Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Firefox & "Zeus" virus

Started by redleader74 , Aug 03 2017 02:13 PM

  • Please log in to reply

#1
redleader74
Posted 03 August 2017 - 02:13 PM

redleader74

    Member

  • Member
  • PipPipPip
  • 195 posts

So my PC has been having slow or freeze moments through out the day.  I've suspected it's my Firefox and then today during one of these instances, I noticed that the Firefox tab that had my yahoo mail open, switched to some other site with the attached Zeus virus warning. 

IMG_2016.JPG

So I'm not whether 1.) this is a real virus, 2.) a real virus warning, 3.) just spam, 4) whether it's directly related to Firefox 5.) whether this is what's been causing the slow moments throughout the day.

 

Here are my specifics:

system.jpg

 

I'm running this version of Firefox

Firefox.jpg

 

Thanks for your help!


  • 0

Advertisements

#2
redleader74
Posted 03 August 2017 - 03:24 PM

redleader74

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts

Following up to my original post. I've found that it's not just the zeus virus page, on other occassions after a while the yahoo mail page will also switch to other spam/ad pages.  So far it's only the yahoo mail page that this seems to be happening.  Other pages that I leave up stays OK.  Also, my Firefox als automatically updated today, so I'm not sure if that has anything to do with it.  In addition I installed an add-on that hides all the yahoo mail ads.


  • 0

#3
RKinner
Posted 08 August 2017 - 08:45 AM

RKinner

    Malware Expert

  • Expert
  • 24,735 posts
  • MVP

When you reply to your own post it takes it off the list of unreplied posts so we miss it.

 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
Agree
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
 
 
  • Get FRST from http://www.bleepingc...very-scan-tool/ You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Check the Addition.txt box
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
 

  • 0

#4
redleader74
Posted 30 August 2017 - 03:56 PM

redleader74

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts

Sorry for the delay.  Here are the logs:

 

# AdwCleaner 7.0.1.0 - Logfile created on Wed Aug 30 19:40:29 2017
# Updated on 2017/05/08 by Malwarebytes
# Database: 08-29-2017.2
# Running on Windows 7 Professional (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Adware.Heuristic, C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69


***** [ Files ] *****

PUP.Adware.Heuristic, C:\Users\Kwong\AppData\CheckOSandLaunch.exe
PUP.Adware.Heuristic, C:\Users\Kwong\AppData\CheckOSandLaunch


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.Legacy, APSnotifierPP3
PUP.Optional.Legacy, APSnotifierPP2
PUP.Optional.Legacy, APSnotifierPP1
PUP.Optional.Legacy, BrowserSafeguard Update Task
PUP.Optional.SoftwareUpdater.A, AmiUpdXp
PUP.Optional.OptimizerPro, Optimizer Pro Schedule
PUP.Adware.Heuristic, CheckOSandLaunch


***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2726765177-3793255156-395904341-1000\Software\UpdateFiles
PUP.Optional.Legacy, [Key] - HKCU\Software\UpdateFiles
PUP.Optional.Legacy, [Key] - HKU\.DEFAULT\Software\AppDataLow\Software\allday savings
PUP.Optional.Legacy, [Key] - HKU\S-1-5-18\Software\AppDataLow\Software\allday savings
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID | {59A062A1-5ECA-4A1A-BC44-B2A9283A8ACB}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext | DisableAddonLoadTimePerformanceNotifications
PUP.Optional.SevereWeatherAlerts, [Key] - HKU\S-1-5-21-2726765177-3793255156-395904341-1000\Software\SevereWeatherAlerts
PUP.Optional.SevereWeatherAlerts, [Key] - HKCU\Software\SevereWeatherAlerts
PUP.Optional.SuperOptimizer, [Key] - HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
PUP.Optional.SuperOptimizer, [Key] - HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [10434 B] - [2014/7/22 16:36:53]
C:/AdwCleaner/AdwCleaner[S1].txt - [1070 B] - [2014/7/23 20:34:9]


########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Professional x64
Ran by Kwong (Administrator) on Wed 08/30/2017 at 14:43:10.43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 31

Successfully deleted: C:\Users\Kwong\AppData\Local\{0A8C60A9-E9C1-42C6-84C0-4B5A495671F8} (Empty Folder)
Successfully deleted: C:\Users\Kwong\AppData\Local\{414DD718-5B85-4FE5-A7ED-AB206088BC4C} (Empty Folder)
Successfully deleted: C:\Users\Kwong\AppData\Local\{8FD6209A-1F13-40FF-B8A2-149173EECFCB} (Empty Folder)
Successfully deleted: C:\Users\Kwong\AppData\Local\{EFBD4EEF-85C3-4386-AC99-DE5F81BAFEFC} (Empty Folder)
Successfully deleted: C:\Users\Kwong\AppData\Local\2844 (Folder)
Successfully deleted: C:\Windows\system32\Tasks\Optimizer Pro Schedule (Task)
Successfully deleted: C:\Program Files\005 (Folder)
Successfully deleted: C:\Users\Kwong\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Kwong\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Kwong\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0N3PQI8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Kwong\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZ6MWXMX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Kwong\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CZ42TNZY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Kwong\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FMB0E6PC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Kwong\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Kwong\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JLCEBGX4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Kwong\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Kwong\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M9HGFMAY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Kwong\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OB4EE64J (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Kwong\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WPX0IFVB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0N3PQI8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZ6MWXMX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CZ42TNZY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FMB0E6PC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JLCEBGX4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M9HGFMAY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OB4EE64J (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WPX0IFVB (Temporary Internet Files Folder)



Registry: 2

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3b463cef-68b0-a5a8-a573-40c0814bd091} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3b463cef-68b0-a5a8-a573-40c0814bd091} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 08/30/2017 at 14:45:10.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Kwong (administrator) on KWONGCHANG-PC (30-08-2017 14:52:43)
Running from C:\Users\Kwong\Desktop
Loaded Profiles: Kwong (Available Profiles: Kwong)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1289704 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [IN0XRCV] => C:\Windows\system32\spool\drivers\x64\3\IN0XRCV.exe [102400 2006-10-19] (SHARP CORPORATION)
HKLM\...\Run: [ScrewDrivers RDP Plugin] => C:\Program Files (x86)\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe [136520 2011-08-26] ()
HKLM\...\Run: [SS0XRCV] => C:\Windows\system32\spool\drivers\x64\3\SS0XRCV.exe [102400 2006-10-23] (SHARP CORPORATION)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\MountPoints2: {b1ddd850-1f92-11e2-9bb2-7845c42a3707} - J:\LaunchU3.exe -a
HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\MountPoints2: {e522b812-20d6-11e5-be3a-7845c42a3707} - J:\LaunchU3.exe -a
HKU\S-1-5-21-2726765177-3793255156-395904341-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
Startup: C:\Users\Kwong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Applied TAMOnline (2).lnk [2015-10-07]
ShortcutTarget: Applied TAMOnline (2).lnk -> C:\Users\Kwong\Documents\VTAM1TAMOnline.RDP ()
Startup: C:\Users\Kwong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox (3).lnk [2015-10-07]
ShortcutTarget: Mozilla Firefox (3).lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
InternetURL: C:\Users\Kwong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Network Solutions Webmail.website -> URL: hxxps://webmail.networksolutionsemail.com/edgedesk/cgi-bin/global.exe?id=018ba005b1f9993d8b12852f8007540f2b29&xsl=sso.xsl
Startup: C:\Users\Kwong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pleasant Log.doc - Shortcut.lnk [2017-02-15]
ShortcutTarget: Pleasant Log.doc - Shortcut.lnk -> C:\Users\Kwong\Desktop\Pleasant Log.doc ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-2726765177-3793255156-395904341-1000] => http=127.0.0.1:49984;https=127.0.0.1:49984
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{5D791FDA-61B7-4A36-AFF6-A7BEB976ED58}: [DhcpNameServer] 172.26.38.1 172.26.38.2
Tcpip\..\Interfaces\{F3B3039B-9D6A-4152-9DFD-4F58BD0B5BFA}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-2726765177-3793255156-395904341-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {B63A792B-1D29-4544-812B-5954D843763C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {B63A792B-1D29-4544-812B-5954D843763C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {B63A792B-1D29-4544-812B-5954D843763C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2726765177-3793255156-395904341-1000 -> DefaultScope {B63A792B-1D29-4544-812B-5954D843763C} URL =
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll => No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
DPF: HKLM-x32 {1663ed61-23eb-11d2-b92f-008048fdd814} hxxps://eagent.farmersinsurance.com/PLA/eAgent/eAuto/commonActiveX/smsx.cab
DPF: HKLM-x32 {62789780-B744-11D0-986B-00609731A21D} hxxp://gis.ci.fremont.ca.us/public/install/mgaxctrlsp1.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP7-15458/support/ieatgpc1.cab
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File

FireFox:
========
FF DefaultProfile: pc2apltn.default-1435854358839-1501776417970
FF ProfilePath: C:\Users\Kwong\AppData\Roaming\Mozilla\Firefox\Profiles\2sembkzz.default-1439395623246 [2015-08-12]
FF ProfilePath: C:\Users\Kwong\AppData\Roaming\Mozilla\Firefox\Profiles\bic6gfkd.default-1439395659368 [2015-08-12]
FF ProfilePath: C:\Users\Kwong\AppData\Roaming\Mozilla\Firefox\Profiles\qcli7va0.default-1439395851436 [2016-11-15]
FF ProfilePath: C:\Users\Kwong\AppData\Roaming\Mozilla\Firefox\Profiles\udmoj2rs.default-1439401057614 [2015-08-12]
FF ProfilePath: C:\Users\Kwong\AppData\Roaming\Mozilla\Firefox\Profiles\7oamlumr.default-1439401667829 [2016-11-15]
FF ProfilePath: C:\Users\Kwong\AppData\Roaming\Mozilla\Firefox\Profiles\pc2apltn.default-1435854358839-1501776417970 [2017-08-30]
FF Homepage: Mozilla\Firefox\Profiles\pc2apltn.default-1435854358839-1501776417970 -> www.google.com
FF Extension: (Cisco WebEx Extension) - C:\Users\Kwong\AppData\Roaming\Mozilla\Firefox\Profiles\pc2apltn.default-1435854358839-1501776417970\Extensions\ciscowebexstart1@cisco.com.xpi [2017-08-16]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-08] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.38 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2012-05-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2012-05-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2726765177-3793255156-395904341-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Kwong\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-07-02] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2013-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2013-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Kwong\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-08-16] (Cisco WebEx LLC)

Chrome:
=======
CHR Profile: C:\Users\Kwong\AppData\Local\Google\Chrome\User Data\Default [2017-08-30]
CHR Extension: (Google Slides) - C:\Users\Kwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-10]
CHR Extension: (Google Docs) - C:\Users\Kwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-10]
CHR Extension: (Google Drive) - C:\Users\Kwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-10]
CHR Extension: (YouTube) - C:\Users\Kwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-10]
CHR Extension: (Google Sheets) - C:\Users\Kwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-10]
CHR Extension: (Google Docs Offline) - C:\Users\Kwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-01]
CHR Extension: (Gmail) - C:\Users\Kwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-10]
CHR Extension: (Chrome Media Router) - C:\Users\Kwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8422760 2011-10-05] (DisplayLink Corp.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_6.0.32700.0.sys [17408 2012-12-19] (hxxp://libusb-win32.sourceforge.net)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-30 14:52 - 2017-08-30 14:53 - 000016585 _____ C:\Users\Kwong\Desktop\FRST.txt
2017-08-30 14:52 - 2017-08-30 14:52 - 002395648 _____ (Farbar) C:\Users\Kwong\Desktop\FRST64.exe
2017-08-30 14:52 - 2017-08-30 14:52 - 000000000 ____D C:\FRST
2017-08-30 14:45 - 2017-08-30 14:45 - 000005447 _____ C:\Users\Kwong\Desktop\JRT.txt
2017-08-30 14:42 - 2017-08-30 14:42 - 001790024 _____ (Malwarebytes) C:\Users\Kwong\Desktop\JRT.exe
2017-08-30 12:40 - 2017-08-30 12:40 - 000002600 _____ C:\Users\Kwong\Desktop\AdwCleaner[S2].txt
2017-08-30 11:01 - 2017-08-30 11:01 - 000124733 _____ C:\Users\Kwong\Desktop\Detailed_ESTIMATE-0456250.pdf
2017-08-29 14:37 - 2017-08-29 14:37 - 000015892 _____ C:\Users\Kwong\Desktop\2017-08-29 Quote to Add BMW.pdf
2017-08-29 12:28 - 2017-08-29 12:24 - 000103961 _____ C:\Users\Kwong\Desktop\2017-08-29 Umbr Quote.pdf
2017-08-29 11:25 - 2017-08-29 11:25 - 000015115 _____ C:\Users\Kwong\Desktop\2017-08-29 ITV (Yip).PDF
2017-08-28 17:21 - 2017-08-28 17:22 - 000009667 _____ C:\Users\Kwong\Desktop\TEST.xlsx
2017-08-28 10:54 - 2017-08-28 10:54 - 000026203 _____ C:\Users\Kwong\Desktop\2012-2017 Loss Runs (Yummi Enterprise).pdf
2017-08-28 09:21 - 2017-08-28 09:21 - 000010972 _____ C:\Users\Kwong\Desktop\loss runs (YIP).pdf
2017-08-28 09:19 - 2017-08-28 09:19 - 000677415 _____ C:\Users\Kwong\Desktop\2017-2018.pdf
2017-08-28 09:19 - 2017-08-28 09:19 - 000108028 _____ C:\Users\Kwong\Desktop\2016-2017.pdf
2017-08-25 10:36 - 2017-08-25 11:22 - 000000000 ____D C:\Users\Kwong\Desktop\Shiu Fung
2017-08-24 13:55 - 2017-08-24 15:13 - 000000000 ____D C:\Users\Kwong\Desktop\Ding
2017-08-24 13:55 - 2017-08-24 13:55 - 000000000 ____D C:\Users\Kwong\Desktop\Voong
2017-08-24 12:19 - 2017-08-24 17:10 - 000010728 _____ C:\Users\Kwong\Desktop\EPLI.xlsx
2017-08-23 10:48 - 2017-08-25 13:52 - 000000000 ____D C:\Users\Kwong\Desktop\Tih Sang Lee
2017-08-22 14:24 - 2017-08-22 14:24 - 000002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2017-08-22 14:24 - 2017-08-22 14:24 - 000002174 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2017-08-16 15:34 - 2017-08-16 15:34 - 000000000 ____D C:\Users\Kwong\Desktop\NWPC
2017-08-16 14:20 - 2017-08-16 14:20 - 000015197 _____ C:\Users\Kwong\Desktop\ESTIMATE-2406757_(162036).PDF
2017-08-14 09:00 - 2017-08-14 09:00 - 002558343 _____ C:\Users\Kwong\Desktop\UB-8F337215 (2017 REN).pdf
2017-08-08 10:51 - 2017-08-08 10:51 - 005763072 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-30 14:48 - 2016-12-06 10:06 - 000000000 ____D C:\Users\Kwong\AppData\LocalLow\Mozilla
2017-08-30 14:47 - 2014-07-22 09:35 - 000000000 ____D C:\AdwCleaner
2017-08-30 14:39 - 2015-07-02 15:08 - 000000534 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2726765177-3793255156-395904341-1000.job
2017-08-30 13:15 - 2015-07-02 15:08 - 000000630 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2726765177-3793255156-395904341-1000.job
2017-08-30 12:36 - 2014-07-22 09:35 - 008185288 _____ (Malwarebytes) C:\Users\Kwong\Desktop\AdwCleaner.exe
2017-08-30 11:39 - 2012-10-26 12:39 - 000000000 ____D C:\Users\Kwong
2017-08-30 09:27 - 2009-07-13 21:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-30 09:27 - 2009-07-13 21:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-30 09:16 - 2012-12-20 11:41 - 000000000 ____D C:\Users\Kwong\AppData\Local\Deployment
2017-08-30 09:11 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-29 12:28 - 2012-12-20 13:28 - 000000000 ____D C:\Users\Kwong\AppData\Local\CutePDF Writer
2017-08-28 17:11 - 2017-07-18 13:48 - 000015209 _____ C:\Users\Kwong\Desktop\Policy Listing - Yummi Enterprise.xlsx
2017-08-28 14:47 - 2016-11-10 18:05 - 000002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-28 14:04 - 2017-04-06 10:25 - 000372224 _____ C:\Users\Kwong\Desktop\2015-XXXX Singtel Policy Summary.xls
2017-08-24 12:29 - 2012-12-28 15:24 - 000000000 ____D C:\ProgramData\ThumbsPlus
2017-08-24 12:24 - 2012-12-28 15:25 - 000000000 ____D C:\Users\Kwong\AppData\Roaming\ThumbsPlus
2017-08-24 09:20 - 2017-07-19 14:11 - 000000000 ____D C:\Users\Kwong\Desktop\Tri-Valley
2017-08-23 09:22 - 2017-07-10 14:16 - 000000000 ____D C:\Users\Kwong\AppData\Local\GoToMeeting
2017-08-23 09:22 - 2015-07-02 15:08 - 000003666 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2726765177-3793255156-395904341-1000
2017-08-23 09:22 - 2015-07-02 15:08 - 000003570 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2726765177-3793255156-395904341-1000
2017-08-22 17:17 - 2017-07-14 09:35 - 000012919 _____ C:\Users\Kwong\Desktop\Policy Listing - Lers Ros.xlsx
2017-08-22 14:24 - 2013-01-10 11:03 - 000000000 ____D C:\Program Files (x86)\Google
2017-08-21 09:40 - 2017-07-19 14:11 - 000000000 ____D C:\Users\Kwong\Desktop\898 EPLI
2017-08-16 10:01 - 2015-06-01 09:51 - 000000000 ____D C:\Users\Kwong\AppData\Local\WebEx
2017-08-16 10:01 - 2012-12-28 10:47 - 000000000 ____D C:\Users\Kwong\AppData\LocalLow\WebEx
2017-08-16 10:01 - 2012-12-28 10:47 - 000000000 ____D C:\ProgramData\WebEx
2017-08-08 10:51 - 2015-06-04 09:10 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-08-08 10:51 - 2012-10-05 02:00 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-08-08 10:51 - 2012-10-05 02:00 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-08 10:51 - 2012-10-05 02:00 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-08-08 10:51 - 2012-10-05 02:00 - 000000000 ____D C:\Windows\system32\Macromed
2017-08-04 12:37 - 2009-07-13 22:13 - 000797354 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-04 12:37 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2017-08-04 11:29 - 2012-12-26 10:15 - 000000000 ____D C:\Users\Kwong\Documents\Outlook Files
2017-08-04 11:29 - 2012-12-19 21:19 - 000000000 ____D C:\Users\Kwong\Documents\Mail Archives
2017-08-01 10:31 - 2012-12-28 10:48 - 000154680 _____ (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
2017-07-31 09:03 - 2014-10-30 12:25 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2017-07-31 09:03 - 2014-10-30 12:25 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight

==================== Files in the root of some directories =======

2012-12-11 18:47 - 2012-12-11 18:47 - 000012288 _____ (Archlink Technology Corporation) C:\Users\Kwong\AppData\Roaming\CheckOSandLaunch.exe
2012-12-12 15:14 - 2012-12-12 15:14 - 000001855 _____ () C:\Users\Kwong\AppData\Roaming\CheckOSandLaunch.exe.config
2014-11-05 10:35 - 2014-11-05 10:35 - 000002316 _____ () C:\Users\Kwong\AppData\Roaming\HKCRHTTP.reg
2014-11-05 10:35 - 2014-11-05 10:35 - 000001766 _____ () C:\Users\Kwong\AppData\Roaming\HKCRHTTPS.reg
2014-11-05 10:35 - 2014-11-05 10:35 - 000099010 _____ () C:\Users\Kwong\AppData\Roaming\HKCUIS.reg
2014-11-05 10:36 - 2014-11-05 10:36 - 000008920 _____ () C:\Users\Kwong\AppData\Roaming\HKCUMAIN.reg
2014-11-05 10:35 - 2014-11-05 10:35 - 000001346 _____ () C:\Users\Kwong\AppData\Roaming\HKCUNW.reg
2014-11-05 10:36 - 2014-11-05 10:36 - 000000662 _____ () C:\Users\Kwong\AppData\Roaming\HKCUPF.reg
2014-11-05 10:35 - 2014-11-05 10:35 - 000024032 _____ () C:\Users\Kwong\AppData\Roaming\HKCUTAB.reg
2017-03-21 09:17 - 2017-03-21 09:17 - 000000000 _____ () C:\Users\Kwong\AppData\Local\{93D3AA8F-D0E9-4774-B2A4-95F4BE620C77}

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-22 10:11

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Kwong (30-08-2017 14:53:58)
Running from C:\Users\Kwong\Desktop
Windows 7 Professional Service Pack 1 (X64) (2012-10-26 19:39:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2726765177-3793255156-395904341-500 - Administrator - Disabled)
Guest (S-1-5-21-2726765177-3793255156-395904341-501 - Limited - Disabled)
Kwong (S-1-5-21-2726765177-3793255156-395904341-1000 - Administrator - Enabled) => C:\Users\Kwong

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AS: Microsoft Security Essentials (Disabled - Up to date) {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
allday savings (HKLM\...\B021CBBD-E38E-4F8C-8E93-6624B0597A23) (Version: 2.0.1 - allday savings)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
AppliedOnline Install (HKLM-x32\...\AppliedOnline Install_is1) (Version:  - Applied Systems, Inc.)
AppliedOnline Upload Center Launcher - 64 bit (HKLM\...\{9040C3D4-2ACC-42DC-8850-4654CF3D2EEB}) (Version: 1.0.4 - Applied Systems, Inc.)
arc_setup_west (HKLM-x32\...\{C2CFBD0F-B632-417B-9656-3DF8D7C7D475}) (Version: 1.0 - InstallAware Software Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-7820N (HKLM-x32\...\{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.4.0 - Conexant)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.5127 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden
DisplayLink Core Software (HKLM\...\{24710201-55DB-4C7C-963A-5BE230098E24}) (Version: 6.0.34621.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{E970DFED-0D14-4937-A887-0F1346707321}) (Version: 6.0.34689.0 - DisplayLink Corp.)
Driving Recorder Player (HKLM-x32\...\{197DB879-DBD3-41CD-8550-2FF7F06C83C9}) (Version: 1.0.4898.21771 - Archlink Technology Corporation)
Driving Recorder Player (HKLM-x32\...\{D329F868-66B6-4F03-BE4E-57413957188E}) (Version: 1.0.5728.20341 - Archlink Technology Corporation)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 8.10.0.7495 (HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\GoToMeeting) (Version: 8.10.0.7495 - LogMeIn, Inc.)
iMazing 2.2.8.0 (HKLM\...\iMazing_is1) (Version: 2.2.8.0 - DigiDNA)
Intel® Identity Protection Technology 1.2.27.0 (HKLM-x32\...\{F109D156-577D-101B-A622-CF4351943AA4}) (Version: 1.2.27.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.50.1172 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3040 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java™ SE Runtime Environment 6 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.1.522.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31119 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Oce cm2510/4010 Series PC-Fax Driver (HKLM-x32\...\Oce cm2510 4010 Series PC-Fax Driver) (Version: 1.00.000 - Oce)
Oce cm2510/4010 Series PCL/PS Printer Driver (HKLM-x32\...\Oce cm2510/4010 Series PCL PS Printer Driver) (Version: 1.00.000 - Oce)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 10.0 - PlotSoft LLC)
PhotoShowExpress (HKLM-x32\...\{3250260C-7A95-4632-893B-89657EB5545B}) (Version: 2.0.063 - Sonic Solutions) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0019 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.47 - Piriform)
ReNamer (HKLM-x32\...\ReNamer_is1) (Version: 6.4.0.0 - den4b Team)
Revo Uninstaller 1.85 (HKLM-x32\...\Revo Uninstaller) (Version: 1.85 - VS Revo Group)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.2 - Roxio) Hidden
ScrewDrivers Client v4 x64 (rdp only) (HKLM\...\{7A1354BD-FD99-414A-AA13-C6E9F4DB8BD8}) (Version: 4.6.01.09 - triCerat, Inc.)
SHARP MX-2310/2010/2610/3110/3610 Series PCL/PS Printer Driver (HKLM-x32\...\SHARP MX-2310U PCL PS Printer Driver) (Version: 1.00.000 - SHARP)
SHARP MX-2610/3110/3610/4110/5110 Series PC-Fax Driver (HKLM-x32\...\SHARP MX-2610 3110 3610 Series PC-Fax Driver) (Version: 1.00.000 - SHARP)
Sonic CinePlayer Decoder Pack (HKLM-x32\...\{9A00EC4E-27E1-42C4-98DD-662F32AC8870}) (Version: 4.3.0 - Sonic Solutions) Hidden
SyncBack (HKLM-x32\...\SyncBack_is1) (Version:  - 2BrightSparks)
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 6.3.13.0 - 2BrightSparks)
ThumbsPlus (HKLM-x32\...\{9D7C721E-9861-4994-A91E-2E219CC4A7FD}) (Version: 9.0.0.3920 - Cerious Software Inc.) Hidden
ThumbsPlus (HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\ThumbsPlus) (Version:  - Cerious Software Inc.)
Travelers AgentBrowserConfiguration (HKLM-x32\...\{15E5B0F4-3E84-4EB1-B5C9-EC618B339FD6}) (Version: 1.0.55.0 - Travelers, Inc.)
VChannelClient (HKLM-x32\...\{245B4BB9-D643-4A87-968D-6C856FF1706A}) (Version: 5.04 - Applied Systems)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2726765177-3793255156-395904341-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Kwong\AppData\Local\Citrix\GoToMeeting\4911\G2MOutlookAddin64.dll => No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2012-09-12] (Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2012-09-12] (Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2012-09-12] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-02-22] (Intel Corporation)
ContextMenuHandlers5: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0DF9C426-5517-45EE-8F88-6E007C472BCC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {3D681DB4-B7A6-46BE-93CB-09A42B261134} - \APSnotifierPP1 -> No File <==== ATTENTION
Task: {4FFD8D4E-A14A-4C14-A106-0832F85E642A} - \BrowserSafeguard -> No File <==== ATTENTION
Task: {753EAA4F-3634-4D00-9F8E-3725AD4D86F6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {925065EA-9C8C-4C37-B879-95C3F5725F3B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {97B20DCE-D8AD-4B1B-BA22-7131122E11AB} - System32\Tasks\Microsoft\Windows\MobilePC\DisplayLink TMM Control
Task: {A6AD2451-9CFD-4490-B96D-211559EF2201} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B6607889-7BEE-4D81-ADB8-4A5CC7208E6A} - System32\Tasks\G2MUploadTask-S-1-5-21-2726765177-3793255156-395904341-1000 => C:\Users\Kwong\AppData\Local\GoToMeeting\7495\g2mupload.exe [2017-08-23] (LogMeIn, Inc.)
Task: {C048B6E3-0D17-4ADE-AB4F-AF88476619E8} - \AmiUpdXp -> No File <==== ATTENTION
Task: {C2C4BF10-BFCB-436C-8996-FE7397AF84F0} - System32\Tasks\{C38373DC-3F42-45E9-9D07-8C1F74540BDE} => C:\Users\Kwong\Desktop\IE11-Windows6.1-x64-en-us.exe
Task: {D11CB6C1-6BDA-45C3-85B7-83E467691304} - System32\Tasks\{F767F846-DFE5-430A-B318-CE69AE9CEA1C} => C:\Users\Kwong\Desktop\IE11-Windows6.1-x64-en-us.exe
Task: {D3C60637-0B26-48AF-B55E-C0F06EC6A76C} - \APSnotifierPP2 -> No File <==== ATTENTION
Task: {D572DC0B-1D3E-4614-9D17-BFF13AC923BE} - \BrowserSafeguard Update Task -> No File <==== ATTENTION
Task: {E105279E-1290-4F58-B548-FDBCF2DE4F68} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {E47EFA4E-3D2D-48DF-8036-B98FD69C1EC0} - System32\Tasks\Dell\Client System Update => C:\Program Files (x86)\Dell\ClientSystemUpdate\DellClientSystemUpdate.exe
Task: {F76B2136-3462-47FA-A1DE-64BA80FF3515} - System32\Tasks\G2MUpdateTask-S-1-5-21-2726765177-3793255156-395904341-1000 => C:\Users\Kwong\AppData\Local\GoToMeeting\7495\g2mupdate.exe [2017-08-23] (LogMeIn, Inc.)
Task: {FA32BE16-2347-430F-A511-204F321D4661} - \APSnotifierPP3 -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2726765177-3793255156-395904341-1000.job => C:\Users\Kwong\AppData\Local\GoToMeeting\7495\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2726765177-3793255156-395904341-1000.job => C:\Users\Kwong\AppData\Local\GoToMeeting\7495\g2mupload.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2012-10-26 15:36 - 2009-11-05 08:40 - 000085504 _____ () C:\Windows\System32\cpwmon64.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-10-26 15:37 - 2005-04-22 13:36 - 000143360 ____N () C:\Windows\system32\BrSNMP64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2726765177-3793255156-395904341-1000\Software\Classes\.exe:  =>  <==== ATTENTION
HKU\S-1-5-21-2726765177-3793255156-395904341-1000\Software\Classes\.scr:  =>  <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\csespi.com -> spinn.csespi.com
IE trusted site: HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\isohomevalue.com -> isohomevalue.com
IE trusted site: HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\safeco.com -> hxxps://safeco.com
IE trusted site: HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\travelers.com -> hxxp://travelers.com
IE trusted site: HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\travelers.com -> hxxps://travelers.com
IE trusted site: HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\travelerspc.com -> hxxp://travelerspc.com
IE trusted site: HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\travelerspc.com -> hxxps://travelerspc.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2726765177-3793255156-395904341-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{CA6841FB-ED68-4BA6-9A26-C9BE1B763599}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{BCE76975-7798-4DCB-9304-6F7571AAD2D3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{92C0C9CF-6A45-49EE-B9F3-55B6E8B2A00C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F472B530-5A0F-48E4-AE7D-920633B35CF7}] => (Allow) LPort=2869
FirewallRules: [{04A70910-C3A6-4F24-9059-9F9823E47749}] => (Allow) LPort=1900
FirewallRules: [{80466809-D1EA-474E-B840-4D0259F0640D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4F8A948D-C553-4B73-AC13-892FE35E41A2}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{E1B766CF-0017-40FE-8CF5-9364144C1FE5}] => (Allow) LPort=61117
FirewallRules: [{71ADF70D-538D-4774-8D15-56BFB11C81BA}] => (Allow) LPort=61116
FirewallRules: [{BCF45379-2452-486A-BA0D-7EF5EFABF893}] => (Allow) LPort=54925
FirewallRules: [TCP Query User{EAFA016F-92D0-40B8-BE51-8A9705F458EC}C:\windows\system32\spool\drivers\x64\3\ss0xnjr.exe] => (Allow) C:\windows\system32\spool\drivers\x64\3\ss0xnjr.exe
FirewallRules: [UDP Query User{52507263-56A4-4BD2-94B5-213991BF7A51}C:\windows\system32\spool\drivers\x64\3\ss0xnjr.exe] => (Allow) C:\windows\system32\spool\drivers\x64\3\ss0xnjr.exe
FirewallRules: [TCP Query User{E4F22D58-35CE-4E05-9D5A-C2346C97C115}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{9B8E092D-78BB-417D-8C74-DCEEBDEF6B1D}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{EB3D1508-108C-4B5C-89F0-0A2194F4232B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{865EF458-42CA-488D-9400-2ED153102E0C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F47A77E8-92AA-4C95-B183-732586B3EEC2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{94EAD5FC-FF32-457B-A2A8-235F5F19AF5F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{91F590D9-CBC7-4190-8C16-BF93119685A6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B0748FE5-6DA0-4BD2-B2F2-E1E93807A3DF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B10FFABC-821A-44F8-959F-F74DB34703D6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BE94C274-C86F-4223-86BB-D531DA0A6FDE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E2B418E4-A7E1-4D12-8E21-B0ACAF30F3CD}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{906198B6-FEF2-444D-8D30-78EB91F9E2C6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

28-07-2017 09:19:23 Windows Update
01-08-2017 09:23:11 Windows Update
07-08-2017 09:20:33 Windows Update
11-08-2017 10:22:55 Windows Update
15-08-2017 08:59:18 Windows Update
18-08-2017 09:23:46 Windows Update
22-08-2017 09:04:42 Windows Update
28-08-2017 09:25:57 Windows Update
30-08-2017 14:43:12 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: MpKsldf2c485c
Description: MpKsldf2c485c
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsldf2c485c
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/30/2017 12:36:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 54.0.1.6388, time stamp: 0x5953d1f8
Faulting module name: xul.dll, version: 54.0.1.6388, time stamp: 0x5953d62e
Exception code: 0x80000003
Fault offset: 0x008a6bcb
Faulting process id: 0x1508
Faulting application start time: 0x01d321c6ed3bf3fd
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\xul.dll
Report Id: 929f9afb-8dba-11e7-8f93-7845c42a3707

Error: (08/30/2017 09:12:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/29/2017 12:36:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 54.0.1.6388, time stamp: 0x5953d640
Faulting module name: xul.dll, version: 54.0.1.6388, time stamp: 0x5953d62e
Exception code: 0x80000003
Fault offset: 0x008a6bcb
Faulting process id: 0x418
Faulting application start time: 0x01d320fb03622f29
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\xul.dll
Report Id: 662a0722-8cf1-11e7-b78d-7845c42a3707

Error: (08/29/2017 10:18:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 54.0.1.6388, time stamp: 0x5953d640
Faulting module name: xul.dll, version: 54.0.1.6388, time stamp: 0x5953d62e
Exception code: 0x80000003
Fault offset: 0x008a6bcb
Faulting process id: 0x654
Faulting application start time: 0x01d320e370674b5a
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\xul.dll
Report Id: 09ab9e7f-8cde-11e7-b78d-7845c42a3707

Error: (08/29/2017 09:04:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/28/2017 02:31:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16737 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: eac

Start Time: 01d32018db4c8cd3

Termination Time: 1550

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (08/28/2017 02:14:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16737 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f1c

Start Time: 01d32041d29186ee

Termination Time: 2068

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (08/28/2017 01:34:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 54.0.1.6388, time stamp: 0x5953d640
Faulting module name: xul.dll, version: 54.0.1.6388, time stamp: 0x5953d62e
Exception code: 0x80000003
Fault offset: 0x008a6bcb
Faulting process id: 0xafc
Faulting application start time: 0x01d3201a74f9b5ff
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\xul.dll
Report Id: 3da180b5-8c30-11e7-8a1d-7845c42a3707

Error: (08/28/2017 01:34:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 54.0.1.6388, time stamp: 0x5953d1f8
Faulting module name: xul.dll, version: 54.0.1.6388, time stamp: 0x5953d62e
Exception code: 0x80000003
Fault offset: 0x008a6bcb
Faulting process id: 0x117c
Faulting application start time: 0x01d32018eb4fdc8c
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\xul.dll
Report Id: 385ed66d-8c30-11e7-8a1d-7845c42a3707

Error: (08/28/2017 01:33:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 54.0.1.6388 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e60

Start Time: 01d32018cfdbdd5c

Termination Time: 1718

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 2b5a47b2-8c30-11e7-8a1d-7845c42a3707


System errors:
=============
Error: (08/30/2017 11:18:18 AM) (Source: DCOM) (EventID: 10016) (User: KwongChang-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 and APPID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user KwongChang-PC\Kwong SID (S-1-5-21-2726765177-3793255156-395904341-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (08/30/2017 09:23:10 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.251.271.0).

Error: (08/30/2017 09:23:05 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.251.187.0

    Update Source: Microsoft Update Server

    Update Stage: Install

    Source Path: http://www.microsoft.com

    Signature Type: AntiVirus

    Update Type: Full

    User: NT AUTHORITY\SYSTEM

    Current Engine Version:

    Previous Engine Version: 1.1.14104.0

    Error code: 0x80070643

    Error description: Fatal error during installation.

Error: (08/30/2017 09:17:02 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR5.

Error: (08/30/2017 09:17:01 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR5.

Error: (08/30/2017 09:17:01 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR5.

Error: (08/30/2017 09:16:57 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR5.

Error: (08/29/2017 04:46:20 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR6.

Error: (08/29/2017 12:02:58 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (08/29/2017 10:06:39 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 76%
Total physical RAM: 1959.06 MB
Available physical RAM: 455.71 MB
Total Virtual: 3918.12 MB
Available Virtual: 2239.29 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:218.16 GB) (Free:146.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 4B1A5462)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#5
RKinner
Posted 30 August 2017 - 04:50 PM

RKinner

    Malware Expert

  • Expert
  • 24,735 posts
  • MVP
You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java 7 Update 55 
Java™ SE Runtime Environment 6
Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
 
If you feel you must have Java:
Get the latest Java at:
 
Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
 
(If you also want the 64 bit version then use the 64 bit version of IE to get it.)
 
 
If you haven't already you need to update Firefox to 55.0.3
 
One of Firefox's files is throwing an error so that may help:
 

Error: (08/29/2017 10:18:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 54.0.1.6388, time stamp: 0x5953d640
Faulting module name: xul.dll, version: 54.0.1.6388, time stamp: 0x5953d62e
Exception code: 0x80000003
Fault offset: 0x008a6bcb
Faulting process id: 0x654
Faulting application start time: 0x01d320e370674b5a
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\xul.dll
Report Id: 09ab9e7f-8cde-11e7-b78d-7845c42a3707

 

 

 
You have a proxy that I do not see a reason for so let's remove it and some deadwood:
 
 
 
Download the attached fixlist.txt to the same location as FRST
 
 
Run FRST and press Fix
A fix log will be generated please post that 
 
 
Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 
 
 
 

  • 0

#6
redleader74
Posted 31 August 2017 - 03:04 PM

redleader74

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts

Here are the logs below.  I also updated Firefox as well as deleted Java, as instructed.  By the way, I've also been having another problem, which I'm not sure if it is related and/or if it's already been fixed with the steps thus far.  The problem is, whenever I leave Firefox open and on certain websites, Firefox will eventually freeze, and therefore, freezing the rest of my computer.  When I go to Windows Task Manager to try to shut it down, I can see that there are a number of firefox processes running with one that has a memory of 1GB+.  The websites that typically cause this, of the websites I tend to visit,  is YahooMail and news websites.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Kwong (31-08-2017 13:43:19) Run:1
Running from C:\Users\Kwong\Desktop
Loaded Profiles: Kwong (Available Profiles: Kwong)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\MountPoints2: {b1ddd850-1f92-11e2-9bb2-7845c42a3707} - J:\LaunchU3.exe -a
HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\MountPoints2: {e522b812-20d6-11e5-be3a-7845c42a3707} - J:\LaunchU3.exe -a
ProxyServer: [S-1-5-21-2726765177-3793255156-395904341-1000] => http=127.0.0.1:49984;https=127.0.0.1:49984
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2726765177-3793255156-395904341-1000 -> DefaultScope {B63A792B-1D29-4544-812B-5954D843763C} URL =
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll => No File
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP7-15458/support/ieatgpc1.cab
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension => not found
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
CustomCLSID: HKU\S-1-5-21-2726765177-3793255156-395904341-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Kwong\AppData\Local\Citrix\GoToMeeting\4911\G2MOutlookAddin64.dll => No File
Task: {3D681DB4-B7A6-46BE-93CB-09A42B261134} - \APSnotifierPP1 -> No File <==== ATTENTION
Task: {4FFD8D4E-A14A-4C14-A106-0832F85E642A} - \BrowserSafeguard -> No File <==== ATTENTION
Task: {C048B6E3-0D17-4ADE-AB4F-AF88476619E8} - \AmiUpdXp -> No File <==== ATTENTION
Task: {D3C60637-0B26-48AF-B55E-C0F06EC6A76C} - \APSnotifierPP2 -> No File <==== ATTENTION
Task: {D572DC0B-1D3E-4614-9D17-BFF13AC923BE} - \BrowserSafeguard Update Task -> No File <==== ATTENTION
Task: {FA32BE16-2347-430F-A511-204F321D4661} - \APSnotifierPP3 -> No File <==== ATTENTION
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2726765177-3793255156-395904341-1000.job => C:\Users\Kwong\AppData\Local\GoToMeeting\7495\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2726765177-3793255156-395904341-1000.job => C:\Users\Kwong\AppData\Local\GoToMeeting\7495\g2mupload.exe
HKU\S-1-5-21-2726765177-3793255156-395904341-1000\Software\Classes\.exe:  =>  <==== ATTENTION
HKU\S-1-5-21-2726765177-3793255156-395904341-1000\Software\Classes\.scr:  =>  <==== ATTENTION
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
*****************

Processes closed successfully.
HKU\S-1-5-21-2726765177-3793255156-395904341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1ddd850-1f92-11e2-9bb2-7845c42a3707} => key removed successfully
HKLM\Software\Classes\CLSID\{b1ddd850-1f92-11e2-9bb2-7845c42a3707} => key not found.
HKU\S-1-5-21-2726765177-3793255156-395904341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e522b812-20d6-11e5-be3a-7845c42a3707} => key removed successfully
HKLM\Software\Classes\CLSID\{e522b812-20d6-11e5-be3a-7845c42a3707} => key not found.
HKU\S-1-5-21-2726765177-3793255156-395904341-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-2726765177-3793255156-395904341-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53} => key removed successfully
HKLM\Software\Classes\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53} => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53} => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
HKLM\Software\Wow6432Node\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} => key removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\tmpx => key removed successfully
HKLM\Software\Classes\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23} => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405} => value removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.55.2 => key removed successfully
C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2 => key not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => not found.
HKU\S-1-5-21-2726765177-3793255156-395904341-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D681DB4-B7A6-46BE-93CB-09A42B261134} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D681DB4-B7A6-46BE-93CB-09A42B261134} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4FFD8D4E-A14A-4C14-A106-0832F85E642A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FFD8D4E-A14A-4C14-A106-0832F85E642A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserSafeguard => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C048B6E3-0D17-4ADE-AB4F-AF88476619E8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C048B6E3-0D17-4ADE-AB4F-AF88476619E8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3C60637-0B26-48AF-B55E-C0F06EC6A76C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3C60637-0B26-48AF-B55E-C0F06EC6A76C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D572DC0B-1D3E-4614-9D17-BFF13AC923BE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D572DC0B-1D3E-4614-9D17-BFF13AC923BE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserSafeguard Update Task => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA32BE16-2347-430F-A511-204F321D4661} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA32BE16-2347-430F-A511-204F321D4661} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3 => key removed successfully
C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2726765177-3793255156-395904341-1000.job => moved successfully
C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2726765177-3793255156-395904341-1000.job => moved successfully
HKU\S-1-5-21-2726765177-3793255156-395904341-1000\Software\Classes\.exe => key removed successfully
HKU\S-1-5-21-2726765177-3793255156-395904341-1000\Software\Classes\.scr => key removed successfully

========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========


========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 13:44:07 ====

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Kwong (31-08-2017 13:54:15)
Running from C:\Users\Kwong\Desktop
Windows 7 Professional Service Pack 1 (X64) (2012-10-26 19:39:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2726765177-3793255156-395904341-500 - Administrator - Disabled)
Guest (S-1-5-21-2726765177-3793255156-395904341-501 - Limited - Disabled)
Kwong (S-1-5-21-2726765177-3793255156-395904341-1000 - Administrator - Enabled) => C:\Users\Kwong

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AS: Microsoft Security Essentials (Enabled - Up to date) {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
allday savings (HKLM\...\B021CBBD-E38E-4F8C-8E93-6624B0597A23) (Version: 2.0.1 - allday savings)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
AppliedOnline Install (HKLM-x32\...\AppliedOnline Install_is1) (Version:  - Applied Systems, Inc.)
AppliedOnline Upload Center Launcher - 64 bit (HKLM\...\{9040C3D4-2ACC-42DC-8850-4654CF3D2EEB}) (Version: 1.0.4 - Applied Systems, Inc.)
arc_setup_west (HKLM-x32\...\{C2CFBD0F-B632-417B-9656-3DF8D7C7D475}) (Version: 1.0 - InstallAware Software Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-7820N (HKLM-x32\...\{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.4.0 - Conexant)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.5127 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden
DisplayLink Core Software (HKLM\...\{24710201-55DB-4C7C-963A-5BE230098E24}) (Version: 6.0.34621.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{E970DFED-0D14-4937-A887-0F1346707321}) (Version: 6.0.34689.0 - DisplayLink Corp.)
Driving Recorder Player (HKLM-x32\...\{197DB879-DBD3-41CD-8550-2FF7F06C83C9}) (Version: 1.0.4898.21771 - Archlink Technology Corporation)
Driving Recorder Player (HKLM-x32\...\{D329F868-66B6-4F03-BE4E-57413957188E}) (Version: 1.0.5728.20341 - Archlink Technology Corporation)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 8.10.0.7495 (HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\GoToMeeting) (Version: 8.10.0.7495 - LogMeIn, Inc.)
iMazing 2.2.8.0 (HKLM\...\iMazing_is1) (Version: 2.2.8.0 - DigiDNA)
Intel® Identity Protection Technology 1.2.27.0 (HKLM-x32\...\{F109D156-577D-101B-A622-CF4351943AA4}) (Version: 1.2.27.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.50.1172 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3040 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.1.522.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31119 - Microsoft Corporation)
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Oce cm2510/4010 Series PC-Fax Driver (HKLM-x32\...\Oce cm2510 4010 Series PC-Fax Driver) (Version: 1.00.000 - Oce)
Oce cm2510/4010 Series PCL/PS Printer Driver (HKLM-x32\...\Oce cm2510/4010 Series PCL PS Printer Driver) (Version: 1.00.000 - Oce)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 10.0 - PlotSoft LLC)
PhotoShowExpress (HKLM-x32\...\{3250260C-7A95-4632-893B-89657EB5545B}) (Version: 2.0.063 - Sonic Solutions) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0019 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.47 - Piriform)
ReNamer (HKLM-x32\...\ReNamer_is1) (Version: 6.4.0.0 - den4b Team)
Revo Uninstaller 1.85 (HKLM-x32\...\Revo Uninstaller) (Version: 1.85 - VS Revo Group)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.2 - Roxio) Hidden
ScrewDrivers Client v4 x64 (rdp only) (HKLM\...\{7A1354BD-FD99-414A-AA13-C6E9F4DB8BD8}) (Version: 4.6.01.09 - triCerat, Inc.)
SHARP MX-2310/2010/2610/3110/3610 Series PCL/PS Printer Driver (HKLM-x32\...\SHARP MX-2310U PCL PS Printer Driver) (Version: 1.00.000 - SHARP)
SHARP MX-2610/3110/3610/4110/5110 Series PC-Fax Driver (HKLM-x32\...\SHARP MX-2610 3110 3610 Series PC-Fax Driver) (Version: 1.00.000 - SHARP)
Sonic CinePlayer Decoder Pack (HKLM-x32\...\{9A00EC4E-27E1-42C4-98DD-662F32AC8870}) (Version: 4.3.0 - Sonic Solutions) Hidden
SyncBack (HKLM-x32\...\SyncBack_is1) (Version:  - 2BrightSparks)
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 6.3.13.0 - 2BrightSparks)
ThumbsPlus (HKLM-x32\...\{9D7C721E-9861-4994-A91E-2E219CC4A7FD}) (Version: 9.0.0.3920 - Cerious Software Inc.) Hidden
ThumbsPlus (HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\ThumbsPlus) (Version:  - Cerious Software Inc.)
Travelers AgentBrowserConfiguration (HKLM-x32\...\{15E5B0F4-3E84-4EB1-B5C9-EC618B339FD6}) (Version: 1.0.55.0 - Travelers, Inc.)
VChannelClient (HKLM-x32\...\{245B4BB9-D643-4A87-968D-6C856FF1706A}) (Version: 5.04 - Applied Systems)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2012-09-12] (Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2012-09-12] (Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2012-09-12] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-02-22] (Intel Corporation)
ContextMenuHandlers5: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0DF9C426-5517-45EE-8F88-6E007C472BCC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {753EAA4F-3634-4D00-9F8E-3725AD4D86F6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {925065EA-9C8C-4C37-B879-95C3F5725F3B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {97B20DCE-D8AD-4B1B-BA22-7131122E11AB} - System32\Tasks\Microsoft\Windows\MobilePC\DisplayLink TMM Control
Task: {A6AD2451-9CFD-4490-B96D-211559EF2201} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B6607889-7BEE-4D81-ADB8-4A5CC7208E6A} - System32\Tasks\G2MUploadTask-S-1-5-21-2726765177-3793255156-395904341-1000 => C:\Users\Kwong\AppData\Local\GoToMeeting\7495\g2mupload.exe [2017-08-23] (LogMeIn, Inc.)
Task: {C2C4BF10-BFCB-436C-8996-FE7397AF84F0} - System32\Tasks\{C38373DC-3F42-45E9-9D07-8C1F74540BDE} => C:\Users\Kwong\Desktop\IE11-Windows6.1-x64-en-us.exe
Task: {D11CB6C1-6BDA-45C3-85B7-83E467691304} - System32\Tasks\{F767F846-DFE5-430A-B318-CE69AE9CEA1C} => C:\Users\Kwong\Desktop\IE11-Windows6.1-x64-en-us.exe
Task: {E105279E-1290-4F58-B548-FDBCF2DE4F68} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {E47EFA4E-3D2D-48DF-8036-B98FD69C1EC0} - System32\Tasks\Dell\Client System Update => C:\Program Files (x86)\Dell\ClientSystemUpdate\DellClientSystemUpdate.exe
Task: {F76B2136-3462-47FA-A1DE-64BA80FF3515} - System32\Tasks\G2MUpdateTask-S-1-5-21-2726765177-3793255156-395904341-1000 => C:\Users\Kwong\AppData\Local\GoToMeeting\7495\g2mupdate.exe [2017-08-23] (LogMeIn, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2012-10-26 15:36 - 2009-11-05 08:40 - 000085504 _____ () C:\Windows\System32\cpwmon64.dll
2012-10-05 03:35 - 2011-06-10 11:36 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-10-26 15:37 - 2005-04-22 13:36 - 000143360 ____N () C:\Windows\system32\BrSNMP64.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 004297568 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\csespi.com -> spinn.csespi.com
IE trusted site: HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\isohomevalue.com -> isohomevalue.com
IE trusted site: HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\safeco.com -> hxxps://safeco.com
IE trusted site: HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\travelers.com -> hxxp://travelers.com
IE trusted site: HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\travelers.com -> hxxps://travelers.com
IE trusted site: HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\travelerspc.com -> hxxp://travelerspc.com
IE trusted site: HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\travelerspc.com -> hxxps://travelerspc.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2726765177-3793255156-395904341-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{CA6841FB-ED68-4BA6-9A26-C9BE1B763599}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{BCE76975-7798-4DCB-9304-6F7571AAD2D3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{92C0C9CF-6A45-49EE-B9F3-55B6E8B2A00C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F472B530-5A0F-48E4-AE7D-920633B35CF7}] => (Allow) LPort=2869
FirewallRules: [{04A70910-C3A6-4F24-9059-9F9823E47749}] => (Allow) LPort=1900
FirewallRules: [{80466809-D1EA-474E-B840-4D0259F0640D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4F8A948D-C553-4B73-AC13-892FE35E41A2}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{E1B766CF-0017-40FE-8CF5-9364144C1FE5}] => (Allow) LPort=61117
FirewallRules: [{71ADF70D-538D-4774-8D15-56BFB11C81BA}] => (Allow) LPort=61116
FirewallRules: [{BCF45379-2452-486A-BA0D-7EF5EFABF893}] => (Allow) LPort=54925
FirewallRules: [TCP Query User{EAFA016F-92D0-40B8-BE51-8A9705F458EC}C:\windows\system32\spool\drivers\x64\3\ss0xnjr.exe] => (Allow) C:\windows\system32\spool\drivers\x64\3\ss0xnjr.exe
FirewallRules: [UDP Query User{52507263-56A4-4BD2-94B5-213991BF7A51}C:\windows\system32\spool\drivers\x64\3\ss0xnjr.exe] => (Allow) C:\windows\system32\spool\drivers\x64\3\ss0xnjr.exe
FirewallRules: [TCP Query User{E4F22D58-35CE-4E05-9D5A-C2346C97C115}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{9B8E092D-78BB-417D-8C74-DCEEBDEF6B1D}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{EB3D1508-108C-4B5C-89F0-0A2194F4232B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{865EF458-42CA-488D-9400-2ED153102E0C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F47A77E8-92AA-4C95-B183-732586B3EEC2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{94EAD5FC-FF32-457B-A2A8-235F5F19AF5F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{91F590D9-CBC7-4190-8C16-BF93119685A6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B0748FE5-6DA0-4BD2-B2F2-E1E93807A3DF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B10FFABC-821A-44F8-959F-F74DB34703D6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BE94C274-C86F-4223-86BB-D531DA0A6FDE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E2B418E4-A7E1-4D12-8E21-B0ACAF30F3CD}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{906198B6-FEF2-444D-8D30-78EB91F9E2C6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

01-08-2017 09:23:11 Windows Update
07-08-2017 09:20:33 Windows Update
11-08-2017 10:22:55 Windows Update
15-08-2017 08:59:18 Windows Update
18-08-2017 09:23:46 Windows Update
22-08-2017 09:04:42 Windows Update
28-08-2017 09:25:57 Windows Update
30-08-2017 14:43:12 JRT Pre-Junkware Removal
31-08-2017 13:32:28 Removed Java 7 Update 55
31-08-2017 13:34:37 Removed Java™ SE Runtime Environment 6

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/31/2017 01:47:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (08/31/2017 01:51:43 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 81%
Total physical RAM: 1959.06 MB
Available physical RAM: 364.54 MB
Total Virtual: 3918.12 MB
Available Virtual: 2417.98 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:218.16 GB) (Free:146.99 GB) NTFS
Drive k: () (Removable) (Total:14.92 GB) (Free:5 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 4B1A5462)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218.2 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 14.9 GB) (Disk ID: 17D63963)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C)

==================== End of Addition.txt ============================


  • 0

#7
RKinner
Posted 31 August 2017 - 03:35 PM

RKinner

    Malware Expert

  • Expert
  • 24,735 posts
  • MVP

If Firefox still freezes: Try running Firefox in Safe Mode:  https://support.mozi...using-safe-mode

 

Does it still freeze?  If not, go in disable all of the extensions and plug ins and see if it still doesn't freeze.  Go back in and enable about 1/2 and see if it starts freezing again.  


  • 0

#8
redleader74
Posted 01 September 2017 - 03:56 PM

redleader74

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts

Ok, I've been running Firefox in Safe Mode with all my usual websites open, such as Yahoo Mail, various news sites and so far no crash.  Also currently running Firefox process do not exceed ~500MB. 

 

However, I am noticing more adds on the news websites I visit, whereas when I visit those same sites on my home computer I don't see as much.  I wonder if this is all related to the original  Yahoo Mail page hijack issue that started this thread?  And if the tasks performed so far have addressed any part of it?


  • 0

#9
RKinner
Posted 01 September 2017 - 06:49 PM

RKinner

    Malware Expert

  • Expert
  • 24,735 posts
  • MVP

Since it seems to work in Safe mode try enabling some of your extensions and add-ons.   Seem if the crashing returns.

 

 

 

Try ublock origin extension:  https://www.ublock.org/ It should block most ads if they are coming from the websites you visit.  If it's adware on the PC that are causing them then it will not help.


  • 0

#10
redleader74
Posted 02 September 2017 - 10:52 AM

redleader74

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts

I spoke to soon....after a while Firefox froze up again, and checking the processes, there were a number Firefox process running with one at 1GB+.    


  • 0

Advertisements

#11
RKinner
Posted 02 September 2017 - 11:39 AM

RKinner

    Malware Expert

  • Expert
  • 24,735 posts
  • MVP

Backup your profile:

 

https://support.mozi...irefox-profiles

 

 

Download a new version of Firefox and save it.

 

Uninstall Firefox

Reboot.

 

Install the new version.


  • 0

#12
redleader74
Posted 14 November 2017 - 01:08 PM

redleader74

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts

Hello, sorry for the long delay.  I did download a new version of Fireforx and install it and everything was running fine for a while and then this past week I started having similar problems again with Firefox.  Namely, there is always one Firefox process running that will eventually exceed 1GB.  However, I was able to narrow down the website causing this as the Yahoo mail site (simply but just letting that be the only tab that's running and observing the processes behavior).

 

I wonder if Yahoo made some new changes to their mail website that's causing this or if there is an actual infection at work here?  Regardless, after a short time Firefox eventually just freezes altogether.  I do not have this problem with any of the other websites I frequent (news websites, shopping, etc.), it's only when Yahoo mail is left open and running that I'll get this problem.


  • 0

#13
RKinner
Posted 14 November 2017 - 07:28 PM

RKinner

    Malware Expert

  • Expert
  • 24,735 posts
  • MVP

I wonder if it's caused by their ads.  I logged into an old yahoo account and let it sit for an hour and it didn't keep adding memory to the Firefox Process but Ublock Origin (my ad blocker) reports that it had killed 37 ads.  See if adding Ublock Origin helps:

 

https://addons.mozil.../ublock-origin/

 

I just got a new upgrade to Firefox today.  57.0 and it seems to use a bit less memory.  Also found an article on reducing the number of Firefox Processes.  Seem something called E10 is trying to speed things up by using more processes.  You can turn it off and see if that makes any difference.

  1. Type about:config in the browser's address bar.
  2. Confirm that you will be careful.
  3. Search for autos
  4. Find browser.tabs.remote.autostart.and browser.tabs.remote.autostart..2
  5. Double-click on each preference. to make it False.  Restart Firefox.

  • 0

#14
redleader74
Posted 15 November 2017 - 11:56 AM

redleader74

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts

Great thanks.  I've made all the changes you've indicated and we'll see how it goes.  However, I had already installed some other adblocker for yahoo mail and I'm wondering if that adblocker and the new one above will conflict with each other OR if maybe the first adblocker was causing problems.

 

Is there a way to see all the ad-ons that are currently installed in my firefox?


  • 0

#15
RKinner
Posted 15 November 2017 - 04:02 PM

RKinner

    Malware Expert

  • Expert
  • 24,735 posts
  • MVP

A FRST scan shows the plugins.
 

 

FireFox:
========
FF DefaultProfile: pc2apltn.default-1435854358839-1501776417970
FF ProfilePath: C:\Users\Kwong\AppData\Roaming\Mozilla\Firefox\Profiles\2sembkzz.default-1439395623246 [2015-08-12]
FF ProfilePath: C:\Users\Kwong\AppData\Roaming\Mozilla\Firefox\Profiles\bic6gfkd.default-1439395659368 [2015-08-12]
FF ProfilePath: C:\Users\Kwong\AppData\Roaming\Mozilla\Firefox\Profiles\qcli7va0.default-1439395851436 [2016-11-15]
FF ProfilePath: C:\Users\Kwong\AppData\Roaming\Mozilla\Firefox\Profiles\udmoj2rs.default-1439401057614 [2015-08-12]
FF ProfilePath: C:\Users\Kwong\AppData\Roaming\Mozilla\Firefox\Profiles\7oamlumr.default-1439401667829 [2016-11-15]
FF ProfilePath: C:\Users\Kwong\AppData\Roaming\Mozilla\Firefox\Profiles\pc2apltn.default-1435854358839-1501776417970 [2017-08-30]
FF Homepage: Mozilla\Firefox\Profiles\pc2apltn.default-1435854358839-1501776417970 -> www.google.com
FF Extension: (Cisco WebEx Extension) - C:\Users\Kwong\AppData\Roaming\Mozilla\Firefox\Profiles\pc2apltn.default-1435854358839-1501776417970\Extensions\ciscowebexstart1@cisco.com.xpi [2017-08-16]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-08] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.38 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2012-05-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2012-05-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2726765177-3793255156-395904341-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Kwong\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-07-02] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2013-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2013-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Kwong\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-08-16] (Cisco WebEx LLC)

 

 

You have multiple profiles:

 

FF DefaultProfile: pc2apltn.default-1435854358839-1501776417970
FF ProfilePath: C:\Users\Kwong\AppData\Roaming\Mozilla\Firefox\Profiles\2sembkzz.default-1439395623246 [2015-08-12]
FF ProfilePath: C:\Users\Kwong\AppData\Roaming\Mozilla\Firefox\Profiles\bic6gfkd.default-1439395659368 [2015-08-12]
FF ProfilePath: C:\Users\Kwong\AppData\Roaming\Mozilla\Firefox\Profiles\qcli7va0.default-1439395851436 [2016-11-15]
FF ProfilePath: C:\Users\Kwong\AppData\Roaming\Mozilla\Firefox\Profiles\udmoj2rs.default-1439401057614 [2015-08-12]
FF ProfilePath: C:\Users\Kwong\AppData\Roaming\Mozilla\Firefox\Profiles\7oamlumr.default-1439401667829 [2016-11-15]
FF ProfilePath: C:\Users\Kwong\AppData\Roaming\Mozilla\Firefox\Profiles\pc2apltn.default-1435854358839-1501776417970 [2017-08-30]

 

The bold one is the one you are currently using.

https://support.mozi...irefox-profiles

Above link tells you how to manage them.  Delete any you do not use.

 

 

I do not see an adblocker so it should be OK to add Ublock Origin.  I think it is the best you can get right now. 

 

You can check if any of your extensions are causing the problem by using Firefox in Safe Mode:

 

https://support.mozi...using-safe-mode


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP