User Tag List

Inernet Explorer

This is a discussion on Inernet Explorer within the Resolved HJT Threads forums, part of the Tech Support Forum category. It appears Internet Explorer is not working correctly. When I open explorer and go to a site, a window pops


 
 
Thread Tools Search this Thread
Old 09-09-2015, 09:46 AM   #1
Registered Member
 
Join Date: Sep 2015
Posts: 8
OS: windows 7 professional



It appears Internet Explorer is not working correctly. When I open explorer and go to a site, a window pops up and says that my PC is infected with a virus and is at risk and to call a 1 888 339-6907 number. The message says this is a free service from micro soft operating system security essentials warning - internet explorer. The window cannot be closed, even using ctl, alt, delete keys. I have to shut the computer off and re-start. The window says the message in audio as well.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17937
Run by Larry Ellerman at 19:46:36 on 2015-09-08
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8151.4972 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SysWOW64\brsvc01a.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\brss01a.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\MediaMall\PlayOn.exe
C:\Program Files (x86)\Nuance\PaperPort\PPScheduler.exe
C:\ProgramData\FLEXnet\Connect\11\agent.exe
C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
C:\Users\Larry Ellerman\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Nuance\PDF Professional 8\PdfPro8Hook.exe
C:\Program Files (x86)\Cyberlink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\MediaMall\MediaMallServer.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\WINDOWS\SYSWOW64\VMNAT.EXE
C:\Windows\system32\EscSvc64.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\SYSWOW64\VMNETDHCP.EXE
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\TeamViewer\tv_w32.exe
C:\Program Files (x86)\TeamViewer\tv_x64.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_18_0_0_232_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
mSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
mWinlogon: Userinit = userinit.exe,
BHO: {0BB39B40-285C-7D3C-D125-8BB824483DA5} - <orphaned>
BHO: {14626502-0AB1-6A1A-688B-8A56BE0BA3E6} - <orphaned>
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\PlusIEContextMenu.dll
BHO: Dragon Web Extension For Internet Explorer: {609C0837-8DD3-4F9B-AAC5-446F36BC0353} - C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: PlayOn: {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Gaaiho PDF Conversion Toolbar Helper: {C7DA0384-42AA-428c-B832-88AC343DE1A8} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: {EFAF857D-DE82-4594-37C4-DE38B18E376A} - <orphaned>
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: Nuance PDF: {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll
TB: PlayOn: {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [OpAgent] "OpAgent.exe" /agent
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [PlayOn] C:\Program Files (x86)\MediaMall\PlayOn.exe
uRun: [PPScheduler] C:\Program Files (x86)\Nuance\PaperPort\PPScheduler.exe
uRun: [Dropbox Update] "C:\Users\Larry Ellerman\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [Nuance OmniPage 17-reminder] "C:\Program Files (x86)\Nuance\OmniPage17\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 17\Ereg\Ereg.ini"
mRun: [PDF8 Registry Controller] "C:\Program Files (x86)\Nuance\PDF Professional 8\RegistryController.exe"
mRun: [PDFProHook] "C:\Program Files (x86)\Nuance\PDF Professional 8\pdfpro8hook.exe"
mRun: [Nuance PDF Converter Professional 8-reminder] "C:\Program Files (x86)\Nuance\PDF Professional 8\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Converter Professional 8\Ereg\Ereg.ini"
mRun: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [Updater] C:\ProgramData\Updater\Updater.exe
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
mRun: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe
mRun: [UsbCipHelper] C:\Program Files (x86)\Rockwell Automation\UsbCipDriver\UsbCipHelper\UsbCipHelper.exe
mRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
mRun: [PPort14reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\14\Config\Ereg\Ereg.ini"
mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking13\Ereg.ini"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\Users\LARRYE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Larry Ellerman\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\LARRYE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EPSONS~1.LNK - E:\Common\EpsonReg\Ereg.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IMAGEB~1.LNK - C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 8 - C:\Program Files (x86)\Nuance\PDF Professional 8\cnvres_eng.dll /100
IE: PlayOn - C:\Program Files (x86)\MediaMall\toolbar\MenuLoad.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {936CEA21-9A68-46D9-A31B-1173A976D896} - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll
LSP: %windir%\system32\vsocklib.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {FFAD8DA9-ED41-494D-AC8E-63D861D0A733} - hxxps://download.rockwellautomation.com/plugins/rockwell.cab
TCP: NameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{14BBE08A-FC91-482F-895B-63AB1EAAB49A} : DHCPNameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{D18D9B44-0644-4067-9729-F2921BD883CF} : DHCPNameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{F4D6DB83-B252-403B-A6EF-E46FFC13D68E} : DHCPNameServer = 192.168.1.254 75.153.176.9
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
AppInit_DLLs= c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll c:\progra~2\optimi~1\optpro~1.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: ShopperMastoEr: {082F2896-8035-557D-7635-6CF07087E6DB} -
x64-BHO: {0BB39B40-285C-7D3C-D125-8BB824483DA5} - <orphaned>
x64-BHO: {14626502-0AB1-6A1A-688B-8A56BE0BA3E6} - <orphaned>
x64-BHO: Dragon Web Extension For Internet Explorer: {609C0837-8DD3-4F9B-AAC5-446F36BC0353} - C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: PlayOn: {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: {EFAF857D-DE82-4594-37C4-DE38B18E376A} - <orphaned>
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-TB: PlayOn: {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-Run: [BbInstallUser] C:\Program Files\Bluebeam Software\Bluebeam Revu\Pushbutton PDF\Bluebeam Admin User.exe
x64-Run: [BbPrintMonitor] C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-IE: {936CEA21-9A68-46D9-A31B-1173A976D896} - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2015-9-8 65224]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2015-9-8 274808]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2012-4-28 210016]
R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2012-4-28 141920]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2014-9-14 73296]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2015-9-8 1048344]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2015-9-8 447944]
R1 VirtualBackplane;A-B Virtual Backplane;C:\Windows\System32\drivers\VirtualBackplane.sys [2013-10-10 51200]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-10 203264]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-5-29 77128]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2015-9-8 28656]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2015-9-8 90968]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-9-8 146600]
R2 BRA_Scheduler;Brother BRAdminPro Scheduler;C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [2012-4-29 65536]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 DragonLoggerService;Dragon Logger service;C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [2014-7-12 137280]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2014-7-12 339008]
R2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2014-11-13 135824]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-5-10 13336]
R2 MediaMall Server;MediaMall Server;C:\Program Files (x86)\MediaMall\MediaMallServer.exe [2015-4-10 5938992]
R2 PDFProFiltSrv;PDFProFiltSrv;C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [2012-10-23 135056]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2011-7-22 138600]
R2 TeamViewer;TeamViewer 10;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-7-5 5611280]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2014-2-27 906432]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-5-10 56344]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-5-10 239616]
S2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2015-9-8 150672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\hp\Common\HPSupportSolutionsFrameworkService.exe [2015-3-28 89840]
S2 uvnc_service;uvnc_service;"C:\Program Files (x86)\UltraVNC\WinVNC.exe" -service --> C:\Program Files (x86)\UltraVNC\WinVNC.exe [?]
S3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe --> C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [?]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-8-11 114688]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-5-10 763904]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-15 59392]
S3 USA19H;USA19H;C:\Windows\System32\drivers\USA19Hx64.sys [2007-10-30 740096]
S3 USA19HP;USA19HP;C:\Windows\System32\drivers\USA19Hx64p.sys [2007-10-23 35840]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-8-15 54784]
S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\System32\drivers\vpcuxd.sys [2012-4-7 16384]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-8 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2015-09-08 23:33:31 -------- d-----w- C:\Users\Larry Ellerman\AppData\Roaming\AVAST Software
2015-09-08 23:32:14 274808 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2015-09-08 23:32:14 150672 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2015-09-08 23:32:13 65224 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2015-09-08 23:32:12 90968 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2015-09-08 23:32:11 28656 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2015-09-08 23:32:09 93528 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2015-09-08 23:32:03 1048344 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2015-09-08 23:31:53 43112 ----a-w- C:\Windows\avastSS.scr
2015-09-08 23:30:59 -------- d-----w- C:\Program Files\AVAST Software
2015-09-08 11:26:34 11745192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{72A8003C-65EF-467F-97FA-5D99345A3105}\mpengine.dll
2015-08-28 22:55:31 -------- d-----w- C:\Sean
2015-08-24 23:54:29 -------- d-----w- C:\Users\Larry Ellerman\AppData\Local\MFAData
2015-08-24 23:54:29 -------- d-----w- C:\Users\Larry Ellerman\AppData\Local\Avg2015
2015-08-24 23:54:29 -------- d-----w- C:\ProgramData\MFAData
2015-08-24 05:13:59 -------- d---a-w- C:\FixMeStick Quarantine
2015-08-23 22:32:58 -------- d-----w- C:\FixMeStick
2015-08-23 03:02:20 -------- d-----w- C:\ProgramData\Malwarebytes
2015-08-23 03:01:06 -------- d-----w- C:\MalawareBytes
2015-08-22 07:00:05 -------- d-----w- C:\Users\Larry Ellerman\AppData\Local\SetupSkin
2015-08-19 09:00:41 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-08-19 09:00:41 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-08-19 02:13:27 -------- d-----w- C:\ProgramData\Tarma Installer
2015-08-15 16:11:08 -------- d-----w- C:\Users\Larry Ellerman\AppData\Local\Dropbox
2015-08-15 16:11:08 -------- d-----w- C:\ProgramData\Dropbox
2015-08-15 16:05:30 -------- d-----r- C:\Users\Larry Ellerman\Dropbox
2015-08-15 15:59:07 -------- d-----w- C:\RAF Product Notices
2015-08-12 09:18:49 124624 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 09:18:49 103120 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 20:14:54 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2015-08-11 20:13:30 82432 ----a-w- C:\Windows\SysWow64\davclnt.dll
.
==================== Find3M ====================
.
2015-08-12 07:10:17 778440 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-08-12 07:10:17 142536 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-30 1857 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2015-07-30 1857 1648128 ----a-w- C:\Windows\System32\DWrite.dll
2015-07-30 1857 1180160 ----a-w- C:\Windows\System32\FntCache.dll
2015-07-30 1842 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-07-30 1839 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-07-30 1835 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-07-30 1834 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-07-30 17:57:30 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2015-07-30 17:57:30 1251328 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-07-30 17:57:08 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-07-30 17:57:05 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-07-30 17:57:02 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-07-30 17:55:56 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-07-30 16:56:07 3208192 ----a-w- C:\Windows\System32\win32k.sys
2015-07-30 16:52:53 372736 ----a-w- C:\Windows\System32\atmfd.dll
2015-07-30 16:49:55 299520 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-07-28 20:09:44 17344 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2015-07-28 20:05:53 774656 ----a-w- C:\Windows\System32\invagent.dll
2015-07-28 20:05:50 743424 ----a-w- C:\Windows\System32\generaltel.dll
2015-07-28 20:05:47 437760 ----a-w- C:\Windows\System32\devinv.dll
2015-07-28 20:05:45 1116672 ----a-w- C:\Windows\System32\appraiser.dll
2015-07-28 20:05:44 69120 ----a-w- C:\Windows\System32\acmigration.dll
2015-07-28 20:05:44 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-07-28 19:55:14 1148416 ----a-w- C:\Windows\System32\aeinv.dll
2015-07-20 18:12:45 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-07-20 18:12:45 3154944 ----a-w- C:\Windows\System32\wucltux.dll
2015-07-20 18:12:45 192000 ----a-w- C:\Windows\System32\wuwebv.dll
2015-07-20 18:12:16 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-07-20 18:12:05 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-07-20 18:12:02 37376 ----a-w- C:\Windows\System32\wuapp.exe
2015-07-20 17:56:49 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-07-20 17:56:49 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-07-20 17:56:08 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-07-16 20:54:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-07-16 20:37:26 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-07-16 20:36:31 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-07-16 20:36:22 417792 ----a-w- C:\Windows\System32\html.iec
2015-07-16 20:36:21 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-07-16 20:35:40 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-07-16 20:26:00 5923328 ----a-w- C:\Windows\System32\jscript9.dll
2015-07-16 20:21:50 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-07-16 20:21:47 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-07-16 20:21:25 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-07-16 20:12:23 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-07-16 20:00:07 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-07-16 19:51:47 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-07-16 19:51:46 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-07-16 19:50:54 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-07-16 19:50:38 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-07-16 19:49:37 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-07-16 19:39:20 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-07-16 19:38:51 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-07-16 19:33:23 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-07-16 19:32:53 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-07-16 19:24:03 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-07-16 19:12:42 2427904 ----a-w- C:\Windows\System32\wininet.dll
2015-07-16 19:12:39 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-07-16 1906 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-07-16 19:05:15 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-07-16 18:42:02 1951232 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-07-15 18:15:12 5568960 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-07-15 18:15:11 94656 ----a-w- C:\Windows\System32\drivers\mountmgr.sys
2015-07-15 18:15:10 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-07-15 18:15:10 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-07-15 18:12:09 1730496 ----a-w- C:\Windows\System32\ntdll.dll
2015-07-15 18:11:14 362496 ----a-w- C:\Windows\System32\wow64win.dll
2015-07-15 18:11:14 243712 ----a-w- C:\Windows\System32\wow64.dll
2015-07-15 18:11:14 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2015-07-15 18:11:13 215040 ----a-w- C:\Windows\System32\winsrv.dll
2015-07-15 18:11:01 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-07-15 18:09:57 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-07-15 18:09:52 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-07-15 18:05:47 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-07-15 18:05:26 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-07-15 17:59:45 3989952 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-07-15 17:59:45 3934656 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-07-15 17:56:24 1311768 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-07-15 17:55:07 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-07-15 17:55:04 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-07-15 17:55:02 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-07-15 17:55:00 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-07-15 17:55:00 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-07-15 17:54:56 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2015-07-15 17:54:55 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-07-15 17:54:54 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-07-15 17:54:49 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-07-15 17:54:43 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2015-07-15 17:54:43 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-07-15 17:54:40 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2015-07-15 17:54:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-07-15 17:53:53 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-07-15 17:53:37 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-07-15 17:53:36 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-07-15 17:53:36 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-07-15 17:53:36 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-07-15 17:49:10 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-07-15 17:48:14 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-07-15 16:46:59 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
.
============= FINISH: 19:46:46.36 ===============
Attached Files
File Type: txt attach.txt (17.9 KB, 31 views)
gyro1 is offline  
Sponsored Links
Advertisement
 
Old 09-09-2015, 10:29 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please uninstall the following via Start->(or Computer)->Control Panel->(Programs)->Programs and Features if they still exist:

LUCkuyCaoupon
QUeEEnnCoupon
saveitkeep.
ShopperMastoEr


These entries are classified as malware, spyware, adware, or other potentially unwanted software.

If any resist uninstallation, just proceed to the next step and let me know about it. Thanks.

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if it still exists:

Wajam<<Please read this

Please delete the following Folder if it still exists:

C:\Program Files (x86)\Wajam

------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "%userprofile%\AppData\Roaming\UpdaterEX"

A DOS window will open and close again, this is normal.

Repeat for the following:

cmd /c rd /s /q "%userprofile%\AppData\Local\Wajam"

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Do NOT click the green 'Download' button(if visible).
  • Click the blue 'Download now @bleepingcomputer' button.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-09-2015, 06:31 PM   #3
Registered Member
 
Join Date: Sep 2015
Posts: 8
OS: windows 7 professional



# AdwCleaner v5.007 - Logfile created 09/09/2015 at 19:00:37
# Updated 08/09/2015 by Xplode
# Database : 2015-09-08.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Larry Ellerman - LARRYELLERMAN
# Running from : C:\Users\Larry Ellerman\Desktop\AdwCleaner.exe
# Option : Scan
# Support : Forum - ToolsLib
***** [ Services ] *****

***** [ Folders ] *****
Folder Found : C:\Program Files (x86)\Uninstaller
Folder Found : C:\Program Files (x86)\Video downloader
Folder Found : C:\Program Files (x86)\Optimizer Pro
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\Updater
Folder Found : C:\ProgramData\a6eec7c110e14e3d
Folder Found : C:\ProgramData\{44AFD825-9603-4521-9447-A6E1C5CA2F3D}
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free_soft_to_day
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video downloader
Folder Found : C:\Users\Larry Ellerman\AppData\Local\genienext
Folder Found : C:\Users\Larry Ellerman\AppData\Local\Mobogenie
Folder Found : C:\Users\Larry Ellerman\AppData\Local\Tuguu_SL
Folder Found : C:\Users\Larry Ellerman\Documents\Mobogenie
***** [ Files ] *****
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Larry Ellerman\daemonprocess.txt
File Found : C:\Users\Public\Desktop\eBay.lnk
File Found : C:\Users\Public\Desktop\Video Converter.lnk
File Found : C:\Users\Public\Desktop\Video Downloader.lnk
***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Updater]
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ROC_roc_ssl_v12]
Key Found : HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b
Key Found : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{781CA792-9B6E-400B-B36F-15C097D2CA54}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{FED6A736-129B-49C7-857E-25FC91E87DB3}]
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IM
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Video Converter
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Downloader_is1
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B43919F3-9503-4328-98B1-923836D28B99}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B43919F3-9503-4328-98B1-923836D28B99}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B43919F3-9503-4328-98B1-923836D28B99}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B43919F3-9503-4328-98B1-923836D28B99}
Key Found : HKU\S-1-5-21-337017090-1709695034-3459347675-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B43919F3-9503-4328-98B1-923836D28B99}
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll c:\progra~2\optimi~1\optpro~1.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL
***** [ Web browsers ] *****
[C:\Users\Larry Ellerman\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : conduit.search
[C:\Users\Larry Ellerman\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5798 bytes] ##########




Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-09-2015
Ran by Larry Ellerman (administrator) on LARRYELLERMAN (09-09-2015 19:17:02)
Running from C:\Users\Larry Ellerman\Desktop
Loaded Profiles: Larry Ellerman (Available Profiles: Larry Ellerman & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(brother Industries Ltd) C:\Windows\SysWOW64\BRSVC01A.EXE
(brother Industries Ltd) C:\Windows\SysWOW64\BRSS01A.EXE
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\hp\Common\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Bluebeam Software, Inc.) C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\PlayOn.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PPScheduler.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Dropbox, Inc.) C:\Users\Larry Ellerman\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\MediaMallServer.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 8\PdfPro8Hook.exe
(Cyberlink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD\PDVDServ.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_18_0_0_232_ActiveX.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe

==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [395392 2011-06-22] (Acronis)
HKLM\...\Run: [BbInstallUser] => C:\Program Files\Bluebeam Software\Bluebeam Revu\Pushbutton PDF\Bluebeam Admin User.exe [48696 2015-01-30] (Bluebeam Software, Inc.)
HKLM\...\Run: [BbPrintMonitor] => C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe [258616 2015-01-30] (Bluebeam Software, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2637824 2011-06-22] (Acronis)
HKLM-x32\...\Run: [Nuance OmniPage 17-reminder] => C:\Program Files (x86)\Nuance\OmniPage17\Ereg\Ereg.exe [54560 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF8 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Professional 8\RegistryController.exe [178576 2012-10-23] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Professional 8\pdfpro8hook.exe [2013072 2012-10-23] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Nuance PDF Converter Professional 8-reminder] => C:\Program Files (x86)\Nuance\PDF Professional 8\Ereg\Ereg.exe [333712 2012-10-11] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [RemoteControl] => C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [32768 2005-01-12] (Cyberlink Corp.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [NeroFilterCheck] => C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM-x32\...\Run: [UsbCipHelper] => C:\Program Files (x86)\Rockwell Automation\UsbCipDriver\UsbCipHelper\UsbCipHelper.exe
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-07-22] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-07-22] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort14reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [333088 2011-05-16] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe [325960 2014-05-30] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-09-08] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-337017090-1709695034-3459347675-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\S-1-5-21-337017090-1709695034-3459347675-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
HKU\S-1-5-21-337017090-1709695034-3459347675-1000\...\Run: [OpAgent] => "OpAgent.exe" /agent
HKU\S-1-5-21-337017090-1709695034-3459347675-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-07-12] (Google Inc.)
HKU\S-1-5-21-337017090-1709695034-3459347675-1000\...\Run: [PlayOn] => C:\Program Files (x86)\MediaMall\PlayOn.exe [67904 2015-09-04] (MediaMall Technologies, Inc.)
HKU\S-1-5-21-337017090-1709695034-3459347675-1000\...\Run: [PPScheduler] => C:\Program Files (x86)\Nuance\PaperPort\PPScheduler.exe [104296 2011-07-22] (Nuance Communications, Inc.)
HKU\S-1-5-21-337017090-1709695034-3459347675-1000\...\Run: [Dropbox Update] => C:\Users\Larry Ellerman\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-08] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2013-03-02]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\Users\Larry Ellerman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-08-15]
ShortcutTarget: Dropbox.lnk -> C:\Users\Larry Ellerman\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Larry Ellerman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson scanner Registration.lnk [2013-03-14]
ShortcutTarget: Epson scanner Registration.lnk -> E:\Common\EpsonReg\Ereg.exe (No File)
GroupPolicyUsers\S-1-5-21-337017090-1709695034-3459347675-1000\User: Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-337017090-1709695034-3459347675-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.9
Tcpip\..\Interfaces\{14BBE08A-FC91-482F-895B-63AB1EAAB49A}: [DhcpNameServer] 192.168.1.254 75.153.176.9
Tcpip\..\Interfaces\{D18D9B44-0644-4067-9729-F2921BD883CF}: [DhcpNameServer] 192.168.1.254 75.153.176.9
Tcpip\..\Interfaces\{F4D6DB83-B252-403B-A6EF-E46FFC13D68E}: [DhcpNameServer] 192.168.1.254 75.153.176.9
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-337017090-1709695034-3459347675-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-337017090-1709695034-3459347675-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {575DAD9F-FC4B-42F8-B1EF-52FF169D2865} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {575DAD9F-FC4B-42F8-B1EF-52FF169D2865} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-337017090-1709695034-3459347675-1000 -> {575DAD9F-FC4B-42F8-B1EF-52FF169D2865} URL =
SearchScopes: HKU\S-1-5-21-337017090-1709695034-3459347675-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: ShopperMastoEr -> {082F2896-8035-557D-7635-6CF07087E6DB} -> C:\ProgramData\ShopperMastoEr\m.x64.dll No File
BHO: No Name -> {0BB39B40-285C-7D3C-D125-8BB824483DA5} -> No File
BHO: No Name -> {14626502-0AB1-6A1A-688B-8A56BE0BA3E6} -> No File
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2014-07-12] (Nuance Communications, Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-09-08] (AVAST Software)
BHO: PlayOn -> {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} -> C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll [2015-04-17] (MediaMall Technologies, Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-08] (Google Inc.)
BHO: No Name -> {EFAF857D-DE82-4594-37C4-DE38B18E376A} -> No File
BHO-x32: No Name -> {0BB39B40-285C-7D3C-D125-8BB824483DA5} -> No File
BHO-x32: No Name -> {14626502-0AB1-6A1A-688B-8A56BE0BA3E6} -> No File
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll [2012-07-19] (Zeon Corporation)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-07-12] (Nuance Communications, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-08] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-08] (AVAST Software)
BHO-x32: PlayOn -> {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} -> C:\Program Files (x86)\MediaMall\toolbar\pobho.dll [2015-04-17] (MediaMall Technologies, Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-08] (Google Inc.)
BHO-x32: Gaaiho PDF Conversion Toolbar Helper -> {C7DA0384-42AA-428c-B832-88AC343DE1A8} -> C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll [2013-03-07] (Zeon Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-08] (Oracle Corporation)
BHO-x32: No Name -> {EFAF857D-DE82-4594-37C4-DE38B18E376A} -> No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - PlayOn - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll [2015-04-17] (MediaMall Technologies, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-08] (Google Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
Toolbar: HKLM-x32 - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll [2013-03-07] (Zeon Corporation)
Toolbar: HKLM-x32 - PlayOn - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll [2015-04-17] (MediaMall Technologies, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-08] (Google Inc.)
Toolbar: HKU\S-1-5-21-337017090-1709695034-3459347675-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKU\S-1-5-21-337017090-1709695034-3459347675-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-08] (Google Inc.)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {FFAD8DA9-ED41-494D-AC8E-63D861D0A733} hxxps://download.rockwellautomation.com/plugins/rockwell.cab
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2014-07-12] (Nuance Communications, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @playon.tv/PlayOnToolbar -> C:\Program Files (x86)\MediaMall\toolbar\npVT.dll [2015-08-13] (MediaMall Technologies, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll [2012-07-31] (Zeon Corporation)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-08]
Chrome:
=======
CHR HomePage: Default -> hxxp://portal.sd76.ab.ca/homepage
CHR StartupUrls: Default -> " www.google.com"
CHR Profile: C:\Users\Larry Ellerman\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Larry Ellerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-25]
CHR Extension: (Google Docs Offline) - C:\Users\Larry Ellerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Larry Ellerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Larry Ellerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-18]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-08]
CHR HKLM-x32\...\Chrome\Extension: [lggaaajacmlhgbpldaboipiinndchjgm] - C:\Program Files (x86)\MediaMall\toolbar\ce.crx [2014-09-24]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-08] (AVAST Software)
R2 BRA_Scheduler; C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [65536 2010-09-15] () [File not signed]
R2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd) [File not signed]
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [137280 2014-07-12] (Nuance Communications, Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [125440 2009-09-24] (Hewlett-Packard) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [5938992 2015-09-04] (MediaMall Technologies, Inc.)
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-10-23] (Nuance Communications, Inc.)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [138600 2011-07-22] (Nuance Communications, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
S3 Harmony; "C:\Program Files (x86)\Rockwell Software\RSCommon\RSOBSERV.EXE" [X]
S2 uvnc_service; "C:\Program Files (x86)\UltraVNC\WinVNC.exe" -service [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-08] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-09-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-09-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-09-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-08] (AVAST Software)
S0 BsStor; C:\Windows\SysWOW64\DRIVERS\bsstor.sys [9344 2002-06-05] (B.H.A Co.,Ltd.) [File not signed]
S2 BsUDF; C:\Windows\SysWow64\Drivers\BsUDF.sys [448640 2002-09-13] (ahead software) [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2013-12-17] (MediaMall Technologies, Inc.)
S3 USA19H; C:\Windows\System32\DRIVERS\USA19Hx64.sys [740096 2007-10-30] (Keyspan)
S3 USA19HP; C:\Windows\System32\DRIVERS\USA19Hx64p.SYS [35840 2007-10-23] (Keyspan)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2012-04-28] (Acronis)
R1 VirtualBackplane; C:\Windows\System32\Drivers\VirtualBackplane.sys [51200 2013-10-10] (Rockwell Automation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49}; \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-09 19:17 - 2015-09-09 19:18 - 00026874 _____ C:\Users\Larry Ellerman\Desktop\FRST.txt
2015-09-09 19:16 - 2015-09-09 19:17 - 00000000 ____D C:\FRST
2015-09-09 19:14 - 2015-09-09 19:14 - 02190336 _____ (Farbar) C:\Users\Larry Ellerman\Desktop\FRST64.exe
2015-09-09 19:00 - 2015-09-09 19:02 - 00000000 ____D C:\AdwCleaner
2015-09-09 18:57 - 2015-09-09 18:57 - 01660416 _____ C:\Users\Larry Ellerman\Desktop\AdwCleaner.exe
2015-09-09 18:51 - 2015-09-09 18:51 - 01660416 _____ C:\Users\Larry Ellerman\Downloads\AdwCleaner.exe
2015-09-09 13:23 - 2015-09-09 13:23 - 00000000 ____D C:\UltraVNC
2015-09-09 13:08 - 2015-09-09 13:08 - 00001112 _____ C:\Users\Larry Ellerman\Desktop\UltraVNC Viewer.lnk
2015-09-09 13:08 - 2015-09-09 13:08 - 00001095 _____ C:\Users\Larry Ellerman\Desktop\UltraVNC Server.lnk
2015-09-09 13:08 - 2015-09-09 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraVNC
2015-09-09 13:08 - 2015-09-09 13:08 - 00000000 ____D C:\Program Files (x86)\uvnc bvba
2015-09-09 13:06 - 2015-09-09 13:06 - 03399792 _____ (uvnc bvba ) C:\Users\Larry Ellerman\Downloads\UltraVNC_1_2_06_X86_Setup (1).exe
2015-09-09 13:06 - 2015-09-09 13:06 - 02962072 _____ (uvnc bvba ) C:\Users\Larry Ellerman\Downloads\UltraVNC_1_2_06_X64_Setup.exe
2015-09-09 13:05 - 2015-09-09 13:05 - 03399792 _____ (uvnc bvba ) C:\Users\Larry Ellerman\Downloads\UltraVNC_1_2_06_X86_Setup.exe
2015-09-09 08:30 - 2015-08-05 11:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 08:30 - 2015-08-05 11:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-09 08:30 - 2015-08-05 11:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-09 08:30 - 2015-08-05 11:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-09 08:29 - 2015-08-17 19:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-09 08:29 - 2015-08-17 19:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-09 08:29 - 2015-08-15 00:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 08:29 - 2015-08-15 00:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-09 08:29 - 2015-08-15 00:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-09 08:29 - 2015-08-15 00:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-09 08:29 - 2015-08-15 00:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-09 08:29 - 2015-08-15 00:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 08:29 - 2015-08-15 00:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 08:29 - 2015-08-15 00:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-09 08:29 - 2015-08-15 00:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-09 08:29 - 2015-08-15 00:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-09 08:29 - 2015-08-15 00:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-09 08:29 - 2015-08-15 00:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-09 08:29 - 2015-08-15 00:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-09 08:29 - 2015-08-15 00:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 08:29 - 2015-08-15 00:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-09 08:29 - 2015-08-15 00:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-09 08:29 - 2015-08-15 00:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-09 08:29 - 2015-08-15 00:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 08:29 - 2015-08-14 23:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-09 08:29 - 2015-08-14 23:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-09-09 08:29 - 2015-08-14 23:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-09 08:29 - 2015-08-14 23:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-09 08:29 - 2015-08-14 23:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-09 08:29 - 2015-08-14 23:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-09 08:29 - 2015-08-14 23:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-09 08:29 - 2015-08-14 23:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-09-09 08:29 - 2015-08-14 23:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-09 08:29 - 2015-08-14 23:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-09 08:29 - 2015-08-14 23:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-09-09 08:29 - 2015-08-14 23:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-09-09 08:29 - 2015-08-14 23:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-09 08:29 - 2015-08-14 23:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-09-09 08:29 - 2015-08-14 23:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-09-09 08:29 - 2015-08-14 23:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-09 08:29 - 2015-08-14 23:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-09 08:29 - 2015-08-14 23:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-09-09 08:29 - 2015-08-14 23:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-09-09 08:29 - 2015-08-14 23:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-09 08:29 - 2015-08-14 23:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 08:29 - 2015-08-14 23:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 08:29 - 2015-08-14 23:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-09 08:29 - 2015-08-14 23:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-09-09 08:29 - 2015-08-14 23:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 08:29 - 2015-08-14 23:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-09-09 08:29 - 2015-08-14 23:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-09-09 08:29 - 2015-08-14 23:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-09-09 08:29 - 2015-08-14 23:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-09-09 08:29 - 2015-08-14 23:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-09 08:29 - 2015-08-14 23:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 08:29 - 2015-08-14 23:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-09 08:29 - 2015-08-14 23:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-09 08:29 - 2015-08-14 23:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-09 08:29 - 2015-08-14 23:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-09-09 08:29 - 2015-08-14 22:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 08:29 - 2015-08-14 22:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-09 08:29 - 2015-08-14 22:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-09 08:29 - 2015-08-14 22:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-09 08:29 - 2015-08-14 22:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-09 08:29 - 2015-07-14 21:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-09 08:29 - 2015-07-14 20:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-09-09 08:29 - 2015-07-09 11:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-09 08:29 - 2015-07-09 11:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-09-09 08:29 - 2015-07-09 11:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-09-09 08:29 - 2015-07-09 11:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-09-09 08:28 - 2015-09-01 21:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-09 08:28 - 2015-09-01 21:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 08:28 - 2015-09-01 21:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-09 08:28 - 2015-09-01 21:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-09 08:28 - 2015-09-01 20:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-09-09 08:28 - 2015-09-01 20:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-09 08:28 - 2015-09-01 20:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-09-09 08:28 - 2015-09-01 20:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-09-09 08:28 - 2015-09-01 19:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 08:28 - 2015-09-01 19:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 08:28 - 2015-09-01 19:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-09 08:28 - 2015-08-27 12:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-09 08:28 - 2015-08-27 12:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-09 08:28 - 2015-08-27 12:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-09 08:28 - 2015-08-27 12:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-09 08:28 - 2015-08-27 11:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-09 08:28 - 2015-08-27 11:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-09 08:28 - 2015-08-27 11:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-09-09 08:28 - 2015-08-27 11:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-09-09 08:28 - 2015-08-26 12:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-09 08:28 - 2015-08-26 12:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-09 08:28 - 2015-08-26 12:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-09 08:28 - 2015-08-26 12:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-09 08:28 - 2015-08-26 12:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-09 08:28 - 2015-08-26 12:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-09 08:28 - 2015-08-26 12:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-09 08:28 - 2015-08-26 12:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-09 08:28 - 2015-08-26 12:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-09 08:28 - 2015-08-26 12:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-09 08:28 - 2015-08-26 12:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-09 08:28 - 2015-08-26 11:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-09 08:28 - 2015-08-26 11:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-09 08:28 - 2015-08-26 11:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-09 08:28 - 2015-08-26 11:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-09 08:28 - 2015-08-26 11:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-09 08:28 - 2015-08-04 12:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-09 08:28 - 2015-08-04 12:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-09 08:28 - 2015-08-04 11:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-09 08:28 - 2015-08-04 11:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-09 08:28 - 2015-08-04 11:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-09 08:28 - 2015-08-04 11:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-09 08:28 - 2015-08-04 11:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-09 08:28 - 2015-08-04 11:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-09 08:28 - 2015-08-04 10:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-09 08:28 - 2015-07-22 18:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-09 08:28 - 2015-07-22 18:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-09 08:28 - 2015-07-22 18:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-09 08:28 - 2015-07-22 18:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-09 08:28 - 2015-07-22 18:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-09-09 08:28 - 2015-07-22 18:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-09-09 08:28 - 2015-07-22 18:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-09-09 08:28 - 2015-07-22 18:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-09-09 08:28 - 2015-07-22 18:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-09 08:28 - 2015-07-22 18:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-09 08:28 - 2015-07-22 18:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-09 08:28 - 2015-07-22 18:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-09-09 08:28 - 2015-07-22 18:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-09 08:28 - 2015-07-22 18:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-09 08:28 - 2015-07-22 18:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-09 08:28 - 2015-07-22 18:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-09 08:28 - 2015-07-22 18:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-09-09 08:28 - 2015-07-22 18:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-09 08:28 - 2015-07-22 18:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-09 08:28 - 2015-07-22 18:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-09 08:28 - 2015-07-22 18:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-09 08:28 - 2015-07-22 18:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-09 08:28 - 2015-07-22 18:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-09 08:28 - 2015-07-22 18:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-09 08:28 - 2015-07-22 18:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-09 08:28 - 2015-07-22 18:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-09 08:28 - 2015-07-22 18:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-09 08:28 - 2015-07-22 18:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-09 08:28 - 2015-07-22 18:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-09 08:28 - 2015-07-22 18:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-09 08:28 - 2015-07-22 18:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-09 08:28 - 2015-07-22 18:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-09-09 08:28 - 2015-07-22 18:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-09-09 08:28 - 2015-07-22 18:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-09 08:28 - 2015-07-22 18:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-09 08:28 - 2015-07-22 17:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-09 08:28 - 2015-07-22 17:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-09 08:28 - 2015-07-22 17:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-09 08:28 - 2015-07-22 17:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 17:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 17:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 17:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 17:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 17:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 17:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 17:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 17:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 17:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 17:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 17:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 17:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 17:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 17:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 17:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 17:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 17:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 17:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 17:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 17:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 17:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 17:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 17:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 17:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 17:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 17:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 17:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 17:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-09 08:28 - 2015-07-22 11:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-09-09 08:28 - 2015-07-22 11:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-09-09 08:28 - 2015-07-22 11:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-09 08:28 - 2015-07-22 11:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-09-09 08:28 - 2015-07-22 11:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-09 08:28 - 2015-07-22 11:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-09-09 08:28 - 2015-07-22 11:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-09-09 08:28 - 2015-07-22 11:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-09-09 08:28 - 2015-07-22 11:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-09-09 08:28 - 2015-07-22 11:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-09-09 08:28 - 2015-07-22 11:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-09-09 08:28 - 2015-07-22 11:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-09-09 08:28 - 2015-07-22 11:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-09-09 08:28 - 2015-07-22 11:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-09-09 08:28 - 2015-07-22 11:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-09-09 08:28 - 2015-07-22 11:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-09-09 08:28 - 2015-07-22 11:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-09-09 08:28 - 2015-07-22 11:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-09-09 08:28 - 2015-07-22 11:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-09 08:28 - 2015-07-22 11:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-09-09 08:28 - 2015-07-22 11:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-09-09 08:28 - 2015-07-22 11:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-09-09 08:28 - 2015-07-22 11:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-09-09 08:28 - 2015-07-22 11:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-09-09 08:28 - 2015-07-22 11:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-09-09 08:28 - 2015-07-22 11:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-09-09 08:28 - 2015-07-22 11:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-09-09 08:28 - 2015-07-22 11:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 11:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 11:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 11:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 11:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 11:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 11:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 11:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 11:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 11:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 11:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 11:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 11:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 11:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 11:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 11:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 11:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 11:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 11:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 11:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 11:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 11:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 11:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 11:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 10:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-09 08:28 - 2015-07-22 10:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-09 08:28 - 2015-07-22 10:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-09 08:28 - 2015-07-22 10:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-09 08:28 - 2015-07-22 10:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-09-09 08:28 - 2015-07-22 10:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-09-09 08:28 - 2015-07-22 10:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 10:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-09 08:28 - 2015-07-22 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-09-09 08:28 - 2015-06-25 04:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-09 08:28 - 2015-06-25 04:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-09 08:28 - 2015-06-25 04:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-09 08:28 - 2015-06-25 03:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-08 20:53 - 2015-09-08 20:53 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-09-08 20:53 - 2015-09-08 20:53 - 00000000 ____D C:\Users\Larry Ellerman\AppData\Roaming\Sun
2015-09-08 20:53 - 2015-09-08 20:53 - 00000000 ____D C:\Users\Larry Ellerman\.oracle_jre_usage
2015-09-08 20:53 - 2015-09-08 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-08 20:52 - 2015-09-08 20:52 - 00000000 ____D C:\ProgramData\Oracle
2015-09-08 20:52 - 2015-09-08 20:52 - 00000000 ____D C:\Program Files (x86)\Java
2015-09-08 20:51 - 2015-09-08 20:51 - 00584288 _____ (Oracle Corporation) C:\Users\Larry Ellerman\Downloads\chromeinstall-8u60 (3).exe
2015-09-08 20:50 - 2015-09-08 20:50 - 00584288 _____ (Oracle Corporation) C:\Users\Larry Ellerman\Downloads\chromeinstall-8u60 (2).exe
2015-09-08 20:47 - 2015-09-08 20:47 - 00584288 _____ (Oracle Corporation) C:\Users\Larry Ellerman\Downloads\chromeinstall-8u60 (1).exe
2015-09-08 20:42 - 2015-09-08 20:42 - 00584288 _____ (Oracle Corporation) C:\Users\Larry Ellerman\Downloads\chromeinstall-8u60.exe
2015-09-08 19:45 - 2015-09-08 19:46 - 00029541 _____ C:\Users\Larry Ellerman\Desktop\dds.txt
2015-09-08 19:45 - 2015-09-08 19:46 - 00018315 _____ C:\Users\Larry Ellerman\Desktop\attach.txt
2015-09-08 19:42 - 2015-09-08 19:42 - 00688992 ____R (Swearware) C:\Users\Larry Ellerman\Desktop\dds.scr
2015-09-08 19:42 - 2015-09-08 19:42 - 00688992 _____ (Swearware) C:\Users\Larry Ellerman\Downloads\dds (1).scr
2015-09-08 19:29 - 2015-09-08 19:29 - 00688992 _____ (Swearware) C:\Users\Larry Ellerman\Downloads\dds.scr
2015-09-08 17:33 - 2015-09-08 17:33 - 00000000 ____D C:\Users\Larry Ellerman\AppData\Roaming\AVAST Software
2015-09-08 17:32 - 2015-09-09 08:10 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-09-08 17:32 - 2015-09-08 17:32 - 01048344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-09-08 17:32 - 2015-09-08 17:32 - 00001884 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-09-08 17:32 - 2015-09-08 17:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-09-08 17:32 - 2015-09-08 17:31 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-09-08 17:32 - 2015-09-08 17:31 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-09-08 17:32 - 2015-09-08 17:31 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-09-08 17:32 - 2015-09-08 17:31 - 00150672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-09-08 17:32 - 2015-09-08 17:31 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-09-08 17:32 - 2015-09-08 17:31 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-09-08 17:32 - 2015-09-08 17:31 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-09-08 17:32 - 2015-09-08 17:31 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-09-08 17:31 - 2015-09-08 17:31 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-09-08 17:30 - 2015-09-08 17:30 - 00000000 ____D C:\Program Files\AVAST Software
2015-09-08 17:28 - 2015-09-08 17:28 - 05685704 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2015-09-07 08:12 - 2015-09-07 08:12 - 00000000 ____D C:\Users\Larry Ellerman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-28 16:55 - 2015-08-28 16:57 - 00000000 ____D C:\Sean
2015-08-27 05:20 - 2015-08-27 05:07 - 01036854 _____ C:\Users\Larry Ellerman\Desktop\PDVD_001.BMP
2015-08-27 05:20 - 2015-08-27 05:07 - 01036854 _____ C:\Users\Larry Ellerman\Desktop\PDVD_000.BMP
2015-08-26 16:18 - 2015-08-26 16:19 - 00000593 _____ C:\Users\Larry Ellerman\Downloads\outlook.ics
2015-08-24 17:54 - 2015-08-24 17:55 - 00000000 ____D C:\ProgramData\MFAData
2015-08-24 17:54 - 2015-08-24 17:54 - 00000000 ____D C:\Users\Larry Ellerman\AppData\Local\MFAData
2015-08-24 17:54 - 2015-08-24 17:54 - 00000000 ____D C:\Users\Larry Ellerman\AppData\Local\Avg2015
2015-08-24 17:53 - 2015-08-24 17:53 - 05091576 _____ (AVG Technologies) C:\Users\Larry Ellerman\Downloads\avg_avc_stb_all_2015_ltst_534.exe
2015-08-24 17:52 - 2015-08-24 17:52 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Larry Ellerman\Downloads\avast_free_antivirus_setup_online_cnet.exe
2015-08-23 23:13 - 2015-09-08 11:12 - 00000000 ____D C:\FixMeStick Quarantine
2015-08-23 16:32 - 2015-09-08 08:44 - 00000000 ____D C:\FixMeStick
2015-08-22 21:47 - 2015-08-22 21:47 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-08-22 21:02 - 2015-08-22 21:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-22 21:01 - 2015-08-22 21:01 - 00000000 ____D C:\MalawareBytes
2015-08-22 01:00 - 2015-08-22 01:00 - 00000000 ____D C:\Users\Larry Ellerman\AppData\Local\SetupSkin
2015-08-18 20:13 - 2015-08-18 20:13 - 00000000 ____D C:\Users\Larry Ellerman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 14
2015-08-15 10:11 - 2015-09-09 19:16 - 00000954 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-337017090-1709695034-3459347675-1000UA.job
2015-08-15 10:11 - 2015-08-28 10:16 - 00000902 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-337017090-1709695034-3459347675-1000Core.job
2015-08-15 10:11 - 2015-08-15 10:11 - 00003942 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-337017090-1709695034-3459347675-1000UA
2015-08-15 10:11 - 2015-08-15 10:11 - 00003546 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-337017090-1709695034-3459347675-1000Core
2015-08-15 10:11 - 2015-08-15 10:11 - 00000000 ____D C:\Users\Larry Ellerman\AppData\Local\Dropbox
2015-08-15 10:11 - 2015-08-15 10:11 - 00000000 ____D C:\ProgramData\Dropbox
2015-08-15 10:05 - 2015-09-09 19:07 - 00000000 ___RD C:\Users\Larry Ellerman\Dropbox
2015-08-15 10:05 - 2015-08-15 10:05 - 00001057 _____ C:\Users\Larry Ellerman\Desktop\Dropbox.lnk
2015-08-15 09:59 - 2015-08-15 10:27 - 00000000 ____D C:\RAF Product Notices
2015-08-12 03:18 - 2015-07-30 07:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 03:18 - 2015-07-30 07:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 14:15 - 2015-07-28 14:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-11 14:15 - 2015-07-28 14:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-11 14:15 - 2015-07-28 14:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-11 14:15 - 2015-07-28 14:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-11 14:15 - 2015-07-28 14:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-11 14:15 - 2015-07-28 14:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-11 14:15 - 2015-07-28 14:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-11 14:15 - 2015-07-28 13:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-11 14:15 - 2015-07-15 12:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-11 14:15 - 2015-07-15 12:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-11 14:15 - 2015-07-15 12:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-11 14:14 - 2015-07-14 21:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-11 14:14 - 2015-07-10 11:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-11 14:14 - 2015-07-10 11:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-11 14:14 - 2015-07-10 11:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-11 14:14 - 2015-07-10 11:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-11 14:14 - 2015-07-10 11:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-11 14:14 - 2015-07-10 11:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-11 14:13 - 2015-07-30 12:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-11 14:13 - 2015-07-30 12:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-11 14:13 - 2015-07-30 12:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-11 14:13 - 2015-07-30 11:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-11 14:13 - 2015-07-30 11:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-11 14:13 - 2015-07-10 11:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-11 14:13 - 2015-07-10 11:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-11 14:13 - 2015-07-09 11:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-11 14:13 - 2015-07-09 11:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-11 14:13 - 2015-07-09 11:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-11 14:13 - 2015-07-01 14:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-11 14:13 - 2015-07-01 14:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-11 14:13 - 2015-07-01 14:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-11 14:13 - 2015-07-01 14:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-11 14:13 - 2015-05-09 12:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-09 19:18 - 2010-05-10 15:54 - 00000000 ____D C:\ProgramData\Temp
2015-09-09 19:18 - 2009-07-13 22:45 - 00031536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-09 19:18 - 2009-07-13 22:45 - 00031536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-09 19:14 - 2010-08-26 15:54 - 01967335 _____ C:\Windows\WindowsUpdate.log
2015-09-09 19:10 - 2012-06-10 21:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-09 19:07 - 2015-04-14 12:09 - 00000000 ____D C:\ProgramData\MediaMall
2015-09-09 19:07 - 2014-05-12 20:34 - 00000000 ____D C:\Users\Larry Ellerman\AppData\Roaming\Dropbox
2015-09-09 19:06 - 2012-03-26 08:53 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-09 19:05 - 2014-09-14 15:31 - 00000000 ____D C:\ProgramData\VMware
2015-09-09 19:05 - 2012-04-29 10:22 - 00000439 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-09-09 19:04 - 2012-03-26 08:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-09 19:04 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-09 19:04 - 2009-07-13 22:51 - 00079380 _____ C:\Windows\setupact.log
2015-09-09 19:03 - 2011-07-08 18:31 - 02382656 _____ C:\Windows\PFRO.log
2015-09-09 19:02 - 2011-07-08 12:14 - 00000000 ____D C:\Users\Larry Ellerman
2015-09-09 13:25 - 2009-07-13 23:13 - 00800658 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-09 13:24 - 2012-04-06 08:29 - 00000000 ____D C:\Users\Larry Ellerman\AppData\Roaming\UltraVNC
2015-09-09 11:28 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2015-09-09 10:26 - 2009-07-13 22:45 - 00452656 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-09 10:23 - 2009-07-14 01:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 10:23 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-09 08:53 - 2013-08-16 03:02 - 00000000 ____D C:\Windows\system32\MRT
2015-09-09 08:53 - 2012-03-13 19:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-08 20:28 - 2012-12-10 20:53 - 00000000 ____D C:\Danielle
2015-09-08 18:13 - 2015-07-10 07:39 - 00000000 ___HD C:\$Windows.~BT
2015-09-08 17:59 - 2010-05-10 16:35 - 00000000 ____D C:\Windows\Panther
2015-09-08 17:26 - 2012-03-26 08:52 - 00000000 ____D C:\ProgramData\AVAST Software
2015-09-08 08:38 - 2013-06-29 06:37 - 00000000 ____D C:\Rita
2015-09-07 18:01 - 2012-03-26 08:53 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-07 18:01 - 2012-03-26 08:53 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-07 08:12 - 2015-04-14 12:10 - 00000000 ____D C:\Program Files (x86)\MediaMall
2015-08-28 16:55 - 2013-07-22 17:38 - 00000000 ____D C:\1
2015-08-26 18:37 - 2011-07-08 13:04 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-24 17:46 - 2012-04-06 08:27 - 00000000 ____D C:\Program Files (x86)\UltraVNC
2015-08-23 16:30 - 2014-09-09 17:11 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-08-22 22:16 - 2012-04-29 15:10 - 00029372 _____ C:\Users\Larry Ellerman\Desktop\The Weather Network Medicine Hat Alberta Canada.url
2015-08-22 21:48 - 2014-04-25 20:31 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-08-22 21:41 - 2015-02-23 22:02 - 00002217 _____ C:\Users\Larry Ellerman\Desktop\Google Chrome.lnk
2015-08-22 20:26 - 2014-07-05 10:08 - 00000000 ____D C:\ProgramData\QUeEEnnCoupon
2015-08-20 16:27 - 2009-07-13 23:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-08-19 07:29 - 2015-05-10 09:34 - 00000000 __SHD C:\Users\Larry Ellerman\Documents\SearchVerity
2015-08-18 20:13 - 2015-03-01 14:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 14
2015-08-18 20:13 - 2012-03-04 09:11 - 00000000 ____D C:\Program Files (x86)\Nuance
2015-08-18 19:58 - 2012-03-04 09:12 - 00000000 ____D C:\Users\Larry Ellerman\AppData\Roaming\.oit
2015-08-17 17:19 - 2015-03-31 21:56 - 00001945 _____ C:\Windows\epplauncher.mif
2015-08-14 06:04 - 2015-07-05 16:49 - 00000933 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-08-14 06:04 - 2015-07-05 16:49 - 00000921 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-08-13 20:04 - 2012-04-07 08:09 - 00000000 ___RD C:\Users\Larry Ellerman\Virtual Machines
2015-08-12 03:37 - 2013-03-14 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 03:37 - 2013-03-14 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-12 03:35 - 2014-12-10 04:24 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-12 03:35 - 2014-04-30 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 03:18 - 2013-03-14 03:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 01:10 - 2012-06-10 21:14 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-12 01:10 - 2012-06-10 21:14 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-12 01:10 - 2012-06-10 21:14 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
==================== Files in the root of some directories =======
2012-09-08 12:31 - 2015-06-14 20:33 - 0000135 _____ () C:\Users\Larry Ellerman\AppData\Roaming\default.rss
2014-11-22 22:40 - 2015-03-08 09:27 - 0000047 _____ () C:\Users\Larry Ellerman\AppData\Roaming\redline2stapler.tmp
2015-03-29 20:03 - 2015-03-29 20:03 - 0002515 _____ () C:\Users\Larry Ellerman\AppData\Roaming\SAS7_000.DAT
2012-06-24 12:25 - 2012-06-24 12:25 - 0000136 _____ () C:\Users\Larry Ellerman\AppData\Roaming\wklnhst.dat
2015-02-07 17:51 - 2015-02-07 17:51 - 0004096 ____H () C:\Users\Larry Ellerman\AppData\Local\keyfile3.drm
2012-04-29 09:48 - 2012-04-29 09:48 - 0068106 _____ () C:\Users\Larry Ellerman\AppData\Local\RAContactHistory.xml
2013-06-23 20:52 - 2013-06-23 20:52 - 0000017 _____ () C:\Users\Larry Ellerman\AppData\Local\resmon.resmoncfg
2013-03-14 21:22 - 2013-03-14 21:22 - 0418403 _____ () C:\Users\Larry Ellerman\AppData\Local\tmpIMG001.0
2013-03-14 21:22 - 2013-03-14 21:22 - 0323471 _____ () C:\Users\Larry Ellerman\AppData\Local\tmpIMG001.JPG
2013-12-28 21:02 - 2013-12-28 21:02 - 0145583 _____ () C:\Users\Larry Ellerman\AppData\Local\tmpPHOTO (4).0
2013-12-28 21:02 - 2013-12-28 21:02 - 0054692 _____ () C:\Users\Larry Ellerman\AppData\Local\tmpPHOTO (4).JPG
2012-11-07 19:15 - 2012-11-07 19:15 - 0266727 _____ () C:\Users\Larry Ellerman\AppData\Local\tmpPHOTO 1.0
2012-11-07 19:15 - 2012-11-07 19:15 - 0102279 _____ () C:\Users\Larry Ellerman\AppData\Local\tmpPHOTO 1.JPG
Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\SetupA2.exe
C:\Users\Administrator\AppData\Local\Temp\SetupAC.exe
C:\Users\Larry Ellerman\AppData\Local\Temp\AcDeltree.exe
C:\Users\Larry Ellerman\AppData\Local\Temp\avguidx.dll
C:\Users\Larry Ellerman\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Larry Ellerman\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl7mypp.dll
C:\Users\Larry Ellerman\AppData\Local\Temp\EdRegAcd.dll
C:\Users\Larry Ellerman\AppData\Local\Temp\fcrzcke1.dll
C:\Users\Larry Ellerman\AppData\Local\Temp\FMS1C19.tmp.exe
C:\Users\Larry Ellerman\AppData\Local\Temp\FMS2B4B.tmp.exe
C:\Users\Larry Ellerman\AppData\Local\Temp\FMS3746.tmp.exe
C:\Users\Larry Ellerman\AppData\Local\Temp\FMS7DD8.tmp.exe
C:\Users\Larry Ellerman\AppData\Local\Temp\FMSBC3D.tmp.exe
C:\Users\Larry Ellerman\AppData\Local\Temp\FMSC6D8.tmp.exe
C:\Users\Larry Ellerman\AppData\Local\Temp\FMSFAA.tmp.exe
C:\Users\Larry Ellerman\AppData\Local\Temp\getPlusUninst_Rockwell.exe
C:\Users\Larry Ellerman\AppData\Local\Temp\GLF8527.tmp.dll
C:\Users\Larry Ellerman\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Larry Ellerman\AppData\Local\Temp\nidt5lri.dll
C:\Users\Larry Ellerman\AppData\Local\Temp\oi_{310BC1DA-599C-4B1B-A373-946BBDE31D11}.exe
C:\Users\Larry Ellerman\AppData\Local\Temp\ose00000.exe
C:\Users\Larry Ellerman\AppData\Local\Temp\PPUpdate.exe
C:\Users\Larry Ellerman\AppData\Local\Temp\sqlite3.dll
C:\Users\Larry Ellerman\AppData\Local\Temp\tmpAF9A.exe
C:\Users\Larry Ellerman\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Larry Ellerman\AppData\Local\Temp\UNINSTALL.exe
C:\Users\Larry Ellerman\AppData\Local\Temp\UninstallRC-8876480.dll
C:\Users\Larry Ellerman\AppData\Local\Temp\UnUsb.exe
C:\Users\Larry Ellerman\AppData\Local\Temp\vpnclient_setup.exe
C:\Users\Larry Ellerman\AppData\Local\Temp\vzpcr1z0.dll
C:\Users\Larry Ellerman\AppData\Local\Temp\WSS.EXE
C:\Users\Larry Ellerman\AppData\Local\Temp\y2aga0m0.dll
C:\Users\Larry Ellerman\AppData\Local\Temp\_is3B99.exe
C:\Users\Larry Ellerman\AppData\Local\Temp\_is40AB.exe
C:\Users\Larry Ellerman\AppData\Local\Temp\_isA6CA.exe
C:\Users\Larry Ellerman\AppData\Local\Temp\_isAE5B.exe

==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-07 18:32
==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (53.6 KB, 19 views)
gyro1 is offline  
Sponsored Links
Advertisement
 
Old 09-10-2015, 07:59 AM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello gyro1.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

How To Create a Windows 7 System Repair Disc [Easy]

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if it still exists:

Updater<<Please read this

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\ProgramData\Updater"

A DOS window will open and close again, this is normal.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Task: {9BBD7AA1-04BB-47BF-AD5E-FAFB03437703} - \DVDAgent -> No File <==== ATTENTION
    Task: {A9CF6998-23A1-4F5B-89B8-36CAB0AF0B9C} - \DNSCONTRERAS -> No File <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
    AlternateDataStreams: C:\ProgramData\Temp:9B013599
    AlternateDataStreams: C:\ProgramData\Temp:AEC0AC81
    AlternateDataStreams: C:\ProgramData\Temp:FD9CE1F3
    Startup: C:\Users\Larry Ellerman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson scanner Registration.lnk [2013-03-14]
    ShortcutTarget: Epson scanner Registration.lnk -> E:\Common\EpsonReg\Ereg.exe (No File)
    GroupPolicyUsers\S-1-5-21-337017090-1709695034-3459347675-1000\User: Restriction detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-337017090-1709695034-3459347675-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    BHO: ShopperMastoEr -> {082F2896-8035-557D-7635-6CF07087E6DB} -> C:\ProgramData\ShopperMastoEr\m.x64.dll No File
    BHO: No Name -> {0BB39B40-285C-7D3C-D125-8BB824483DA5} -> No File
    BHO: No Name -> {14626502-0AB1-6A1A-688B-8A56BE0BA3E6} -> No File
    BHO: No Name -> {EFAF857D-DE82-4594-37C4-DE38B18E376A} -> No File
    BHO-x32: No Name -> {0BB39B40-285C-7D3C-D125-8BB824483DA5} -> No File
    BHO-x32: No Name -> {14626502-0AB1-6A1A-688B-8A56BE0BA3E6} -> No File
    BHO-x32: No Name -> {EFAF857D-DE82-4594-37C4-DE38B18E376A} -> No File
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    BHO-x32: No Name -> {EFAF857D-DE82-4594-37C4-DE38B18E376A} -> No File
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    S2 {55662437-DA8C-40c0-AADA-2C816A897A49}; \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [X]
    2015-08-22 20:26 - 2014-07-05 10:08 - 00000000 ____D C:\ProgramData\QUeEEnnCoupon
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-10-2015, 09:40 AM   #5
Registered Member
 
Join Date: Sep 2015
Posts: 8
OS: windows 7 professional



Fix result of Farbar Recovery Scan Tool (x64) Version:10-09-2015
Ran by Larry Ellerman (2015-09-10 10:27:40) Run:1
Running from C:\Users\Larry Ellerman\Desktop
Loaded Profiles: Larry Ellerman (Available Profiles: Larry Ellerman & Administrator)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
createrestorepoint:
Task: {9BBD7AA1-04BB-47BF-AD5E-FAFB03437703} - \DVDAgent -> No File <==== ATTENTION
Task: {A9CF6998-23A1-4F5B-89B8-36CAB0AF0B9C} - \DNSCONTRERAS -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
AlternateDataStreams: C:\ProgramData\Temp:9B013599
AlternateDataStreams: C:\ProgramData\Temp:AEC0AC81
AlternateDataStreams: C:\ProgramData\Temp:FD9CE1F3
Startup: C:\Users\Larry Ellerman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson scanner Registration.lnk [2013-03-14]
ShortcutTarget: Epson scanner Registration.lnk -> E:\Common\EpsonReg\Ereg.exe (No File)
GroupPolicyUsers\S-1-5-21-337017090-1709695034-3459347675-1000\User: Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-337017090-1709695034-3459347675-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ShopperMastoEr -> {082F2896-8035-557D-7635-6CF07087E6DB} -> C:\ProgramData\ShopperMastoEr\m.x64.dll No File
BHO: No Name -> {0BB39B40-285C-7D3C-D125-8BB824483DA5} -> No File
BHO: No Name -> {14626502-0AB1-6A1A-688B-8A56BE0BA3E6} -> No File
BHO: No Name -> {EFAF857D-DE82-4594-37C4-DE38B18E376A} -> No File
BHO-x32: No Name -> {0BB39B40-285C-7D3C-D125-8BB824483DA5} -> No File
BHO-x32: No Name -> {14626502-0AB1-6A1A-688B-8A56BE0BA3E6} -> No File
BHO-x32: No Name -> {EFAF857D-DE82-4594-37C4-DE38B18E376A} -> No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
BHO-x32: No Name -> {EFAF857D-DE82-4594-37C4-DE38B18E376A} -> No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49}; \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [X]
2015-08-22 20:26 - 2014-07-05 10:08 - 00000000 ____D C:\ProgramData\QUeEEnnCoupon
EmptyTemp:
*****************
Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9BBD7AA1-04BB-47BF-AD5E-FAFB03437703}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BBD7AA1-04BB-47BF-AD5E-FAFB03437703}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DVDAgent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{A9CF6998-23A1-4F5B-89B8-36CAB0AF0B9C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9CF6998-23A1-4F5B-89B8-36CAB0AF0B9C}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DNSCONTRERAS => key not found.
C:\ProgramData\Temp => ":0FF263E8" ADS removed successfully.
C:\ProgramData\Temp => ":9B013599" ADS removed successfully.
C:\ProgramData\Temp => ":AEC0AC81" ADS removed successfully.
C:\ProgramData\Temp => ":FD9CE1F3" ADS removed successfully.
C:\Users\Larry Ellerman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson scanner Registration.lnk => moved successfully
E:\Common\EpsonReg\Ereg.exe => not found.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-337017090-1709695034-3459347675-1000\User => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-337017090-1709695034-3459347675-1000\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{082F2896-8035-557D-7635-6CF07087E6DB}" => key removed successfully
"HKCR\CLSID\{082F2896-8035-557D-7635-6CF07087E6DB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BB39B40-285C-7D3C-D125-8BB824483DA5}" => key removed successfully
HKCR\CLSID\{0BB39B40-285C-7D3C-D125-8BB824483DA5} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14626502-0AB1-6A1A-688B-8A56BE0BA3E6}" => key removed successfully
HKCR\CLSID\{14626502-0AB1-6A1A-688B-8A56BE0BA3E6} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EFAF857D-DE82-4594-37C4-DE38B18E376A}" => key removed successfully
HKCR\CLSID\{EFAF857D-DE82-4594-37C4-DE38B18E376A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BB39B40-285C-7D3C-D125-8BB824483DA5}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0BB39B40-285C-7D3C-D125-8BB824483DA5} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14626502-0AB1-6A1A-688B-8A56BE0BA3E6}" => key removed successfully
HKCR\Wow6432Node\CLSID\{14626502-0AB1-6A1A-688B-8A56BE0BA3E6} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EFAF857D-DE82-4594-37C4-DE38B18E376A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{EFAF857D-DE82-4594-37C4-DE38B18E376A} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EFAF857D-DE82-4594-37C4-DE38B18E376A} => key not found.
HKCR\Wow6432Node\CLSID\{EFAF857D-DE82-4594-37C4-DE38B18E376A} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value not found.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value not found.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
{55662437-DA8C-40c0-AADA-2C816A897A49} => service removed successfully
C:\ProgramData\QUeEEnnCoupon => moved successfully
EmptyTemp: => 7.6 GB temporary data Removed.

The system needed a reboot..
==== End of Fixlog 10:32:07 ====
gyro1 is offline  
Old 09-10-2015, 11:51 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, gyro1. How is the machine behaving? Any improvement?

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

Note: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe

Next, go File > New Task(Run...) and type explorer then press 'Enter'.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-10-2015, 03:02 PM   #7
Registered Member
 
Join Date: Sep 2015
Posts: 8
OS: windows 7 professional



ComboFix 15-09-07.01 - Larry Ellerman 10/09/2015 13:10:00.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8151.5870 [GMT -6:00]
Running from: c:\users\Larry Ellerman\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Larry Ellerman\AppData\Roaming\redline2stapler.tmp
c:\windows\SysWow64\AdobePDF.dll
c:\windows\SysWow64\SETAE59.tmp
c:\windows\SysWow64\SETBFAA.tmp
c:\windows\SysWow64\SETC8A2.tmp
c:\windows\SysWow64\SETCCAA.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_uvnc_service
.
.
((((((((((((((((((((((((( Files Created from 2015-08-10 to 2015-09-10 )))))))))))))))))))))))))))))))
.
.
2015-09-10 01:16 . 2015-09-10 16:35 -------- d-----w- C:\FRST
2015-09-10 01:00 . 2015-09-10 01:02 -------- d-----w- C:\AdwCleaner
2015-09-09 19:23 . 2015-09-09 19:23 -------- d-----w- C:\UltraVNC
2015-09-09 19:08 . 2015-09-09 19:08 -------- d-----w- c:\program files (x86)\uvnc bvba
2015-09-09 14:29 . 2015-07-15 03:17 2048 ----a-w- c:\windows\system32\tzres.dll
2015-09-09 14:28 . 2015-07-23 00:06 5568960 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-09-09 14:07 . 2015-09-09 14:07 -------- d-----w- c:\windows\SysWow64\config\systemprofile\.oracle_jre_usage
2015-09-09 02:53 . 2015-09-09 02:53 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-09-09 02:53 . 2015-09-09 02:53 -------- d-----w- c:\users\Larry Ellerman\.oracle_jre_usage
2015-09-09 02:53 . 2015-09-09 02:53 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-09-09 02:52 . 2015-09-09 02:52 -------- d-----w- c:\programdata\Oracle
2015-09-09 02:52 . 2015-09-09 02:52 -------- d-----w- c:\program files (x86)\Java
2015-09-08 23:33 . 2015-09-08 23:33 -------- d-----w- c:\users\Larry Ellerman\AppData\Roaming\AVAST Software
2015-09-08 23:32 . 2015-09-08 23:31 447944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-09-08 23:32 . 2015-09-08 23:31 274808 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-09-08 23:32 . 2015-09-08 23:31 150672 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-09-08 23:32 . 2015-09-08 23:31 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-09-08 23:32 . 2015-09-08 23:31 90968 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-09-08 23:32 . 2015-09-08 23:31 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-09-08 23:32 . 2015-09-08 23:31 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-09-08 23:32 . 2015-09-08 23:32 1048344 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-09-08 23:32 . 2015-09-08 23:31 378880 ----a-w- c:\windows\system32\aswBoot.exe
2015-09-08 23:31 . 2015-09-08 23:31 43112 ----a-w- c:\windows\avastSS.scr
2015-09-08 23:30 . 2015-09-08 23:30 -------- d-----w- c:\program files\AVAST Software
2015-09-08 11:26 . 2015-07-31 09:21 11745192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72A8003C-65EF-467F-97FA-5D99345A3105}\mpengine.dll
2015-08-28 22:55 . 2015-08-28 22:57 -------- d-----w- C:\Sean
2015-08-24 23:54 . 2015-08-24 23:55 -------- d-----w- c:\programdata\MFAData
2015-08-24 23:54 . 2015-08-24 23:54 -------- d-----w- c:\users\Larry Ellerman\AppData\Local\MFAData
2015-08-24 23:54 . 2015-08-24 23:54 -------- d-----w- c:\users\Larry Ellerman\AppData\Local\Avg2015
2015-08-24 05:13 . 2015-09-08 17:12 -------- d---a-w- C:\FixMeStick Quarantine
2015-08-23 22:32 . 2015-09-08 14:44 -------- d-----w- C:\FixMeStick
2015-08-23 03:02 . 2015-08-23 03:02 -------- d-----w- c:\programdata\Malwarebytes
2015-08-23 03:01 . 2015-08-23 03:01 -------- d-----w- C:\MalawareBytes
2015-08-22 07:00 . 2015-08-22 07:00 -------- d-----w- c:\users\Larry Ellerman\AppData\Local\SetupSkin
2015-08-15 16:11 . 2015-08-15 16:11 -------- d-----w- c:\users\Larry Ellerman\AppData\Local\Dropbox
2015-08-15 16:11 . 2015-08-15 16:11 -------- d-----w- c:\programdata\Dropbox
2015-08-15 16:05 . 2015-09-10 16:37 -------- d-----r- c:\users\Larry Ellerman\Dropbox
2015-08-15 15:59 . 2015-08-15 16:27 -------- d-----w- C:\RAF Product Notices
2015-08-12 09:18 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 09:18 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 20:15 . 2015-07-28 20:05 743424 ----a-w- c:\windows\system32\generaltel.dll
2015-08-11 20:15 . 2015-07-28 20:05 774656 ----a-w- c:\windows\system32\invagent.dll
2015-08-11 20:15 . 2015-07-28 20:05 437760 ----a-w- c:\windows\system32\devinv.dll
2015-08-11 20:15 . 2015-07-28 20:05 1116672 ----a-w- c:\windows\system32\appraiser.dll
2015-08-11 20:15 . 2015-07-28 20:05 69120 ----a-w- c:\windows\system32\acmigration.dll
2015-08-11 20:15 . 2015-07-28 19:55 1148416 ----a-w- c:\windows\system32\aeinv.dll
2015-08-11 20:15 . 2015-07-28 20:09 17344 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-08-11 20:15 . 2015-07-28 20:05 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-08-11 20:15 . 2015-07-15 18:10 1743360 ----a-w- c:\windows\system32\sysmain.dll
2015-08-11 20:15 . 2015-07-15 18:15 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-08-11 20:15 . 2015-07-15 18:10 11264 ----a-w- c:\windows\system32\msmmsp.dll
2015-08-11 20:15 . 2015-07-15 18:02 2560 ----a-w- c:\windows\system32\drivers\en-US\mountmgr.sys.mui
2015-08-11 20:14 . 2015-07-10 17:51 44032 ----a-w- c:\windows\system32\tsgqec.dll
2015-08-11 20:14 . 2015-07-10 17:51 3722752 ----a-w- c:\windows\system32\mstscax.dll
2015-08-11 20:14 . 2015-07-10 17:51 158720 ----a-w- c:\windows\system32\aaclient.dll
2015-08-11 20:14 . 2015-07-10 17:34 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2015-08-11 20:14 . 2015-07-10 17:34 3221504 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-08-11 20:14 . 2015-07-10 17:33 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2015-08-11 20:14 . 2015-07-15 03:19 52736 ----a-w- c:\windows\system32\basesrv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-27 00:37 . 2011-07-08 19:04 134753440 ----a-w- c:\windows\system32\MRT.exe
2015-08-12 07:10 . 2012-06-11 03:14 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-12 07:10 . 2012-06-11 03:14 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-22 17:53 . 2015-09-09 14:28 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-07-04 18:07 . 2015-07-16 02:03 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-04 17:48 . 2015-07-16 02:03 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
2015-06-23 19:30 . 2011-07-08 18:44 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-06-17 17:47 . 2015-07-16 02:04 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-06-17 17:37 . 2015-07-16 02:04 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-06-17 07:01 . 2015-06-17 07:01 1202856 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-06-15 21:45 . 2015-07-16 02:03 3242496 ----a-w- c:\windows\system32\msi.dll
2015-06-15 21:45 . 2015-07-16 02:03 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-06-15 21:44 . 2015-07-16 02:03 128000 ----a-w- c:\windows\system32\msiexec.exe
2015-06-15 21:43 . 2015-07-16 02:03 2364416 ----a-w- c:\windows\SysWow64\msi.dll
2015-06-15 21:43 . 2015-07-16 02:03 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-06-15 21:42 . 2015-07-16 02:03 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2015-06-15 21:42 . 2015-07-16 02:03 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-06-15 21:37 . 2015-07-16 02:03 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-10-13 2068856]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-12 39408]
"PlayOn"="c:\program files (x86)\MediaMall\PlayOn.exe" [2015-09-05 67904]
"PPScheduler"="c:\program files (x86)\Nuance\PaperPort\PPScheduler.exe" [2011-07-23 104296]
"Dropbox Update"="c:\users\Larry Ellerman\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-08-15 136048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 98304]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-06-22 2637824]
"Nuance OmniPage 17-reminder"="c:\program files (x86)\Nuance\OmniPage17\Ereg\Ereg.exe" [2008-11-03 54560]
"PDF8 Registry Controller"="c:\program files (x86)\Nuance\PDF Professional 8\RegistryController.exe" [2012-10-24 178576]
"PDFProHook"="c:\program files (x86)\Nuance\PDF Professional 8\pdfpro8hook.exe" [2012-10-24 2013072]
"Nuance PDF Converter Professional 8-reminder"="c:\program files (x86)\Nuance\PDF Professional 8\Ereg\Ereg.exe" [2012-10-11 333712]
"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2011-10-13 2068856]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2011-07-23 30568]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2011-07-23 46952]
"PPort14reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2011-05-16 333088]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe" [2014-05-30 325960]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-09-08 6111824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-08-04 597552]
.
c:\users\Larry Ellerman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Larry Ellerman\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-3-19 39175960]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ImageBrowser EX Agent.lnk - c:\program files (x86)\Canon\ImageBrowser EX\MFManager.exe [2013-3-2 69120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R0 BsStor;InCD Storage Helper Driver;c:\windows\System32\DRIVERS\bsstor.sys;c:\windows\SYSNATIVE\DRIVERS\bsstor.sys [x]
R2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files (x86)\Brother\BRAdmin Professional 3\bratimer.exe;c:\program files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [x]
R2 BsUDF;InCD UDF Driver; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
R2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
R3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USA19H;USA19H;c:\windows\system32\DRIVERS\USA19Hx64.sys;c:\windows\SYSNATIVE\DRIVERS\USA19Hx64.sys [x]
R3 USA19HP;USA19HP;c:\windows\system32\DRIVERS\USA19Hx64p.SYS;c:\windows\SYSNATIVE\DRIVERS\USA19Hx64p.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys;c:\windows\SYSNATIVE\DRIVERS\vpcuxd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt53.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 VirtualBackplane;A-B Virtual Backplane;c:\windows\System32\Drivers\VirtualBackplane.sys;c:\windows\SYSNATIVE\Drivers\VirtualBackplane.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DragonLoggerService;Dragon Logger service;c:\program files (x86)\Common Files\Nuance\loggerservice.exe;c:\program files (x86)\Common Files\Nuance\loggerservice.exe [x]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MediaMall Server;MediaMall Server;c:\program files (x86)\MediaMall\MediaMallServer.exe;c:\program files (x86)\MediaMall\MediaMallServer.exe [x]
S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe;c:\program files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-08 00:07 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-09-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 07:10]
.
2015-08-28 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-337017090-1709695034-3459347675-1000Core.job
- c:\users\Larry Ellerman\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-15 16:11]
.
2015-09-10 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-337017090-1709695034-3459347675-1000UA.job
- c:\users\Larry Ellerman\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-15 16:11]
.
2015-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-26 00:00]
.
2015-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-26 00:00]
.
2015-06-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-09-08 23:31 778056 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 610360]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-06-22 395392]
"BbInstallUser"="c:\program files\Bluebeam Software\Bluebeam Revu\Pushbutton PDF\Bluebeam Admin User.exe" [2015-01-30 48696]
"BbPrintMonitor"="c:\program files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe" [2015-01-30 258616]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-07-12 170280]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 8 - c:\program files (x86)\Nuance\PDF Professional 8\cnvres_eng.dll /100
IE: PlayOn - file://c:\program files (x86)\MediaMall\toolbar\MenuLoad.htm
TCP: DhcpNameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{D18D9B44-0644-4067-9729-F2921BD883CF}: DhcpNameServer = 192.168.1.254 75.153.176.9
DPF: {FFAD8DA9-ED41-494D-AC8E-63D861D0A733} - hxxps://download.rockwellautomation.com/plugins/rockwell.cab
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-HPADVISOR - c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
Wow6432Node-HKCU-Run-OpAgent - OpAgent.exe
Wow6432Node-HKLM-Run-HP Remote Solution - c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
Wow6432Node-HKLM-Run-UsbCipHelper - c:\program files (x86)\Rockwell Automation\UsbCipDriver\UsbCipHelper\UsbCipHelper.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-HP Remote Solution - c:\programdata\{D441869F-BEC4-446D-9888-C5CA29F160F9}\HP_Remote_Solution_Install.exe
AddRemove-InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A} - c:\program files (x86)\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe
AddRemove-{C611CF88-969D-43E6-A877-D6D6439DD081} - c:\programdata\{D441869F-BEC4-446D-9888-C5CA29F160F9}\HP_Remote_Solution_Install.exe
AddRemove-{DCCAD079-F92C-44DA-B258-624FC6517A5A} - c:\program files (x86)\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\brsvc01a.exe
c:\windows\SysWOW64\brss01a.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\windows\SYSWOW64\VMNAT.EXE
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SYSWOW64\VMNETDHCP.EXE
.
**************************************************************************
.
Completion time: 2015-09-10 13:32:08 - machine was rebooted
ComboFix-quarantined-files.txt 2015-09-10 19:32
.
Pre-Run: 127,208,783,872 bytes free
Post-Run: 126,628,966,400 bytes free
.
- - End Of File - - F87458A386C4BE0630D5E307A57EE2F4
gyro1 is offline  
Old 09-10-2015, 06:56 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, gyro1. You didn't answer my question. How is the machine behaving?

Do you still use UltraVNC? ComboFix took out its service. Will that be a problem? Let me know. I can restore it.

------------------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mbam-setup-2.1.8.1057.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Your Java is out of date.

Java(TM) 8 Update 60 can be updated from the Java Control Panel. Go Start > Control Panel > Programs > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it. Also, let Java remove older versions if prompted.
  • After the install is complete, go back to your Control Panel and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as administrator command.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-11-2015, 09:14 PM   #9
Registered Member
 
Join Date: Sep 2015
Posts: 8
OS: windows 7 professional



Malwarebytes did not find any threats. Java said there is the latest Java platform on this computer.

ESET Online Scanner results

C:\Files From Old Computer\Business Card Software\cardworkssetup.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application
C:\Utilities\WinZip\winzip190mul.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Utility Programs\Avast\ARO2011_bt.exe a variant of Win32/Systweak potentially unwanted application
L:\Danielle\Utility Programs\Avast\ARO2011_bt.exe a variant of Win32/Systweak potentially unwanted application
gyro1 is offline  
Old 09-11-2015, 09:18 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're welcome.

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Files From Old Computer\Business Card Software\cardworkssetup.exe"
"C:\Utilities\WinZip\winzip190mul.exe"
"C:\Utility Programs\Avast\ARO2011_bt.exe"
"L:\Danielle\Utility Programs\Avast\ARO2011_bt.exe"

) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)


if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Right-click on fix.bat and choose 'Run as administrator' to allow it to run.

Tell me what it says in your next reply. Press any key to continue.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-12-2015, 06:50 AM   #11
Registered Member
 
Join Date: Sep 2015
Posts: 8
OS: windows 7 professional



The message that came up says

"Deleted Successfully!!"
"Press any key to continue"
gyro1 is offline  
Old 09-12-2015, 12:08 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Your logs appear clean. You should be good to go.

Please disable avast! before uninstalling ComboFix and then re-enable it after doing so.

Press the Windows "logo" key and "R" key and Copy/Paste the following single-line command into the Run box and click OK:

combofix /uninstall

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Quick Scan weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

Support - Windows Help

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 7 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-12-2015, 12:49 PM   #13
Registered Member
 
Join Date: Sep 2015
Posts: 8
OS: windows 7 professional



I will follow your recommendations, thank you very, very much.

Larry
gyro1 is offline  
Old 09-12-2015, 12:56 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome, Larry! Glad to have helped.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
ESET threats
In earlier message, and in continuation of another thread on another conmuter I started a thread stating that having tried ESET it had found a number of threats which i will mention at the end. meanwhile I ran DDS abnd will add the the logs. Gmer found rootkit activity but when I ran the scan on...
qimqim Inactive Malware Help Topics 13 12-13-2013 07:22 PM
Computer runing to slow.
My comp HP Pavilion a1 123c opens any application or software slowly and internet sites also slow. OS X pro service pack3. System32. Total Physical Memory 1024 Mb. Available Ph. Mem.50.05Mb Total Virtual Mem. 2.00GB. Available Virtual Mem. 1.96Gb. I used AVG, Super antivirus free edition,...
Val852 Resolved HJT Threads 3 07-22-2013 07:35 PM
Bad Image Errors
I'm trying to get rid of some bad image errors and rundll errors during start-up on my windows xp computer. I ran the HiJackThis program and here is the log. I don't know which ones to delete. Please help. How do I avoid this in the future? Logfile of Trend Micro HijackThis v2.0.4 Scan...
Generalpork12 Resolved HJT Threads 15 02-16-2012 03:52 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:16 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts