-08-06] (Toshiba Europe GmbH)
S3 GameConsoleService; "C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14920 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-21 22:53 - 2016-02-21 23:01 - 00022101 _____ C:\Users\Edna's & Eddie's\Downloads\FRST.txt
2016-02-21 22:48 - 2016-02-21 22:53 - 00000000 ____D C:\FRST
2016-02-21 22:48 - 2016-02-21 22:48 - 02371072 _____ (Farbar) C:\Users\Edna's & Eddie's\Downloads\FRST64.exe
2016-02-21 22:03 - 2016-02-21 22:03 - 00985600 _____ C:\Users\Edna's & Eddie's\Downloads\MicrosoftFixit50123.msi

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-21 22:51 - 2009-07-14 04:45 - 00016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-21 22:51 - 2009-07-14 04:45 - 00016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-21 22:46 - 2009-07-14 05:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-21 22:46 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2016-02-21 22:41 - 2010-02-15 16:12 - 00000000 ____D C:\Users\Edna's & Eddie's\AppData\Roaming\Skype
2016-02-21 22:39 - 2013-10-10 03:48 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-21 22:39 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-21 22:31 - 2013-10-10 03:48 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-21 22:17 - 2013-05-22 16:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-21 21:03 - 2010-02-06 21:44 - 00002142 _____ C:\Users\Edna's & Eddie's\AppData\Roaming\wklnhst.dat
2016-02-21 21:03 - 2009-07-14 05:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-02-21 21:02 - 2010-02-15 15:04 - 00000000 ____D C:\Users\Edna's & Eddie's\Desktop\EdnaEddies Pix
2016-02-21 21:01 - 2015-04-29 18:08 - 00000000 ____D C:\Users\Edna's & Eddie's\Desktop\Jessica Katie
2016-02-21 20:54 - 2012-08-17 13:30 - 00000000 ___RD C:\Users\Edna's & Eddie's\Documents\Scanned Documents
2016-02-21 20:51 - 2013-05-26 12:18 - 03295232 ___SH C:\Users\Edna's & Eddie's\Downloads\Thumbs.db
2016-02-21 20:44 - 2010-02-06 14:46 - 00004002 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A6B0FF53-60E2-4949-9198-EF42D8CE6F9A}
2016-02-17 01:04 - 2010-02-06 14:40 - 00000000 ____D C:\Users\Edna's & Eddie's
2016-02-17 01:04 - 2009-07-14 05:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-02-17 01:03 - 2016-01-07 11:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-17 01:03 - 2012-05-03 18:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-12 16:15 - 2015-05-07 10:19 - 00000000 ____D C:\Users\Edna's & Eddie's\AppData\Roaming\Update Manager
2016-02-10 16:49 - 2013-05-22 16:16 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-10 16:48 - 2013-05-22 16:16 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-10 16:48 - 2011-11-30 16:53 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2010-02-06 21:44 - 2016-02-21 21:03 - 0002142 _____ () C:\Users\Edna's & Eddie's\AppData\Roaming\wklnhst.dat
2011-04-06 20:40 - 2011-04-07 14:27 - 0012618 ___SH () C:\Users\Edna's & Eddie's\AppData\Local\b40twd06vv
2015-05-06 17:58 - 2015-05-06 17:58 - 0000017 _____ () C:\Users\Edna's & Eddie's\AppData\Local\resmon.resmoncfg
2011-04-06 19:11 - 2011-04-06 19:11 - 0586752 ___SH (Microsoft Corporation) C:\Users\Edna's & Eddie's\AppData\Local\sik.exe
2013-11-13 18:47 - 2013-11-13 18:47 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-04-06 20:40 - 2011-04-07 14:27 - 0012618 ___SH () C:\ProgramData\b40twd06vv
2010-02-15 16:14 - 2010-02-15 16:14 - 0000048 ____H () C:\ProgramData\ezsidmv.dat

Some files in TEMP:
====================
C:\Users\Edna's & Eddie's\AppData\Local\Temp\idezq9ar.dll
C:\Users\Edna's & Eddie's\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Edna's & Eddie's\AppData\Local\Temp\_is2DC6.exe
C:\Users\Edna's & Eddie's\AppData\Local\Temp\_isB472.exe
C:\Users\Edna's & Eddie's\AppData\Local\Temp\_isEA9F.exe
C:\Users\Edna's & Eddie's\AppData\Local\Temp\_isFCA6.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-09 03:47

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-02-2016 01
Ran by Edna's & Eddie's (2016-02-21 23:04:11)
Running from C:\Users\Edna's & Eddie's\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2010-02-06 14:40:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1529347761-1154123923-3702463948-500 - Administrator - Disabled)
Edna's & Eddie's (S-1-5-21-1529347761-1154123923-3702463948-1002 - Administrator - Enabled) => C:\Users\Edna's & Eddie's
Guest (S-1-5-21-1529347761-1154123923-3702463948-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1529347761-1154123923-3702463948-1001 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {C37D8F93-0602-E43C-40AA-47DAD597F308}
AS: avast! Antivirus (Enabled - Up to date) {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Actiontec Gateway (HKLM-x32\...\{9692FD03-6662-4E62-B08C-30DFF51651E1}) (Version:  - )
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
eBay (HKLM-x32\...\{E83BA61A-5D77-4DD5-9C92-A3447F11E27D}) (Version: 1.0.4 - eBay Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
HP Officejet 4620 series Basic Device Software (HKLM\...\{B411AD10-1BC9-4939-8848-BC5E66F662B7}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 4620 series Help (HKLM-x32\...\{606C37AB-EB04-4270-A592-201A03C2DB36}) (Version: 6.0.0 - Hewlett Packard)
HP Officejet 4620 series Product Improvement Study (HKLM\...\{83F51BBA-48BE-4BB6-B96A-F4AAE4C462F9}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java™ 6 Update 14 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-GB)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime (HKLM-x32\...\{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}) (Version: 7.65.17.80 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.50.1002 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.09 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}) (Version: 1.0.04.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.11C - TOSHIBA CORPORATION)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.0 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.00 - TOSHIBA)
Toshiba Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.08.0001 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}) (Version: 1.0.04.64 - TOSHIBA Corporation)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.9.1.12 - TOSHIBA)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.33 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.7C - TOSHIBA CORPORATION)
Toshiba TEMPRO (HKLM-x32\...\{9E4FF410-471F-49E3-9358-74FF0D5E9901}) (Version: 3.05 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version:  - )
TRORMCLauncher (Version: 1.0.0.7 - TOSHIBA) Hidden
Utility Common Driver (x32 Version: 1.0.50.27C - TOSHIBA) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05998581-5190-4815-9C28-00E56C4B88B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {0B67EBF9-0CAA-4E1C-ACDC-CA1CA43C991A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {32B16DDF-33F2-4BA1-A0DC-7F97CD431BD9} - System32\Tasks\{11040C8F-FB0F-4239-BC2C-EF35C06C21C5} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.0.158/en/abandoninstall?page=tsMain
Task: {3E7E3596-CB44-474B-8AA2-7348BC4C48F1} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)
Task: {45FE1ABE-85B2-44B2-B0F1-C828AF944922} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {AD4F8D9B-C984-4D95-B946-308A4B58A95F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated)
Task: {C45CB0DF-0E71-4F2D-88E5-8733C3B5AB0C} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {F1821403-31FC-4434-92A4-DF9C8E60F723} - System32\Tasks\{008E01FB-3137-4223-A842-E8F5BFF340CA} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.0.158/en/abandoninstall?page=tsMain
Task: {F20EEB67-3FF4-4867-B1C9-463BF983B9DE} - System32\Tasks\{34F7C700-7A2F-4D94-8874-EB90C89860CE} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-09-28] (Skype Technologies S.A.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-05-05 15:40 - 2016-02-12 16:15 - 00814336 _____ () C:\Users\Edna's & Eddie's\AppData\Roaming\Update Manager\UM.exe
2009-08-03 17:18 - 2009-08-03 17:18 - 00081752 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2009-07-13 21:03 - 2009-07-14 01:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1529347761-1154123923-3702463948-1002\Software\Classes\exefile: "%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1529347761-1154123923-3702463948-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Edna's & Eddie's\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A60B315C-67B2-42C7-A7A9-D641AAA98365}] => (Allow) svchost.exe
FirewallRules: [{659C4676-DEFE-4B67-8C62-A964946020D3}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{31BDA079-6066-44EF-8C06-04EFD60661DE}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{A99411F6-1890-4D0D-AF9E-1C88D98C08FB}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{D7ECF30C-096B-4BA3-95D3-96752BF05D80}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{3B716E49-C6EE-45DD-A4BA-9E8299C40E1C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{1EA99DEB-2D11-4848-8D48-2A54BDFA249A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0E652E30-659C-4998-83FF-C66841F86091}] => (Allow) LPort=2869
FirewallRules: [{789A0AAD-C8A0-44DF-AB52-C0C2A18E02B3}] => (Allow) LPort=1900
FirewallRules: [{66718833-C9B7-400B-ADD7-182872887A7B}] => (Allow) C:\Program Files (x86)\Cyanide\GameCenter\GameCenter.exe
FirewallRules: [{8D87FC49-5710-468F-BEF1-21B522249215}] => (Allow) C:\Program Files (x86)\Cyanide\GameCenter\GameCenter.exe
FirewallRules: [{5CAA8F00-C504-4510-A824-592365C511AF}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{997AD9DF-8A42-46BA-8799-41B00CBA9B0D}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [TCP Query User{ADFF3723-20C4-44AB-BD9D-2B4C014D0990}C:\program files (x86)\vuze\azureus.exe] => (Block) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [UDP Query User{7E4D0EC6-98FC-4CCE-99BE-78BFA1403D26}C:\program files (x86)\vuze\azureus.exe] => (Block) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [{2E58C91D-5E2D-4C29-95CC-B82590406297}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\bin\FaxApplications.exe
FirewallRules: [{58227FEA-22AA-4CCB-8EB8-BE394488B373}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\bin\DigitalWizards.exe
FirewallRules: [{5F940DE3-1DD7-4964-855D-072D464497D8}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\bin\SendAFax.exe
FirewallRules: [{60EB6049-B856-4DBC-8DC5-6AFB850C5B64}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\Bin\DeviceSetup.exe
FirewallRules: [{3C76F683-A33A-441B-9722-63E695CC9D02}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{6FA3E283-586D-4284-9240-A893A3034458}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{EE5B1BC7-BB2A-4F0C-AE3D-FDB1D04464F9}] => (Allow) C:\Users\Edna's & Eddie's\AppData\Local\Temp\7zS6015\HPDiagnosticCoreUI.exe
FirewallRules: [{3B182F4E-E707-4E3C-B08F-DEB600026D59}] => (Allow) C:\Users\Edna's & Eddie's\AppData\Local\Temp\7zS6015\HPDiagnosticCoreUI.exe
FirewallRules: [{C2F30C37-36E4-45DD-A24D-A476B4C7A59E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E263E7C1-69D6-4460-A961-3A33397E454D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{CB2FA81E-96AA-4075-A694-ED8577F322A7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{0838A120-2F6D-486C-A78D-4CBB1FA07DD6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{9D0CA674-3C99-4E1A-A8A8-9A1DA51B8D6A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{165DEDC5-D385-4602-96D6-38FA75E8E3C7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B2E1008A-12DB-458A-89BC-20D320B723A8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{2C86BA5E-FE62-4D8B-85B3-B527DBA32F04}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{FE0110C8-A6AC-4C56-B2DB-2C0D8F5AD896}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe

==================== Restore Points =========================

09-01-2016 16:13:56 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
09-01-2016 16:15:12 Installed DirectX
02-02-2016 00:30:55 Windows Update
21-02-2016 21:08:02 Removed calibre
21-02-2016 21:14:48 Removed eBay

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/21/2016 09:16:12 PM) (Source: MsiInstaller) (EventID: 11001) (User: Ednas_Eddies)
Description: Product: eBay -- Error 1001. Error 1001. Exception occurred while initializing the installation:
System.IO.FileNotFoundException: Could not load file or assembly 'file:///c:\Program Files (x86)\eBay\eBay.exe' or one of its dependencies. The system cannot find the file specified..(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/21/2016 08:51:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514, time stamp: 0x4ce7ae7f
Faulting module name: RPCRT4.dll, version: 6.1.7601.18923, time stamp: 0x55a5d086
Exception code: 0xc0020043
Fault offset: 0x000000000008a9d3
Faulting process id: 0x914
Faulting application start time: 0xwmpnetwk.exe0
Faulting application path: wmpnetwk.exe1
Faulting module path: wmpnetwk.exe2
Report Id: wmpnetwk.exe3

Error: (02/16/2016 04:17:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 44.0.2.5884, time stamp: 0x568c88bd
Faulting module name: mozglue.dll, version: 44.0.2.5884, time stamp: 0x568c7b16
Exception code: 0x80000003
Fault offset: 0x0000ed44
Faulting process id: 0x4220c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (02/16/2016 04:13:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 7.12.0.101 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 170c

Start Time: 01d1434fbaa4fdd1

Termination Time: 378

Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Report Id:

Error: (02/14/2016 05:03:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 43.0.4.5848, time stamp: 0x568c88bd
Faulting module name: mozglue.dll, version: 43.0.4.5848, time stamp: 0x568c7b16
Exception code: 0x80000003
Fault offset: 0x0000ed44
Faulting process id: 0x400f4
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (01/27/2016 07:12:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 43.0.4.5848 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2664c

Start Time: 01d158fd0dae283d

Termination Time: 35937

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: bad3922e-c529-11e5-866b-0026224c16db

Error: (01/27/2016 07:12:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 43.0.4.5848, time stamp: 0x568c88bd
Faulting module name: mozglue.dll, version: 43.0.4.5848, time stamp: 0x568c7b16
Exception code: 0x80000003
Fault offset: 0x0000ed44
Faulting process id: 0x26818
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (01/12/2016 02:13:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Kodi.exe version 15.2.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13b34

Start Time: 01d14d4247cdf6a9

Termination Time: 4118

Application Path: C:\Program Files (x86)\Kodi\Kodi.exe

Report Id: 94640d43-b936-11e5-866b-0026224c16db

Error: (01/11/2016 01:55:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 43.0.4.5848 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10d68

Start Time: 01d14c0cb4ee3c6a

Termination Time: 5581

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 56b22cfc-b806-11e5-866b-0026224c16db

Error: (01/09/2016 04:25:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Kodi.exe version 15.2.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10674

Start Time: 01d14af92c68ac55

Termination Time: 3345

Application Path: C:\Program Files (x86)\Kodi\Kodi.exe

Report Id: 7ed1b874-b6ed-11e5-866b-0026224c16db


System errors:
=============
Error: (02/21/2016 10:45:11 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (02/21/2016 10:42:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (02/21/2016 10:40:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Notebook Performance Tuning Service (TEMPRO) service to connect.

Error: (02/21/2016 10:33:13 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (02/21/2016 08:52:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/21/2016 08:14:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (02/21/2016 02:26:28 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR18.

Error: (02/21/2016 02:26:28 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR18.

Error: (02/21/2016 02:26:27 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR18.

Error: (02/21/2016 02:26:27 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR18.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU 900 @ 2.20GHz
Percentage of memory in use: 67%
Total physical RAM: 2936.89 MB
Available physical RAM: 962.8 MB
Total Virtual: 5871.98 MB
Available Virtual: 3839.35 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:74.52 GB) (Free:23.27 GB) NTFS
Drive d: (Data) (Fixed) (Total:74.13 GB) (Free:67.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: CD111E92)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=74.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=74.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

Advertisements

#2
Essexboy
Posted 28 February 2016 - 08:17 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Let me know if this stops it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKU\S-1-5-21-1529347761-1154123923-3702463948-1002\...\Run: [UM] => C:\Users\Edna's & Eddie's\AppData\Roaming\Update Manager\UM.EXE [814336 2016-02-12] ()
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
URLSearchHook: HKU\S-1-5-21-1529347761-1154123923-3702463948-1002 - (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
BHO: avast! Online Security -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKU\S-1-5-21-1529347761-1154123923-3702463948-1002 -> No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
FF DefaultSearchEngine: Ask Web Search
FF SelectedSearchEngine: Ask Web Search
FF Homepage: hxxp://home.tb.ask.com/index.jhtml?ptb=DDBFF41E-0220-4988-BD3F-E68F7FEBA776&n=781b3d61&p2=^ZX^xdm087^LAENUK^gb&si=TFRR500095494_39382090
FF Keyword.URL: hxxp://int.search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=DDBFF41E-0220-4988-BD3F-E68F7FEBA776&n=781b3d61&ind=2015051105&p2=^ZX^xdm087^LAENUK^gb&si=TFRR500095494_39382090&searchfor=
FF SearchPlugin: C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\searchplugins\ask-web-search.xml [2015-05-11]
2011-04-06 20:40 - 2011-04-07 14:27 - 0012618 ___SH () C:\Users\Edna's & Eddie's\AppData\Local\b40twd06vv
2011-04-06 19:11 - 2011-04-06 19:11 - 0586752 ___SH (Microsoft Corporation) C:\Users\Edna's & Eddie's\AppData\Local\sik.exe
2011-04-06 20:40 - 2011-04-07 14:27 - 0012618 ___SH () C:\ProgramData\b40twd06vv
AV: avast! Antivirus (Enabled - Up to date) {C37D8F93-0602-E43C-40AA-47DAD597F308}
AS: avast! Antivirus (Enabled - Up to date) {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
C:\Users\Edna's & Eddie's\AppData\Roaming\Update Manager
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
rancho82
Posted 29 February 2016 - 02:51 PM

rancho82

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Hi,

 

Many thanks for your speedy response. Here is the log from the fix and i'll post the results from the AdwCleaner once it's compete.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:21-02-2016 01
Ran by Edna's & Eddie's (2016-02-28 20:25:44) Run:1
Running from C:\Users\Edna's & Eddie's\Downloads
Loaded Profiles: Edna's & Eddie's (Available Profiles: Edna's & Eddie's)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-1529347761-1154123923-3702463948-1002\...\Run: [UM] => C:\Users\Edna's & Eddie's\AppData\Roaming\Update Manager\UM.EXE [814336 2016-02-12] ()
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
URLSearchHook: HKU\S-1-5-21-1529347761-1154123923-3702463948-1002 - (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
BHO: avast! Online Security -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKU\S-1-5-21-1529347761-1154123923-3702463948-1002 -> No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
FF DefaultSearchEngine: Ask Web Search
FF SelectedSearchEngine: Ask Web Search
FF Homepage: hxxp://home.tb.ask.com/index.jhtml?ptb=DDBFF41E-0220-4988-BD3F-E68F7FEBA776&n=781b3d61&p2=^ZX^xdm087^LAENUK^gb&si=TFRR500095494_39382090
FF Keyword.URL: hxxp://int.search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=DDBFF41E-0220-4988-BD3F-E68F7FEBA776&n=781b3d61&ind=2015051105&p2=^ZX^xdm087^LAENUK^gb&si=TFRR500095494_39382090&searchfor=
FF SearchPlugin: C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\searchplugins\ask-web-search.xml [2015-05-11]
2011-04-06 20:40 - 2011-04-07 14:27 - 0012618 ___SH () C:\Users\Edna's & Eddie's\AppData\Local\b40twd06vv
2011-04-06 19:11 - 2011-04-06 19:11 - 0586752 ___SH (Microsoft Corporation) C:\Users\Edna's & Eddie's\AppData\Local\sik.exe
2011-04-06 20:40 - 2011-04-07 14:27 - 0012618 ___SH () C:\ProgramData\b40twd06vv
AV: avast! Antivirus (Enabled - Up to date) {C37D8F93-0602-E43C-40AA-47DAD597F308}
AS: avast! Antivirus (Enabled - Up to date) {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
C:\Users\Edna's & Eddie's\AppData\Roaming\Update Manager
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
HKU\S-1-5-21-1529347761-1154123923-3702463948-1002\Software\Microsoft\Windows\CurrentVersion\Run\\UM => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKU\S-1-5-21-1529347761-1154123923-3702463948-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => key removed successfully
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found.
HKU\S-1-5-21-1529347761-1154123923-3702463948-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} => value removed successfully
HKCR\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC} => key not found.
Firefox DefaultSearchEngine removed successfully
Firefox SelectedSearchEngine removed successfully
Firefox "homepage" removed successfully
Firefox "Keyword.URL" removed successfully
C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\searchplugins\ask-web-search.xml => moved successfully
C:\Users\Edna's & Eddie's\AppData\Local\b40twd06vv => moved successfully
C:\Users\Edna's & Eddie's\AppData\Local\sik.exe => moved successfully
C:\ProgramData\b40twd06vv => moved successfully
AV: avast! Antivirus (Enabled - Up to date) {C37D8F93-0602-E43C-40AA-47DAD597F308} => removed successfully
AS: avast! Antivirus (Enabled - Up to date) {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} => removed successfully
C:\Users\Edna's & Eddie's\AppData\Roaming\Update Manager => moved successfully

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1529347761-1154123923-3702463948-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1529347761-1154123923-3702463948-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========
 


  • 0

#4
rancho82
Posted 29 February 2016 - 03:44 PM

rancho82

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Hi,

 

Here is the log from the AdwCleaner, thank you once again for your help!

 

# AdwCleaner v5.037 - Logfile created 29/02/2016 at 21:35:56
# Updated 28/02/2016 by Xplode
# Database : 2016-02-28.2 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Edna's & Eddie's - EDNAS_EDDIES
# Running from : C:\Users\Edna's & Eddie's\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Conduit
[-] Folder Deleted : C:\ProgramData\Partner
[-] Folder Deleted : C:\Users\Edna's & Eddie's\AppData\Local\Conduit
[-] Folder Deleted : C:\Users\Edna's & Eddie's\AppData\Local\PackageAware
[-] Folder Deleted : C:\Users\Edna's & Eddie's\AppData\LocalLow\Conduit
[-] Folder Deleted : C:\Users\Edna's & Eddie's\AppData\LocalLow\PriceGong
[-] Folder Deleted : C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\extensions\[email protected]

***** [ Files ] *****

[-] File Deleted : C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\searchplugins\yahoo_ff.xml

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
[-] Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Settings Manager
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\Uniblue
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [First Home Page]

***** [ Web browsers ] *****

[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxps://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=903578&p=");
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.BUTTON_STRUCTURE", "[{\"b\":224541925,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":224541926,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.browser.search.defaultenginename.prev", "Google");
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.browser.search.defaultenginename.savedPrev", "true");
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.browser.search.defaultenginename.tb", "Ask Web Search");
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.browser.search.selectedEngine.prev", "Yahoo!");
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.browser.search.selectedEngine.savedPrev", "true");
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.browser.search.selectedEngine.tb", "Ask Web Search");
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.browser.startup.homepage.prev", "hxxp://www.newsnow.co.uk/h/Sport/Football/Scottish+Premiership/Celtic");
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.browser.startup.homepage.savedPrev", "true");
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.browser.startup.homepage.tb", "hxxp://home.tb.ask.com/index.jhtml?ptb=DDBFF41E-0220-4988-BD3F-E68F7FEBA776&n=781b3d61&p2=^ZX^xdm087^LAENUK^gb&si=TFR[...]
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.browser.startup.page.prev", 3);
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.browser.startup.page.savedPrev", 1);
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.browser.startup.page.tb", 1);
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.browser.version.last", "44.0");
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.competitorDNS", "{\"comment\":\"refresh every 1 week (7*24*60*60*1000)\",\"refreshPeriod\":604800000,\"list\":[{\"url\":\"hxxp://www.dnsrsearch.com/[...]
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.firstKnownVersion", "7.13.6.43702");
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=DDBFF41E-0220-4988-BD3F-E68F7FEBA776&n=781b3d61&p2=^ZX^xdm087^LAENUK^gb&si=TFRR500095494_39382090[...]
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.hp.enabled", true);
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.hp.guardType", "HPR");
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.hp.user.defined", false);
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.initialized", true);
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installKeysSource", "Cookies");
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installType", "XPI");
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.contextKey", "");
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.dlpCountryCode", "GB");
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.installDate", "2015051105");
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.partnerId", "^ZX^xdm087^LAENUK^gb");
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.partnerSubId", "TFRR500095494_39382090");
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.pixelUrl", "hxxp://www.radiorage.com/install_pixels.jhtml?partner=^ZX^xdm087^LAENUK^gb&sub_id=TFRR500095494_39382090&coId=b380a79215134[...]
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.success", true);
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.toolbarId", "DDBFF41E-0220-4988-BD3F-E68F7FEBA776");
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.isCompliantUninstallImplementation", true);
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.lastActivePing", "1456778135775");
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.lastKnownVersion", "7.38.8.45249");
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.lostEngine", true);
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.lssState", "{\"previousLocales\":[\"en-GB\",\"en\"],\"supportedLocales\":[\"de\",\"es\",\"pt\",\"ja\",\"en\"],\"defaultLocale\":\"en\",\"supportedLo[...]
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.options.defaultSearch", true);
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.options.homePageEnabled", true);
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.options.keywordEnabled", true);
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.options.tabEnabled", true);
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.partnerPixelFired", true);
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.productDeliveryOption.language", "en");
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.productDeliveryOption.type", "Toolbar");
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.searchHistory", "newsnow celticskypeecasey3235hotmail.comCeltic");
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.successUrl", "hxxp://www.radiorage.com/installComplete.jhtml");
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.toolbar.ownSearch", false);
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.toolbar.versionChanged", false);
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.toolbarCollapsed", true);
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.uninstallTasks", "{\"prefBranchesToDelete\":[\"extensions.toolbar.mindspark._4jMembers_.\"],\"filesToDelete\":[\"C:\\\\Users\\\\Edna's & Eddie's\\\\[...]
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "[email protected]");
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");
[-] [C:\Users\Edna's & Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\qqgrcrbk.default-1430588207413\prefs.js] [Preference] Deleted : user_pref("keyword.URL", "hxxp://int.search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=DDBFF41E-0220-4988-BD3F-E68F7FEBA776&n=781b3d61&ind=2015051105&p2=^ZX^xdm087^LAENUK^gb&si=TFRR500095494_39382090&s[...]
[-] [C:\Users\Edna's & Eddie's\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [15563 bytes] - [29/02/2016 21:35:56]
C:\AdwCleaner\AdwCleaner[S1].txt - [15488 bytes] - [29/02/2016 20:53:33]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [15711 bytes] ##########
 


  • 0

#5
Essexboy
Posted 29 February 2016 - 03:59 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you confirm that Ask is no longer appearing, also are there any other apparent problems
  • 0

#6
Essexboy
Posted 05 March 2016 - 06:46 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: virus

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP