• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
TheGerkin

Powered by, unsolicited new tabs, popups making my browsing a bust.

7 posts in this topic

Hello,
I have read the FAQ and am attempting to follow the directions.
My problem is with firefox. "Powered by" will take over a web page after a bit.
A new tab will open when I click on something on my existing page. The new page will be
an advertisement, most of the time for some PCKeeper, PCFix, or the like. I get popups.
Their content can pretty much be just about anything. Sometimes the popups slide in from
the sides, or appear at the top of the body, pretty much they try to be as disruptive as
possible. I tried uninstalled and reinstalled Firefox, to no avail. Even decided to use IE,
but it showed similar signs of being infected.
When I go to sites (banking, quiitrak, etc.) where I am working instead of searching, the
effects are minimal. There is the constant highlighting and color change and font size increasing
of certain key words. But the popups do not seem to make it.

I have run the three programs you have requested, and here are the logs:
First, DDS.TXT:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.17356 BrowserJavaVersion: 11.45.2
Run by Christian at 19:47:24 on 2015-06-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1412 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\PROGRA~2\Intuit\QUICKB~2\QBDBMgrN.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickBooksDB22] C:\PROGRA~2\Intuit\QUICKB~2\QBDBMgrN.exe -n QB_CHRISTIAN-LAPG6_22 -qs -gd ALL -gk all -gp 4096 -gu all -ch 256M -c 128M -x tcpip(BroadcastListener=NO;port=55348) -ti 0 -ec simple -qi -qw -tl 120 -oe C:\PROGRA~3\Intuit\QUICKB~2\DBSTAR~1.LOG -y
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: addon.downloadterms.com
Trusted Zone: addon.downloadterms.com
Trusted Zone: addon.downloadterms.com
Trusted Zone: addon.downloadterms.com
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{7C413551-5001-4EBE-9365-9DFA8947F2D4} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{7C413551-5001-4EBE-9365-9DFA8947F2D4}\4416C6C6E65627 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{939CAAF4-2430-43E3-9E91-8137E331428C} : DHCPNameServer = 192.168.42.129
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Media+PlayerVidEd2.5: {11111111-1111-1111-1111-110611791113} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - <orphaned>
x64-Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\fkbv0kaa.default-1429128040315\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Christian\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Christian\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2010-5-14 73856]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2010-5-14 28800]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-3-4 280376]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-15 204288]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 124568]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-3-13 46136]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-4-30 366544]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-3-13 333416]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-3-13 38528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S3 HP DS Service;HP DS Service;C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [2011-10-17 13824]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2011-11-13 15360]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-5 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2015-4-6 31800]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-28 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-8 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-15 354304]
S4 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
S4 HP LaserJet Service;HP LaserJet Service;C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2012-5-2 164864]
S4 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
S4 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
S4 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
S4 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2014-9-18 14624]
S4 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-12-6 1248256]
S4 QuickBooksDB22;QuickBooksDB22;C:\PROGRA~2\Intuit\QUICKB~2\QBDBMgrN.exe -hvQuickBooksDB22 --> C:\PROGRA~2\Intuit\QUICKB~2\QBDBMgrN.exe -hvQuickBooksDB22 [?]
S4 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-1-2 315488]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-06-13 12:00:37 1187344 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{87AEB5DD-1D8C-4667-AF20-DD9056C4DB93}\gapaengine.dll
2015-06-13 11:59:11 12214312 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{72F7CFB8-6AD6-4989-83FD-FB2312910FAC}\mpengine.dll
2015-06-12 12:00:25 12214312 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-06-10 12:03:54 1187344 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6D3692E6-DD13-452C-83D0-ACCB1824C5CA}\gapaengine.dll
2015-06-05 12:09:30 298608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\tobedeleted\rep2136.tmp
2015-06-05 11:58:26 1187344 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3AC463FE-1A76-4475-9231-B33C290FDA03}\gapaengine.dll
2015-06-02 18:16:23 1187344 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{15C89757-3CD2-417D-95AB-5196EB2422BF}\gapaengine.dll
2015-05-18 14:44:45 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-05-18 14:44:45 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-18 14:37:57 1647104 ----a-w- C:\Windows\System32\DWrite.dll
.
==================== Find3M ====================
.
2015-06-10 16:47:21 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-06-10 16:47:21 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-03 21:56:36 97888 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-05-05 01:29:39 342016 ----a-w- C:\Windows\System32\schannel.dll
2015-05-05 01:12:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-04-27 19:28:36 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-04-27 19:28:35 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-04-27 19:28:35 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-04-27 19:26:21 1728960 ----a-w- C:\Windows\System32\ntdll.dll
2015-04-27 19:22:57 47104 ----a-w- C:\Windows\System32\typeperf.exe
2015-04-27 19:22:57 404992 ----a-w- C:\Windows\System32\tracerpt.exe
2015-04-27 19:22:53 112640 ----a-w- C:\Windows\System32\smss.exe
2015-04-27 19:22:47 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-04-27 19:22:46 43008 ----a-w- C:\Windows\System32\relog.exe
2015-04-27 19:22:35 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-04-27 19:22:34 104448 ----a-w- C:\Windows\System32\logman.exe
2015-04-27 19:22:26 19456 ----a-w- C:\Windows\System32\diskperf.exe
2015-04-27 19:22:08 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-04-27 19:21:37 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-04-27 19:18:37 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-04-27 19:18:25 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-04-27 19:11:55 3934144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-04-27 19:11:54 3989440 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-04-27 19:08:02 1310744 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-04-27 19:05:40 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-04-27 19:05:35 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-04-27 19:05:34 635392 ----a-w- C:\Windows\SysWow64\tdh.dll
2015-04-27 19:05:32 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-04-27 19:05:29 92160 ----a-w- C:\Windows\SysWow64\sechost.dll
2015-04-27 19:05:29 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-04-27 19:05:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2015-04-27 19:05:17 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-04-27 19:05:11 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-04-27 19:04:45 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-04-27 19:04:37 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-04-27 19:04:33 641536 ----a-w- C:\Windows\SysWow64\advapi32.dll
2015-04-27 19:04:33 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2015-04-27 19:04:24 40448 ----a-w- C:\Windows\SysWow64\typeperf.exe
2015-04-27 19:04:24 364544 ----a-w- C:\Windows\SysWow64\tracerpt.exe
2015-04-27 19:04:19 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-04-27 19:04:12 37888 ----a-w- C:\Windows\SysWow64\relog.exe
2015-04-27 19:04:04 82944 ----a-w- C:\Windows\SysWow64\logman.exe
2015-04-27 19:03:58 17408 ----a-w- C:\Windows\SysWow64\diskperf.exe
2015-04-27 19:03:52 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-04-27 19:03:36 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-04-27 19:03:36 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-04-27 19:03:36 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-04-27 19:01:33 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-04-27 19:01:22 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-04-27 18:06:48 36864 ----a-w- C:\Windows\System32\UtcResources.dll
2015-04-27 17:57:32 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-04-27 17:57:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-04-27 17:55:03 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-04-27 17:55:03 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-27 17:55:03 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-27 17:55:03 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-04-21 14:33:27 1763328 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-04-21 14:33:25 524288 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-04-21 14:33:03 2864640 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-04-21 14:33:02 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-04-21 14:33:02 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2015-04-21 14:32:45 1441280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-04-21 13:53:34 2237440 ----a-w- C:\Windows\System32\wininet.dll
2015-04-21 13:53:29 601600 ----a-w- C:\Windows\System32\vbscript.dll
2015-04-21 13:52:53 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2015-04-21 13:52:51 67072 ----a-w- C:\Windows\System32\iesetup.dll
2015-04-21 13:52:51 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2015-04-21 13:52:36 1509376 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-04-20 03:17:07 1179136 ----a-w- C:\Windows\System32\FntCache.dll
2015-04-20 02:56:29 1250816 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-04-20 02:11:23 3204608 ----a-w- C:\Windows\System32\win32k.sys
2015-04-18 03:10:57 460800 ----a-w- C:\Windows\System32\certcli.dll
2015-04-18 03:06:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-04-18 02:59:05 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2015-04-18 02:56:57 342016 ----a-w- C:\Windows\SysWow64\certcli.dll
2015-04-18 02:37:08 361984 ----a-w- C:\Windows\SysWow64\html.iec
2015-04-18 02:34:17 441856 ----a-w- C:\Windows\System32\html.iec
2015-04-18 02:12:40 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2015-04-18 02:09:03 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2015-04-14 09:38:52 1217192 ----a-w- C:\Windows\SysWow64\FM20.DLL
2015-04-13 03:28:33 328704 ----a-w- C:\Windows\System32\services.exe
2015-04-08 03:29:07 275456 ----a-w- C:\Windows\System32\InkEd.dll
2015-04-08 03:14:07 216064 ----a-w- C:\Windows\SysWow64\InkEd.dll
2015-04-06 16:10:35 24064 ----a-w- C:\Windows\zoek-delete.exe
2015-03-25 03:24:41 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-03-25 03:24:41 3298816 ----a-w- C:\Windows\System32\wucltux.dll
2015-03-25 03:24:41 191488 ----a-w- C:\Windows\System32\wuwebv.dll
2015-03-25 03:24:08 60416 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-03-25 03:23:58 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-03-25 03:23:55 36864 ----a-w- C:\Windows\System32\wuapp.exe
2015-03-25 03:00:57 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-03-25 03:00:57 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-03-25 03:00:15 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-03-23 03:25:15 726528 ----a-w- C:\Windows\System32\generaltel.dll
2015-03-23 03:25:01 769536 ----a-w- C:\Windows\System32\invagent.dll
2015-03-23 03:24:56 419840 ----a-w- C:\Windows\System32\devinv.dll
2015-03-23 03:24:54 957952 ----a-w- C:\Windows\System32\appraiser.dll
2015-03-23 03:24:53 30720 ----a-w- C:\Windows\System32\acmigration.dll
2015-03-23 03:24:53 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-03-23 03:24:53 192000 ----a-w- C:\Windows\System32\aepic.dll
.
============= FINISH: 19:49:17.89 ===============

Next Checkup.txt:

Results of screen317's Security Check version 1.00
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java 8 Update 45
Java version 32-bit out of Date!
Adobe Flash Player 17.0.0.188
Adobe Reader XI
Mozilla Firefox (38.0.5)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

And Last is the Log from the scan by Malwarebytes MBAM.TXT.
I ran one scan with 10 items found. I have the saved file here.
Then I ran the scan again. I am also showing that MBAM.TXT.

The first MBAM:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/13/2015
Scan Time: 9:40:56 PM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.13.07
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Christian

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 471781
Time Elapsed: 52 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, , [231868526723e55184e8ec04fb08b64a],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1DDD73DA-158D-4CAD-AE39-47FEC7FAD8E4}, , [8ab1556591f98ea85fc51c6c5ca9aa56],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A1D6DF45-2AE7-4995-8A9E-4DDC4410E2A5}, , [0239645690fa2f0780a2f89017ee27d9],
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [f447aa10c0cae1553ed896f771944ab6],

Registry Values: 2
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1ddd73da-158d-4cad-ae39-47fec7fad8e4}|AppName, Media+PlayerVidEd2.5-codedownloader.exe, , [8ab1556591f98ea85fc51c6c5ca9aa56]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{a1d6df45-2ae7-4995-8a9e-4ddc4410e2a5}|AppName, Media+PlayerVidEd2.5-bg.exe, , [0239645690fa2f0780a2f89017ee27d9]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
PUP.Optional.Updating.A, C:\Windows\System32\Tasks\sup_games_updating_service, , [7ac1506a404a3ff79d6f737e52b17c84],
PUP.Optional.Updating.A, C:\Windows\Tasks\sup_games_updating_service.job, , [b18ab1097812102684897d746e9506fa],
PUP.Optional.Notification.A, C:\Windows\Tasks\sup_games_notification_service.job, , [db60dddde4a6d95dc86dfcf5ec17f50b],
PUP.Optional.Notification.A, C:\Windows\System32\Tasks\sup_games_notification_service, , [ac8fc9f1eaa0e5510036d21f0df6b24e],

Physical Sectors: 0
(No malicious items detected)


(end)


Here is the Second MBAM.TXT file which was generated after I cleaned out the 10 incidents
that were found in the scan above this text:


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/13/2015
Scan Time: 10:48:59 PM
Logfile: MBAM2.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.13.07
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Christian

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 472266
Time Elapsed: 1 hr, 0 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

I hope I have presented the post information in a manner that makes your efforts easier.
Should you need anything further, please let me know.

Share this post


Link to post
Share on other sites

Hello TheGerkin. Welcome to SWI.

 

Please download AdwCleaner by Xplode onto your Desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please attach it to your reply.

You have used an out of date copy of Security Check. Please delete your copy and download a fresh copy from http://www.spywareinfoforum.com/index.php?showtopic=79038. The latest version is: 1.004.

 

 

Please post:

ADWCleaner log.

FRST log.

Security Check log.

 

How's the computer performing now?

 

 

Rocket Grannie.

Share this post


Link to post
Share on other sites

Hello Rocket Grannie,

I was following your instructions and preparing the logs for ADW, FRST and Security Check.

At the end of your text you asked "How's the computer running now?".

After following all your instructions, I tested out a couple of sites that had previously been obnoxious

with symptoms. I had to have a coworker, my wife, check it out also, because in the words

of the leper "Jesus, I'm cured, I'm cured."

Thank you for your help!

I assume you do not want the copies of the logs at this time.

Thanks again,

The Gerkin

Share this post


Link to post
Share on other sites

Hello TheGerkin

 

I am glad the popups appear to be gone. However, I doubt that the computer will be completely clean yet.

Please post the requested logs so I can check for any leftovers.

 

 

Rocket Grannie.

Share this post


Link to post
Share on other sites

Hello Rocket Grannie,

 

BELOW IS THE TEXT I PREPARED FOR YOU BEFORE I DID MY HAPPY DANCE OF CURED.

 

First, let me thank you for taking time to look into my problem.

 

Per your instructions, I have downloaded ADWCleaner and ran it.

I cleaned 4 files and 3 registry items. The resulting ADWCleaner[s1].txt log is listed first.

 

Then I downloaded the Farbar Recovery Scan Tool and ran it.

The FRST.txt file and the Addition.txt file are listed next.

 

Then I downloaded the latest version of securecheck and ran it.

I ran it and the checkit.txt log file is presented last.

 

 

THE FOLLOWING IS THE ADWCLEANER.TXT LOG

 

File Deleted : C:\Users\Christian\AppData\Local\GDIPFONTCACHEV1.DAT

File Deleted : C:\Users\Christian\AppData\Roaming\GDIPFONTCACHEV1.DAT

File Deleted : C:\Program Files (x86)\Mozilla Firefox\my.cfg

File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\defaults\preferences\my-prefs.js

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Universal

Key Deleted : HKLM\SOFTWARE\W3I

Key Deleted : HKU\.DEFAULT\Software\AnyProtect

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v10.0.9200.17356

 

 

-\\ Mozilla Firefox v38.0.5 (x86 en-US)

 

 

*************************

 

AdwCleaner[s1].txt - [668 bytes] - [16/06/2015 12:44:45]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [726 bytes] ##########

 

 

 

 

 

THE FOLLOWING IS THE FRST.TXT LOG FILE:

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015

Ran by Christian (administrator) on CHRISTIAN-LAPG6 on 16-06-2015 13:17:18

Running from C:\- ALL\In-house Hardware and Software\System\Virus Cleaners and Killers\FRST Recovery Tool

Loaded Profiles: Christian (Available Profiles: Christian & QBDataServiceUser22 & DefaultAppPool)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 10 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [QuickBooksDB22] => C:\Program Files (x86)\Intuit\QuickBooks 2012\QBDBMgrN.exe [679936 2015-02-27] (Intuit, Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)

HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKU\S-1-5-21-490523010-3529280521-2036877387-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-490523010-3529280521-2036877387-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}

SearchScopes: HKU\S-1-5-21-490523010-3529280521-2036877387-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

BHO: Media+PlayerVidEd2.5 -> {11111111-1111-1111-1111-110611791113} -> C:\Program Files (x86)\Media+PlayerVidEd2.5\Media+PlayerVidEd2.5-bho64.dll No File

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-03] (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-03] (Oracle Corporation)

DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}

Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)

Handler-x32: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll [2015-02-27] (Intuit, Inc.)

Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

 

FireFox:

========

FF ProfilePath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\fkbv0kaa.default-1429128040315

FF DefaultSearchEngine.US: Google

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-10] ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2010-08-18] (Adobe Systems, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-03] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-03] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-490523010-3529280521-2036877387-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Christian\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-02-24] (Citrix Online)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2011-07-22] (Catalina Marketing Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2012-03-21] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2012-03-21] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2012-03-21] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2012-03-21] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2012-03-21] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2012-03-21] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2012-03-21] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Christian\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-03-27] (Cisco WebEx LLC)

FF Extension: DownloadTerms - C:\Program Files (x86)\Mozilla Firefox\extensions\qnecriolahfk@xzqgbwzoamwuwufy.org [2015-06-02]

FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-12-15] (Advanced Micro Devices, Inc.) [File not signed]

S4 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)

S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]

S4 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]

S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-06-20] (Hewlett-Packard Company) [File not signed]

R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)

R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]

R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-02-27] (Intuit) [File not signed]

S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2011-12-06] (Intuit Inc.) [File not signed]

S4 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-12-06] (Intuit Inc.) [File not signed]

S4 QuickBooksDB22; C:\Program Files (x86)\Intuit\QuickBooks 2012\QBDBMgrN.exe [679936 2015-02-27] (Intuit, Inc.) [File not signed]

R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

S4 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)

S3 clwvd; system32\DRIVERS\clwvd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-06-16 12:47 - 2015-06-16 12:47 - 00071104 _____ C:\Users\Christian\AppData\Local\GDIPFONTCACHEV1.DAT

2015-06-16 12:44 - 2015-06-16 12:49 - 00000000 ____D C:\AdwCleaner

2015-06-16 10:45 - 2015-06-16 10:45 - 00688992 _____ (Swearware) C:\Users\Christian\Downloads\dds(1).com

2015-06-16 10:39 - 2015-06-16 10:39 - 00688992 ____R (Swearware) C:\Users\Christian\Downloads\dds.com

2015-06-13 22:01 - 2015-06-13 22:17 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit

2015-06-13 22:01 - 2015-06-13 22:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit

2015-06-13 22:01 - 2015-06-13 22:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit

2015-06-13 22:00 - 2015-06-13 22:00 - 03020968 _____ (Malwarebytes ) C:\Users\Christian\Downloads\mbae-setup-1.06.1.1019.exe

2015-06-13 21:31 - 2015-06-13 21:37 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-06-13 21:31 - 2015-06-13 21:36 - 00001161 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-06-13 21:31 - 2015-06-13 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-06-13 21:31 - 2015-06-13 21:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-06-13 21:31 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-06-13 21:31 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-06-13 21:31 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-06-03 15:54 - 2015-06-03 15:54 - 00561248 _____ (Oracle Corporation) C:\Users\Christian\Downloads\jxpiinstall(1).exe

2015-06-02 07:55 - 2015-06-16 12:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2015-05-18 08:44 - 2015-05-01 07:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2015-05-18 08:44 - 2015-05-01 07:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

2015-05-18 08:40 - 2015-04-21 08:33 - 14374400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-05-18 08:40 - 2015-04-21 08:33 - 13771776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-05-18 08:40 - 2015-04-21 08:33 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-05-18 08:40 - 2015-04-21 08:33 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-05-18 08:40 - 2015-04-21 08:33 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-05-18 08:40 - 2015-04-21 08:33 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-05-18 08:40 - 2015-04-21 08:33 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2015-05-18 08:40 - 2015-04-21 08:33 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-05-18 08:40 - 2015-04-21 08:33 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-05-18 08:40 - 2015-04-21 08:33 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-05-18 08:40 - 2015-04-21 08:33 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-05-18 08:40 - 2015-04-21 08:33 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-05-18 08:40 - 2015-04-21 08:33 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-05-18 08:40 - 2015-04-21 08:33 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-05-18 08:40 - 2015-04-21 08:33 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2015-05-18 08:40 - 2015-04-21 08:33 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-05-18 08:40 - 2015-04-21 08:33 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-05-18 08:40 - 2015-04-21 08:33 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-05-18 08:40 - 2015-04-21 08:33 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-05-18 08:40 - 2015-04-21 08:32 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-05-18 08:40 - 2015-04-21 07:53 - 02237440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-05-18 08:40 - 2015-04-21 07:53 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-05-18 08:40 - 2015-04-21 07:53 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-05-18 08:40 - 2015-04-21 07:53 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-05-18 08:40 - 2015-04-21 07:53 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-05-18 08:40 - 2015-04-21 07:52 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-05-18 08:40 - 2015-04-21 07:52 - 15414784 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-05-18 08:40 - 2015-04-21 07:52 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-05-18 08:40 - 2015-04-21 07:52 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-05-18 08:40 - 2015-04-21 07:52 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-05-18 08:40 - 2015-04-21 07:52 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-05-18 08:40 - 2015-04-21 07:52 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-05-18 08:40 - 2015-04-21 07:52 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-05-18 08:40 - 2015-04-21 07:52 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-05-18 08:40 - 2015-04-21 07:52 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-05-18 08:40 - 2015-04-21 07:52 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-05-18 08:40 - 2015-04-21 07:52 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2015-05-18 08:40 - 2015-04-21 07:52 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-05-18 08:40 - 2015-04-21 07:52 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-05-18 08:40 - 2015-04-21 07:52 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-05-18 08:40 - 2015-04-21 07:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-05-18 08:40 - 2015-04-17 21:06 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-05-18 08:40 - 2015-04-17 20:59 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-05-18 08:40 - 2015-04-17 20:37 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2015-05-18 08:40 - 2015-04-17 20:34 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-05-18 08:40 - 2015-04-17 20:12 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2015-05-18 08:40 - 2015-04-17 20:09 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2015-05-18 08:37 - 2015-05-04 19:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-05-18 08:37 - 2015-05-04 19:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-05-18 08:37 - 2015-04-19 21:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2015-05-18 08:37 - 2015-04-19 21:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

2015-05-18 08:37 - 2015-04-19 20:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2015-05-18 08:37 - 2015-04-19 20:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-05-18 08:37 - 2015-04-17 21:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

2015-05-18 08:37 - 2015-04-17 20:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

2015-05-18 08:37 - 2015-04-12 21:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe

2015-05-18 08:37 - 2015-04-07 21:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll

2015-05-18 08:37 - 2015-04-07 21:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-06-16 13:17 - 2015-04-06 08:12 - 00000000 ____D C:\FRST

2015-06-16 13:14 - 2011-03-13 02:39 - 01760954 _____ C:\Windows\WindowsUpdate.log

2015-06-16 13:06 - 2014-11-13 15:52 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-06-16 12:55 - 2009-07-13 22:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-06-16 12:55 - 2009-07-13 22:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-06-16 12:47 - 2015-04-06 12:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2015-06-16 12:47 - 2014-11-13 15:52 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-06-16 12:47 - 2011-03-13 02:45 - 00881456 _____ C:\Windows\PFRO.log

2015-06-16 12:47 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-06-16 12:47 - 2009-07-13 22:51 - 00070921 _____ C:\Windows\setupact.log

2015-06-16 12:45 - 2014-02-27 06:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-06-16 11:01 - 2009-07-13 23:13 - 00866876 _____ C:\Windows\system32\PerfStringBackup.INI

2015-06-16 10:48 - 2015-04-13 17:03 - 00022890 _____ C:\Users\Christian\Desktop\dds.txt

2015-06-16 10:48 - 2015-04-13 17:03 - 00012576 _____ C:\Users\Christian\Desktop\attach.txt

2015-06-13 22:06 - 2011-06-22 15:00 - 00000000 ____D C:\Users\Christian\AppData\Local\CrashDumps

2015-06-10 10:47 - 2014-02-27 06:14 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-06-10 10:47 - 2012-11-05 09:32 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-06-10 10:47 - 2011-06-22 14:18 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-06-05 09:10 - 2012-01-14 22:35 - 00000000 ____D C:\- Degele

2015-06-03 16:37 - 2013-09-20 21:55 - 00000000 ____D C:\Users\Christian\Downloads\Ocwen

2015-06-03 16:23 - 2013-10-25 06:06 - 00000000 ____D C:\ProgramData\Oracle

2015-06-03 16:16 - 2011-01-14 12:21 - 00000000 ____D C:\Program Files (x86)\Java

2015-06-03 15:56 - 2014-11-03 08:59 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2015-05-18 11:11 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache

2015-05-18 10:09 - 2009-07-13 22:45 - 00320048 _____ C:\Windows\system32\FNTCACHE.DAT

2015-05-18 10:08 - 2013-04-20 10:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2015-05-18 10:08 - 2013-04-20 10:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2015-05-18 10:06 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers

2015-05-18 09:21 - 2011-05-08 18:20 - 00000000 ____D C:\ProgramData\Microsoft Help

2015-05-18 09:20 - 2012-06-23 06:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

2015-05-18 09:20 - 2012-01-18 13:41 - 00001945 _____ C:\Windows\epplauncher.mif

2015-05-18 09:20 - 2012-01-18 13:38 - 00002176 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

2015-05-18 09:20 - 2012-01-18 13:38 - 00000000 ____D C:\Program Files\Microsoft Security Client

2015-05-18 09:16 - 2013-09-01 06:55 - 00000000 ____D C:\Windows\system32\MRT

2015-05-18 08:51 - 2011-06-17 05:28 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-05-18 08:44 - 2013-04-20 10:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2015-05-17 20:11 - 2011-05-08 13:09 - 00003232 _____ C:\Windows\System32\Tasks\HPCeeScheduleForCHRISTIAN-LAPG6$

2015-05-17 20:11 - 2011-05-08 13:09 - 00000356 _____ C:\Windows\Tasks\HPCeeScheduleForCHRISTIAN-LAPG6$.job

 

==================== Files in the root of some directories =======

 

2012-11-09 10:21 - 2013-04-19 07:42 - 0007605 _____ () C:\Users\Christian\AppData\Local\Resmon.ResmonCfg

2012-06-08 11:19 - 2012-06-08 11:19 - 0000057 _____ () C:\ProgramData\Ament.ini

2011-12-24 10:45 - 2015-01-21 17:35 - 0001255 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

2015-01-08 11:08 - 2015-01-08 12:18 - 0001781 _____ () C:\ProgramData\tempimage.bmp

2011-03-13 02:49 - 2011-03-13 02:49 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log

2011-01-14 12:18 - 2011-01-14 12:19 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log

2011-03-13 02:49 - 2011-03-13 02:49 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log

2011-01-14 12:17 - 2011-01-14 12:18 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log

2011-03-13 02:48 - 2011-03-13 02:48 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log

2011-01-14 12:16 - 2011-01-14 12:17 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

 

Some files in TEMP:

====================

C:\Users\Christian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3favrg.dll

C:\Users\Christian\AppData\Local\Temp\Quarantine.exe

C:\Users\Christian\AppData\Local\Temp\sqlite3.dll

C:\Users\Christian\AppData\Local\Temp\swt-win32-3448.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-06-13 00:32

 

==================== End of log ============================

 

 

 

 

THE FOLLOWING IS THE ADDITION.TXT FILE CREATED BY FARBAR. YOU DID NOT

REQUEST IT, BUT I THREW IT IN ANYWAY:

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015

Ran by Christian at 2015-06-16 13:19:23

Running from C:\- ALL\In-house Hardware and Software\System\Virus Cleaners and Killers\FRST Recovery Tool

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-490523010-3529280521-2036877387-500 - Administrator - Disabled)

Christian (S-1-5-21-490523010-3529280521-2036877387-1001 - Administrator - Enabled) => C:\Users\Christian

Guest (S-1-5-21-490523010-3529280521-2036877387-501 - Limited - Enabled)

HomeGroupUser$ (S-1-5-21-490523010-3529280521-2036877387-1006 - Limited - Enabled)

QBDataServiceUser22 (S-1-5-21-490523010-3529280521-2036877387-1007 - Limited - Enabled) => C:\Users\QBDataServiceUser22

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}

AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

3sixty Freight Match (HKU\S-1-5-21-490523010-3529280521-2036877387-1001\...\136e33ada5e2a0f1) (Version: 3.8.5385.19310 - TransCore)

3sixty Freight Match Prerequisites (HKLM-x32\...\{3D38DA45-A4F2-42F1-9043-E8D606DEB38B}) (Version: 1.0.0 - TransCore)

64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.5 (HKLM-x32\...\{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}) (Version: 11.5.8.612 - Adobe Systems, Inc)

Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden

Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)

ATI Catalyst Install Manager (HKLM\...\{16563676-2243-041A-DC00-5F0A34FA17F2}) (Version: 3.0.804.0 - ATI Technologies, Inc.)

Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden

Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden

Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

C5150n - C5200n Series GDI Driver from OKI® Printing Solutions for Windows (HKLM-x32\...\{2C52D6EB-EE7E-45C4-AFB8-1242164A4A44}) (Version: 210 - OKI® Printing Solutions)

Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden

ccc-core-static (x32 Version: 2010.1215.1159.21448 - ATI) Hidden

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)

Cisco WebEx Meetings (HKU\S-1-5-21-490523010-3529280521-2036877387-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden

Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden

Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)

Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden

ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)

Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden

FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden

FileZilla Client 3.5.0 (HKLM-x32\...\FileZilla Client) (Version: 3.5.0 - )

Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden

Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden

Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden

HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{B6A3EAE4-3727-46A4-A659-8576BF7C8C8D}) (Version: 23.0.504.0 - Hewlett-Packard Co.)

HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)

HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{F638F65B-B435-44E0-9382-7F90BDB003E2}) (Version: 23.0.504.0 - Hewlett-Packard Co.)

HP Documentation (HKLM-x32\...\{53CD60C7-12F9-420D-A9BF-EC8D815475A9}) (Version: 1.1.0.0 - Hewlett-Packard)

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)

HP LaserJet 200 color MFP M276 (HKLM-x32\...\{CC38C23C-7824-4DBB-AC73-997CD0BBFEC7}) (Version: 5.0.12201.1116 - Hewlett-Packard)

HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)

HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{ADDF4B84-5D28-4EAE-8511-EF808C8BC81C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)

HP Officejet 6500 E710n-z Help (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)

HP On Screen Display (HKLM-x32\...\{124DB96E-CBF5-44FB-AB59-7D2444DEC777}) (Version: 1.0.7 - Hewlett-Packard Company)

HP Power Manager (HKLM-x32\...\{AF306BD8-F9D1-4627-89B9-246E59074A05}) (Version: 1.1.2 - Hewlett-Packard Company)

HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)

HP Setup (HKLM-x32\...\{802C068E-0576-4F25-8137-D54B7DB0FC5E}) (Version: 8.4.4487.3576 - Hewlett-Packard Company)

HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12845.3522 - Hewlett-Packard Company)

HP Software Framework (HKLM-x32\...\{35D2E477-8524-4294-9D6A-D8481328389F}) (Version: 4.0.80.1 - Hewlett-Packard Company)

HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)

HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version: - )

HP Wireless Assistant (HKLM\...\{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}) (Version: 4.0.10.0 - Hewlett-Packard Company)

HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden

hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden

hpbM276DSService (x32 Version: 001.001.05874 - Hewlett-Packard) Hidden

HPDXP (x32 Version: 3.0.26.8 - HP) Hidden

HPLaserJet200color-MFPM276_HelpLearnCenter_SI (HKLM-x32\...\{0F044C7A-6EE1-4F03-90AC-329AAF2FCF12}) (Version: 1.01.0000 - Hewlett-Packard)

HPLJDXPHelper (x32 Version: 020.021.004 - HP) Hidden

HPLJUTCore (x32 Version: 004.005.0001 - HP) Hidden

HPLJUTM276 (x32 Version: 3.00.0003 - HP) Hidden

hppFaxDrvM276 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden

hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden

hppM276LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden

hppSendFaxM276 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden

hpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) Hidden

hpStatusAlertsM276 (x32 Version: 050.034.00131 - Hewlett-Packard) Hidden

I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)

InstaCodecs (HKLM-x32\...\InstaCodecs_is1) (Version: 1.0 - )

Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)

JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)

Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

LightScribe System Software (HKLM-x32\...\{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}) (Version: 1.18.24.1 - LightScribe)

LJDXPHelperUI (x32 Version: 020.021.004 - HP) Hidden

Malwarebytes Anti-Exploit version 1.06.1.1019 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.06.1.1019 - Malwarebytes)

Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Office XP Media Content (HKLM-x32\...\{90300409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)

Microsoft Office XP Professional (HKLM-x32\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)

Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)

Microsoft Outlook 2010 (HKLM-x32\...\Office14.OUTLOOK) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)

Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden

PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 9.0 - PlotSoft LLC)

Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden

Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden

PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)

Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden

Punch! Super Home Suite (HKLM-x32\...\Punch! Super Home Suite) (Version: - )

QuickBooks (x32 Version: 22.0.4016.2206 - Intuit Inc.) Hidden

QuickBooks Pro 2012 (HKLM-x32\...\{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}) (Version: 22.0.4016.2206 - Intuit Inc.)

QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)

Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.72 - Realtek Semiconductor Corp.)

Recovery Manager (x32 Version: 1.0.22 - Hewlett-Packard) Hidden

Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)

RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)

Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)

Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)

TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)

TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: - Intuit, Inc)

TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)

TurboTax Audit Support Center 3.0 (HKLM-x32\...\{E371C150-A9F1-49CE-ACC1-51AEFD01C1D5}_is1) (Version: - TurboTax)

TurboTax Business 2012 (HKLM-x32\...\TurboTax Business 2012) (Version: 2012.0 - Intuit, Inc)

TurboTax Business 2013 (HKLM-x32\...\TurboTax Business 2013) (Version: 2013.0 - Intuit, Inc)

TurboTax Business 2014 (HKLM-x32\...\TurboTax Business 2014) (Version: 2014.0 - Intuit, Inc)

USB Disk Storage Format Tool 5.0 (HKLM\...\USB Disk Storage Format Tool_is1) (Version: - Authorsoft Corporation)

Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden

Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden

Vocalocity Desktop (HKU\S-1-5-21-490523010-3529280521-2036877387-1001\...\2620787867.vpf.cloudapp.net) (Version: - vpf.cloudapp.net)

Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden

Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-490523010-3529280521-2036877387-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

 

==================== Restore Points =========================

 

28-05-2015 00:00:20 Windows Backup

29-05-2015 00:00:22 Windows Backup

29-05-2015 12:10:26 Windows Update

30-05-2015 00:00:21 Windows Backup

31-05-2015 00:00:20 Windows Backup

01-06-2015 00:00:23 Windows Backup

02-06-2015 12:11:41 Windows Update

06-06-2015 05:57:47 Windows Update

10-06-2015 06:00:19 Windows Update

14-06-2015 02:03:46 Windows Update

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {018AE16F-47B1-4473-835E-BE9051A68AA4} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-490523010-3529280521-2036877387-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

Task: {35DDCE7D-5F6D-4141-9604-74DCA2BB62B0} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)

Task: {3C6CD6FC-BF5C-4D1B-A113-021612377A0B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

Task: {3EB186CD-4E96-4561-B1AE-181D10DDA405} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-490523010-3529280521-2036877387-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

Task: {5441AD73-2E92-4142-B2D3-EBFF3B5AC5B2} - System32\Tasks\HPCeeScheduleForCHRISTIAN-LAPG6$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)

Task: {639BC907-B472-41FD-8FAF-A4BDE978D572} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-13] (Google Inc.)

Task: {74A526DD-CBB1-4486-B413-26AFAA28960A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-13] (Google Inc.)

Task: {7E5E33C6-23A4-42FF-AAAD-776C42821EA5} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2012-06-14] (Hewlett Packard)

Task: {9CA859A5-E8DA-4C4E-9A82-F2F22BB39E47} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)

Task: {9DDDD51A-7DDC-4AF7-B0E8-4FBC1F67F870} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-10] (Adobe Systems Incorporated)

Task: {A510FD9A-35BC-44D7-AF3E-20B3AAF2E8BC} - System32\Tasks\{DA292985-2E3F-457B-B19B-33A62F50D8EC} => pcalua.exe -a C:\PROGRA~2\ANYTIM~1\ANYTIM~1\UNWISE.EXE -c C:\PROGRA~2\ANYTIM~1\ANYTIM~1\INSTALL.LOG

Task: {A62CD87D-A423-4C9A-9CD3-7BD604132F62} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-03-30] (Hewlett-Packard Co.)

Task: {AE5EB273-E3F7-4875-8B93-F0CD26AE03F5} - System32\Tasks\BBQLeads => C:\Program Files (x86)\bbqleads\ScheduledTask.exe

Task: {BA572EBD-20FC-4283-A45B-53C1DFCCE496} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)

Task: {CE0C03DC-7F76-4A1E-B494-62E6805FAE8B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)

Task: {D1B9DDD5-5CB6-4DC3-81C1-1B11FDD9CB1D} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2011-05-08] (Microsoft Corporation)

Task: {D964251A-1179-4B42-B7B6-0B7943734665} - System32\Tasks\{483ABA99-8133-495C-A2D1-B564C12954A7} => pcalua.exe -a E:\setup.exe -d E:\

Task: {F923CDFD-4391-4C01-8600-9342AC2A5754} - System32\Tasks\{3AD44D91-3CEB-443F-A7E0-6BCBD29E66BA} => pcalua.exe -a "F:\- JCD\- ALLJCD\ALL Downloads\SuperAntiSpyware W7 Internet Virus Fix\SUPERAntiSpyware.exe" -d "F:\- JCD\- ALLJCD\ALL Downloads\SuperAntiSpyware W7 Internet Virus Fix"

Task: {FC7344DD-BCAC-4F0B-855A-3899A64A9500} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForCHRISTIAN-LAPG6$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

 

==================== Loaded Modules (Whitelisted) ==============

 

2010-01-02 08:42 - 2010-01-02 08:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll

2011-03-16 03:29 - 2011-03-16 03:29 - 02673000 _____ () C:\Windows\system32\HPScanTRDrv_DJ3050A_J611.dll

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

2013-02-14 16:46 - 2013-02-14 16:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE trusted site: HKU\S-1-5-21-490523010-3529280521-2036877387-1001\...\addon.downloadterms.com -> hxxps://addon.downloadterms.com

IE trusted site: HKU\S-1-5-21-490523010-3529280521-2036877387-1001\...\addon.downloadterms.com -> hxxp://addon.downloadterms.com

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-490523010-3529280521-2036877387-1001\Control Panel\Desktop\\Wallpaper ->

DNS Servers: 192.168.0.1

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{D3E0E7C4-49D4-4C0B-9DA9-F17BD5E8BB8C}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe

FirewallRules: [{D0F9D0B6-50A4-4B9C-BD68-DD57205A6D76}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe

FirewallRules: [{36A89647-696F-4B72-8F38-BB690BA04CB4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe

FirewallRules: [{A432C1F1-CA65-409E-8007-A090F53C8F06}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe

FirewallRules: [{7C60CEBE-44AE-442A-B883-EE68F6EFED10}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{8B863AA4-1253-4BDA-8042-EDAAF4ED9EA6}] => (Allow) LPort=2869

FirewallRules: [{B1129A83-15F0-43CF-8877-A02D26B432C0}] => (Allow) LPort=1900

FirewallRules: [{44AE4932-A859-4F9F-9742-345C8DD2767E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{1DD0D249-EFDF-47B2-AE22-8A0B9E307A38}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe

FirewallRules: [{8D87BE97-7EF9-4AF3-A32F-C1495F5C8CC9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe

FirewallRules: [{C4DFA506-1ED4-4DEB-A630-8B78F90A4155}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe

FirewallRules: [{F6E09516-7E22-40FA-AB41-A5EBD56A1FF2}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe

FirewallRules: [{2CAF2C27-3391-4D1D-BCD0-81BE2D882A4B}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe

FirewallRules: [{F2BA140B-4909-4A85-8053-16B9330D732C}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe

FirewallRules: [{49313EB7-CD37-4530-B3A9-9DF3C1208EBB}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe

FirewallRules: [TCP Query User{C66C1329-A53A-4ACB-A53B-3F082ADBD5CA}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe

FirewallRules: [uDP Query User{836D3478-9C66-4321-93E5-5DEC3BD50509}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe

FirewallRules: [TCP Query User{7F875F47-2C1B-43A6-95E9-14EE5C31DBCE}C:\users\christian\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\christian\appdata\local\akamai\netsession_win.exe

FirewallRules: [uDP Query User{30AF5DEF-1AA0-4E9E-8743-7AF036EBA53A}C:\users\christian\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\christian\appdata\local\akamai\netsession_win.exe

FirewallRules: [TCP Query User{086F5CB2-9F51-4613-BC0A-330334116939}C:\users\christian\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\christian\appdata\local\akamai\netsession_win.exe

FirewallRules: [uDP Query User{5D5D33FB-0073-4484-B900-7D3211D662BB}C:\users\christian\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\christian\appdata\local\akamai\netsession_win.exe

FirewallRules: [{0A10F816-9B5D-43D0-B911-0CE4936ACFF7}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe

FirewallRules: [{2AF1B9BB-B940-4132-BBDA-DE072B7F75A3}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe

FirewallRules: [{72BDF97C-4FD1-419E-836C-D3FFEBDABFBC}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe

FirewallRules: [TCP Query User{FB99E89D-BA00-4EDE-AC8E-C60D526ED458}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe

FirewallRules: [uDP Query User{7D75039A-15F3-4322-935F-15EB9198F6F1}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe

FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

FirewallRules: [{2ECC03D9-3135-4C19-B255-9F84A3D5E070}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 200 color MFP M276\bin\FaxApplications.exe

FirewallRules: [{260576F9-6E69-40A3-81C8-B1B0FDBDC1DA}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 200 color MFP M276\bin\DigitalWizards.exe

FirewallRules: [{62E4D703-D964-469A-B114-29C5ED10E4C4}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 200 color MFP M276\Bin\HPNetworkCommunicator.exe

FirewallRules: [{A173D68F-A0EE-42EC-ABB3-786C3B72C1A1}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 200 color MFP M276\bin\EWSProxy.exe

FirewallRules: [TCP Query User{CD71A2CD-E2AE-4FE9-A304-ABDEE0B426CC}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe

FirewallRules: [uDP Query User{86357A9E-D555-4B1B-A04A-FFA93836CABB}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe

FirewallRules: [TCP Query User{76933465-7336-4007-A9E5-04CC7B73091D}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe

FirewallRules: [uDP Query User{22D76B1B-BB4C-44F9-A661-329820482E5F}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe

FirewallRules: [TCP Query User{6C90D519-2864-41F7-B2E0-F19692569645}C:\users\christian\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\christian\appdata\roaming\dropbox\bin\dropbox.exe

FirewallRules: [uDP Query User{8E032694-0365-4BF3-9945-8C8BD448BDA9}C:\users\christian\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\christian\appdata\roaming\dropbox\bin\dropbox.exe

FirewallRules: [TCP Query User{FBF23222-3532-475D-9213-C93788890BE8}C:\program files (x86)\intuit\quickbooks 2012\qbdbmgrn.exe] => (Allow) C:\program files (x86)\intuit\quickbooks 2012\qbdbmgrn.exe

FirewallRules: [uDP Query User{19F9B50F-8F1C-4DEE-9E5F-1315BB77450E}C:\program files (x86)\intuit\quickbooks 2012\qbdbmgrn.exe] => (Allow) C:\program files (x86)\intuit\quickbooks 2012\qbdbmgrn.exe

FirewallRules: [{7BC01A0E-E30A-40A5-BF85-619276CDEE10}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe

FirewallRules: [{7503180D-05F9-4371-8ACA-E38FB15ED801}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

FirewallRules: [{2E7BE46F-6F32-47C6-8B75-87143BCA1BBA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

Fi

Share this post


Link to post
Share on other sites

Hello TheGerkin

First of all you need to create a Restore point. Give it a name that you will understand. Something like---before running tools.
For information on how to create a Restore point please go here: How to create Restore Point.

Open Notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.

start

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-490523010-3529280521-2036877387-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.co...q={searchTerms}
SearchScopes: HKU\S-1-5-21-490523010-3529280521-2036877387-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}

end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your Desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your Desktop.

    [*]Check YES, I accept the Terms of Use. [*]Click the Start button. [*]Accept any security warnings from your browser. [*]Under scan settings, check Scan Archives and Remove found threats [*]Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, click List Threats [*]Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Click the Back button. [*]Click the Finish button.

Note: If nothing is found, it will not produce a log.

Please post:
FRST log
ESet log (if it produced one)
Security Check log

Any further problems?

Rocket Grannie

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.