Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Possible firewall breach via Scam

This is a discussion on Possible firewall breach via Scam within the Resolved HJT Threads forums, part of the Tech Support Forum category. My wife was on the computer checking email or face book when apparently a blue screen came up (with beeping)


 
 
Thread Tools Search this Thread
Old 10-02-2015, 05:26 PM   #1
Registered Member
 
Join Date: Nov 2005
Posts: 93
OS: Windows 7 Service Pack 1



My wife was on the computer checking email or face book when apparently a blue screen came up (with beeping) with all kind of warnings about a possible security breach and a Toll Free number to call.
Sorry to say, she bought it hook line and sinker and called the number.
Tried selling her some fix or whatnot.

She called me and suddenly I am in a three way phone call with someone giving me options for a fix at X$ per year for protection, etc.

Obvious scam.

Came home and see that a Citrix remote access window was opened. Yikes!!

Restarted CPU and all seems fine for now.

Changed bank passwords via iPhones

The CPU is less than a year old and does not have a lot of files on it (purchased Nov 2014 - Costco with Windows 7 installed)

If someone could take a look...I would greatly appreciate it.

Thanks So Much


______________________________________

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18015
Run by Home at 17:56:02 on 2015-10-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8097.6653 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\stacsv64.exe
C:\windows\system32\igfxCUIService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\windows\Explorer.EXE
C:\PROGRA~2\COUPON~2\bar\1.bin\5zbarsvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\igfxEM.exe
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\igfxHK.exe
C:\Program Files\IDT\WDM\Beats64.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\APPINTEGRATOR.EXE
C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\AppIntegrator64.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\taskeng.exe
c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: <No Name>: {9b138bf3-1d40-4e7e-84bb-2975198ad938} - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zSrcAs.dll
mWinlogon: Userinit = userinit.exe
BHO: Toolbar BHO: {0297a026-3011-46d3-ad62-bb9a7612aea7} - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbar.dll
BHO: Search Assistant BHO: {7d69ed06-0171-4379-9528-08df51092727} - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zSrcAs.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: CouponXplorer: {65C72339-FB1D-4155-84E1-9AFACEE02D6F} - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbar.dll
TB: CouponXplorer: {65c72339-fb1d-4155-84e1-9afacee02d6f} - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbar.dll
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CouponXplorer EPM Support] "C:\PROGRA~2\COUPON~2\bar\1.bin\5zmedint.exe" T8EPMSUP.DLL,S
mRun: [CouponXplorer AppIntegrator 32-bit] C:\PROGRA~2\COUPON~2\bar\1.bin\AppIntegrator.exe
mRun: [CouponXplorer AppIntegrator 64-bit] C:\PROGRA~2\COUPON~2\bar\1.bin\AppIntegrator64.exe
mRun: [CouponXplorer Search Scope Monitor] "C:\PROGRA~2\COUPON~2\bar\1.bin\5zsrchmn.exe" /m=2 /w /h
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
dRunOnce: [iCloud] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{01752DED-C1AD-45E7-B665-D0CB9F2D5047} : DHCPNameServer = 192.168.0.1 205.171.3.25
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {438363A8-F486-4C37-834C-4955773CB3D3} - msiexec /fu {438363A8-F486-4C37-834C-4955773CB3D3} /qn
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] "C:\windows\System32\igfxtray.exe"
x64-Run: [Persistence] "C:\windows\System32\igfxpers.exe"
x64-Run: [BoxSync] "C:\Program Files\Box\Box Sync\BoxSync.exe" -m
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\windows\System32\drivers\iaStorA.sys [2013-8-29 644968]
R0 iaStorF;iaStorF;C:\windows\System32\drivers\iaStorF.sys [2013-8-29 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2013-11-7 20464]
R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\drivers\CLVirtualDrive.sys [2014-5-2 91912]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-9-2 77104]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-10-21 2774104]
R2 CouponXplorer_5zService;CouponXplorerService;C:\PROGRA~2\COUPON~2\bar\1.bin\5zbarsvc.exe [2015-1-8 90696]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 99128]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\windows\System32\igfxCUIService.exe [2015-7-26 328296]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2014-5-2 131544]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2014-5-2 169432]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2013-11-7 368624]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2013-11-7 790000]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2014-5-2 272088]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-12-27 805088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-9 123856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-4-19 161384]
S3 AmUStor;AM USB Stroage Driver;C:\windows\System32\drivers\AmUStor.sys [2013-7-18 83224]
S3 BoxSyncUpdateService;Box Sync Update Service;C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [2015-2-10 28696]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2014-5-2 169752]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2015-9-9 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2014-10-5 1255736]
.
=============== Created Last 30 ================
.
2015-10-02 21:58:24 11062400 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EE87DF5A-0DA5-4E5B-B17B-25A7C95C7C27}\mpengine.dll
2015-10-02 21:47:13 -------- d-----w- C:\Program Files (x86)\Citrix
2015-10-02 21:46:50 -------- d-----w- C:\Users\Home\AppData\Local\Citrix
2015-09-20 16:57:21 -------- d-----w- C:\Program Files\iPod
2015-09-20 16:57:21 -------- d-----w- C:\Program Files (x86)\iTunes
2015-09-20 16:57:20 -------- d-----w- C:\Program Files\iTunes
2015-09-20 16:55:53 -------- d-----w- C:\Program Files\Bonjour
2015-09-20 16:55:53 -------- d-----w- C:\Program Files (x86)\Bonjour
2015-09-09 16:07:08 692672 ----a-w- C:\windows\System32\winload.efi
.
==================== Find3M ====================
.
2015-09-22 13:12:08 780488 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2015-09-22 13:12:08 142536 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-09-02 03:04:49 41984 ----a-w- C:\windows\System32\lpk.dll
2015-09-02 03:04:46 100864 ----a-w- C:\windows\System32\fontsub.dll
2015-09-02 03:04:44 14336 ----a-w- C:\windows\System32\dciman32.dll
2015-09-02 03:04:42 46080 ----a-w- C:\windows\System32\atmlib.dll
2015-09-02 02:48:31 70656 ----a-w- C:\windows\SysWow64\fontsub.dll
2015-09-02 02:48:28 10240 ----a-w- C:\windows\SysWow64\dciman32.dll
2015-09-02 02:48:25 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2015-09-02 02:47:18 25600 ----a-w- C:\windows\SysWow64\lpk.dll
2015-09-02 01:51:28 3209216 ----a-w- C:\windows\System32\win32k.sys
2015-09-02 01:47:08 372736 ----a-w- C:\windows\System32\atmfd.dll
2015-09-02 01:33:48 299520 ----a-w- C:\windows\SysWow64\atmfd.dll
2015-08-26 18:07:11 98304 ----a-w- C:\windows\System32\wudriver.dll
2015-08-26 18:07:11 3165696 ----a-w- C:\windows\System32\wucltux.dll
2015-08-26 18:07:11 192000 ----a-w- C:\windows\System32\wuwebv.dll
2015-08-26 1843 91136 ----a-w- C:\windows\System32\WinSetupUI.dll
2015-08-26 1833 12288 ----a-w- C:\windows\System32\wu.upgrade.ps.dll
2015-08-26 1830 37376 ----a-w- C:\windows\System32\wuapp.exe
2015-08-26 17:56:25 93184 ----a-w- C:\windows\SysWow64\wudriver.dll
2015-08-26 17:56:25 173056 ----a-w- C:\windows\SysWow64\wuwebv.dll
2015-08-26 17:55:37 34816 ----a-w- C:\windows\SysWow64\wuapp.exe
2015-08-15 06:34:10 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2015-08-15 06:33:56 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2015-08-15 06:18:47 66560 ----a-w- C:\windows\System32\iesetup.dll
2015-08-15 06:18:00 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2015-08-15 06:17:54 417792 ----a-w- C:\windows\System32\html.iec
2015-08-15 06:17:49 585216 ----a-w- C:\windows\System32\vbscript.dll
2015-08-15 06:17:25 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2015-08-15 06:04:47 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2015-08-15 06:04:46 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2015-08-15 06:04:25 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2015-08-15 06:00:44 5923328 ----a-w- C:\windows\System32\jscript9.dll
2015-08-15 05:57:20 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2015-08-15 05:53:22 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2015-08-15 05:46:15 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2015-08-15 05:40:29 504832 ----a-w- C:\windows\SysWow64\vbscript.dll
2015-08-15 05:40:12 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2015-08-15 05:39:32 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2015-08-15 05:39:22 341504 ----a-w- C:\windows\SysWow64\html.iec
2015-08-15 05:38:34 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2015-08-15 05:29:36 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2015-08-15 05:29:12 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2015-08-15 05:22:47 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2015-08-15 05:22:03 2126336 ----a-w- C:\windows\System32\inetcpl.cpl
2015-08-15 05:16:37 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-08-15 05:10:32 4520448 ----a-w- C:\windows\SysWow64\jscript9.dll
2015-08-15 05:07:28 2427392 ----a-w- C:\windows\System32\wininet.dll
2015-08-15 05:01:47 2052608 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2015-08-15 05:01:23 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2015-08-15 04:43:00 1951232 ----a-w- C:\windows\SysWow64\wininet.dll
2015-08-13 09:23:07 118 ----a-w- C:\windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-08-12 22:03:42 96528 ----a-w- C:\windows\System32\dns-sd.exe
2015-08-12 22:03:42 86288 ----a-w- C:\windows\System32\dnssd.dll
2015-08-12 22:03:42 61712 ----a-w- C:\windows\System32\jdns_sd.dll
2015-08-12 22:03:42 213264 ----a-w- C:\windows\System32\dnssdX.dll
2015-08-12 22:03:38 84240 ----a-w- C:\windows\SysWow64\dns-sd.exe
2015-08-12 22:03:38 72976 ----a-w- C:\windows\SysWow64\dnssd.dll
2015-08-12 22:03:38 50960 ----a-w- C:\windows\SysWow64\jdns_sd.dll
2015-08-12 22:03:38 178960 ----a-w- C:\windows\SysWow64\dnssdX.dll
2015-08-06 23:31:12 425 ----a-w- C:\windows\System32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-08-06 17:43:02 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
2015-08-06 17:43:02 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts
2015-08-05 17:56:14 1110016 ----a-w- C:\windows\System32\schedsvc.dll
2015-08-05 17:56:07 24576 ----a-w- C:\windows\System32\jnwmon.dll
2015-08-05 17:56:06 275456 ----a-w- C:\windows\System32\InkEd.dll
2015-08-05 17:40:50 216064 ----a-w- C:\windows\SysWow64\InkEd.dll
2015-08-04 18:00:24 616360 ----a-w- C:\windows\System32\winresume.efi
2015-08-04 17:56:54 63488 ----a-w- C:\windows\System32\setbcdlocale.dll
2015-08-04 17:56:37 59392 ----a-w- C:\windows\System32\appidapi.dll
2015-08-04 17:56:37 32768 ----a-w- C:\windows\System32\appidsvc.dll
2015-08-04 17:55:57 17920 ----a-w- C:\windows\System32\appidcertstorecheck.exe
2015-08-04 17:55:57 147456 ----a-w- C:\windows\System32\appidpolicyconverter.exe
2015-08-04 17:47:42 50688 ----a-w- C:\windows\SysWow64\appidapi.dll
2015-08-04 16:58:09 61440 ----a-w- C:\windows\System32\drivers\appid.sys
2015-07-30 1857 2565120 ----a-w- C:\windows\System32\d3d10warp.dll
2015-07-30 1857 1648128 ----a-w- C:\windows\System32\DWrite.dll
2015-07-30 1857 1180160 ----a-w- C:\windows\System32\FntCache.dll
2015-07-30 17:57:30 1987584 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2015-07-30 17:57:30 1251328 ----a-w- C:\windows\SysWow64\DWrite.dll
2015-07-30 13:13:38 103120 ----a-w- C:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-30 13:13:11 124624 ----a-w- C:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-07-15 18:15:12 5568960 ----a-w- C:\windows\System32\ntoskrnl.exe
2015-07-15 18:15:11 94656 ----a-w- C:\windows\System32\drivers\mountmgr.sys
2015-07-15 18:15:10 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2015-07-15 18:15:10 155584 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2015-07-15 18:12:09 1730496 ----a-w- C:\windows\System32\ntdll.dll
2015-07-15 18:11:14 362496 ----a-w- C:\windows\System32\wow64win.dll
2015-07-15 18:11:14 243712 ----a-w- C:\windows\System32\wow64.dll
2015-07-15 18:11:14 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2015-07-15 18:11:13 215040 ----a-w- C:\windows\System32\winsrv.dll
2015-07-15 18:11:01 210944 ----a-w- C:\windows\System32\wdigest.dll
2015-07-15 18:09:57 338432 ----a-w- C:\windows\System32\conhost.exe
2015-07-15 18:09:52 64000 ----a-w- C:\windows\System32\auditpol.exe
2015-07-15 18:05:47 60416 ----a-w- C:\windows\System32\msobjs.dll
2015-07-15 18:05:26 146432 ----a-w- C:\windows\System32\msaudite.dll
2015-07-15 17:59:45 3989952 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2015-07-15 17:59:45 3934656 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2015-07-15 17:56:24 1311768 ----a-w- C:\windows\SysWow64\ntdll.dll
2015-07-15 17:55:07 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
.
============= FINISH: 17:56:18.39 ===============
Attached Files
File Type: txt attach.txt (6.0 KB, 60 views)
verstellung77 is offline  
Sponsored Links
Advertisement
 
Old 10-03-2015, 02:38 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF. You're very welcome.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

Please explain why this computer has no antivirus program installed and running. This is an open invitation for infection.

It can take as little as eight seconds to infect an unprotected computer.

Please keep this computer offline except when downloading tools and posting in the forum until we get one installed.

Let me know your intentions for an antivirus program, and/or if you need a suggestion.

------------------------------------------------------

Please uninstall the following via Start->(or Computer)->Control Panel->(Programs)->Programs and Features if it still exists:

CouponXplorer Internet Explorer Toolbar<<Please read here

Also delete the following Folder if it still exists:

C:\Program Files (x86)\CouponXplorer_5z

------------------------------------------------------

Quote:
Came home and see that a Citrix remote access window was opened. Yikes!!
Uninstall Citrix Online Launcher via Programs and Features if it is still listed.

------------------------------------------------------

Please go to: VirusTotal
  • Click the Choose File button.
  • Please copy/paste the following bolded text into the 'File name:' box:

    C:\windows\System32\winload.efi

  • Click Open then click the Scan it! button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File already analysed: click Reanalyse
  • Once scanned, copy and paste the URL from your browser address bar in your next reply.
------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Do NOT click the green 'Download' button(if visible).
  • Click the blue 'Download now @bleepingcomputer' button.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-04-2015, 05:50 PM   #3
Registered Member
 
Join Date: Nov 2005
Posts: 93
OS: Windows 7 Service Pack 1



Thanks again...


I always had AVG antivirus on cpus before.
Got this new one, an IT guy at work said Windows Antivirus got things that their program missed.
I'm all for doing AVG again if you think that is best.

uninstalled CouponXplorer Internet Explorer Toolbar
uninstalled Citrix online launcher

can not delete C:\Programfiles(x86)\couponexplorer_5z
says can't delete due to file open

did not go past this
verstellung77 is offline  
Sponsored Links
Advertisement
 
Old 10-05-2015, 01:17 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello verstellung77. Don't worry about that folder, we can delete it later.

Install Microsoft Security Essentials:

Microsoft Security Essentials - Microsoft Windows

Now follow the rest of the previous instructions.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-08-2015, 05:31 PM   #5
Registered Member
 
Join Date: Nov 2005
Posts: 93
OS: Windows 7 Service Pack 1



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18015
Run by Home at 18:23:18 on 2015-10-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8097.6417 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\stacsv64.exe
C:\windows\system32\igfxCUIService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\igfxEM.exe
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\igfxHK.exe
C:\Program Files\IDT\WDM\Beats64.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\windows\system32\taskhost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\Macromed\Flash\FlashUtil64_19_0_0_185_ActiveX.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files\WebBar\2.0.5749.22382\wb.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bimmed_15_41_ssg01&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Bzz0E0EyCyDyDtDzztC0AyDtC0AyDyDtN0D0Tzu0StCtAyByCtN1L2XzutAtFtCtAtFyBtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2S0DyBtByEtBzy0E0DtG0FtD0ByDtGyE0ByByEtGzz0CtA0FtG0FzzyC0CtAyB0ByEtC0Czz0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtCyByEyE0C0CzytG0CtD0A0CtGyEtDzytAtGzy0DtDyDtG0DzyyByD0EyEzzyD0E0C0D0E2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtDzzyB%26cr%3D609395369%26a%3Dwncy_bimmed_15_41_ssg01%26os%3DWindows%2B7%2BHome%2BPremium
mWinlogon: Userinit = userinit.exe
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [GoogleChromeAutoLaunch_9110AE79EC4ABE44F7DF18841DA0806F] "C:\Users\Home\AppData\Local\Chromium\Application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CouponXplorer AppIntegrator 32-bit] C:\PROGRA~2\COUPON~2\bar\1.bin\AppIntegrator.exe
mRun: [CouponXplorer AppIntegrator 64-bit] C:\PROGRA~2\COUPON~2\bar\1.bin\AppIntegrator64.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRunOnce: [CouponXplorer_5zbar Uninstall] rundll32 C:\PROGRA~2\5ZUNIN~1.DLL,O -3 uninstalltype=IE
dRunOnce: [iCloud] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{01752DED-C1AD-45E7-B665-D0CB9F2D5047} : DHCPNameServer = 192.168.0.1 205.171.3.25
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {438363A8-F486-4C37-834C-4955773CB3D3} - msiexec /fu {438363A8-F486-4C37-834C-4955773CB3D3} /qn
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] "C:\windows\System32\igfxtray.exe"
x64-Run: [Persistence] "C:\windows\System32\igfxpers.exe"
x64-Run: [BoxSync] "C:\Program Files\Box\Box Sync\BoxSync.exe" -m
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\windows\System32\drivers\iaStorA.sys [2013-8-29 644968]
R0 iaStorF;iaStorF;C:\windows\System32\drivers\iaStorF.sys [2013-8-29 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2013-11-7 20464]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2015-3-4 280376]
R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\drivers\CLVirtualDrive.sys [2014-5-2 91912]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-9-2 77104]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-10-21 2774104]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 99128]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\windows\System32\igfxCUIService.exe [2015-7-26 328296]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2014-5-2 131544]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2014-5-2 169432]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2015-3-4 124568]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2013-11-7 368624]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2013-11-7 790000]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-4-30 366544]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2014-5-2 272088]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-12-27 805088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-9 123856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 wbsvc;Web Bar Service (wbsvc);C:\Program Files\WebBar\wbsvc.exe [2015-10-8 37144]
S3 AmUStor;AM USB Stroage Driver;C:\windows\System32\drivers\AmUStor.sys [2013-7-18 83224]
S3 BoxSyncUpdateService;Box Sync Update Service;C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [2015-2-10 28696]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2014-5-2 169752]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2015-9-9 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2014-10-5 1255736]
.
=============== Created Last 30 ================
.
2015-10-09 00:20:54 -------- d-----w- C:\Users\Home\AppData\Local\Chromium
2015-10-09 00:20:42 -------- d-----w- C:\Users\Home\AppData\Roaming\updates
2015-10-09 00:20:32 -------- d-----w- C:\Users\Home\AppData\Local\PRO_PC_Cleaner_Soft
2015-10-09 00:19:33 -------- d-----w- C:\Users\Home\AppData\Local\{AE8198DD-8A29-F465-E7B1-D18DC3D92D15}
2015-10-09 00:19:27 -------- d-----w- C:\Users\Home\AppData\Local\WebBar
2015-10-09 00:19:23 -------- d-----w- C:\Program Files (x86)\PRO PC Cleaner Soft
2015-10-09 00:19:21 -------- d-----w- C:\Users\Home\AppData\Local\Programs
2015-10-09 00:19:21 -------- d-----w- C:\Program Files\WebBar
2015-10-09 00:17:10 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{99E9FF9C-5058-403D-AD73-420BFF9E4F9E}\offreg.4636.dll
2015-10-08 15:28:30 11062400 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{99E9FF9C-5058-403D-AD73-420BFF9E4F9E}\mpengine.dll
2015-10-07 11:17:21 11062400 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-10-06 11:04:00 1190000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{55B02E04-7C2E-438C-B414-A00F5E48709A}\gapaengine.dll
2015-10-06 11:01:17 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2015-10-06 11:01:15 -------- d-----w- C:\Program Files\Microsoft Security Client
2015-10-06 11:00:34 -------- d-----w- C:\f760cb5b8642fc8c3089ab499b6a2c14
2015-10-05 00:24:37 196488 ----a-w- C:\Program Files (x86)\5zres.dll
2015-10-05 00:24:37 1037896 ----a-w- C:\Program Files (x86)\5zUninstall CouponXplorer.dll
2015-10-02 21:58:24 11062400 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EE87DF5A-0DA5-4E5B-B17B-25A7C95C7C27}\mpengine.dll
2015-10-02 21:47:13 -------- d-----w- C:\Program Files (x86)\Citrix
2015-10-02 21:46:50 -------- d-----w- C:\Users\Home\AppData\Local\Citrix
2015-09-20 16:57:21 -------- d-----w- C:\Program Files\iPod
2015-09-20 16:57:21 -------- d-----w- C:\Program Files (x86)\iTunes
2015-09-20 16:57:20 -------- d-----w- C:\Program Files\iTunes
2015-09-20 16:55:53 -------- d-----w- C:\Program Files\Bonjour
2015-09-20 16:55:53 -------- d-----w- C:\Program Files (x86)\Bonjour
2015-09-09 16:07:08 692672 ----a-w- C:\windows\System32\winload.efi
.
==================== Find3M ====================
.
2015-09-22 13:12:08 780488 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2015-09-22 13:12:08 142536 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-09-02 03:04:49 41984 ----a-w- C:\windows\System32\lpk.dll
2015-09-02 03:04:46 100864 ----a-w- C:\windows\System32\fontsub.dll
2015-09-02 03:04:44 14336 ----a-w- C:\windows\System32\dciman32.dll
2015-09-02 03:04:42 46080 ----a-w- C:\windows\System32\atmlib.dll
2015-09-02 02:48:31 70656 ----a-w- C:\windows\SysWow64\fontsub.dll
2015-09-02 02:48:28 10240 ----a-w- C:\windows\SysWow64\dciman32.dll
2015-09-02 02:48:25 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2015-09-02 02:47:18 25600 ----a-w- C:\windows\SysWow64\lpk.dll
2015-09-02 01:51:28 3209216 ----a-w- C:\windows\System32\win32k.sys
2015-09-02 01:47:08 372736 ----a-w- C:\windows\System32\atmfd.dll
2015-09-02 01:33:48 299520 ----a-w- C:\windows\SysWow64\atmfd.dll
2015-08-26 18:07:11 98304 ----a-w- C:\windows\System32\wudriver.dll
2015-08-26 18:07:11 3165696 ----a-w- C:\windows\System32\wucltux.dll
2015-08-26 18:07:11 192000 ----a-w- C:\windows\System32\wuwebv.dll
2015-08-26 1843 91136 ----a-w- C:\windows\System32\WinSetupUI.dll
2015-08-26 1833 12288 ----a-w- C:\windows\System32\wu.upgrade.ps.dll
2015-08-26 1830 37376 ----a-w- C:\windows\System32\wuapp.exe
2015-08-26 17:56:25 93184 ----a-w- C:\windows\SysWow64\wudriver.dll
2015-08-26 17:56:25 173056 ----a-w- C:\windows\SysWow64\wuwebv.dll
2015-08-26 17:55:37 34816 ----a-w- C:\windows\SysWow64\wuapp.exe
2015-08-15 06:34:10 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2015-08-15 06:33:56 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2015-08-15 06:18:47 66560 ----a-w- C:\windows\System32\iesetup.dll
2015-08-15 06:18:00 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2015-08-15 06:17:54 417792 ----a-w- C:\windows\System32\html.iec
2015-08-15 06:17:49 585216 ----a-w- C:\windows\System32\vbscript.dll
2015-08-15 06:17:25 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2015-08-15 06:04:47 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2015-08-15 06:04:46 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2015-08-15 06:04:25 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2015-08-15 06:00:44 5923328 ----a-w- C:\windows\System32\jscript9.dll
2015-08-15 05:57:20 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2015-08-15 05:53:22 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2015-08-15 05:46:15 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2015-08-15 05:40:29 504832 ----a-w- C:\windows\SysWow64\vbscript.dll
2015-08-15 05:40:12 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2015-08-15 05:39:32 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2015-08-15 05:39:22 341504 ----a-w- C:\windows\SysWow64\html.iec
2015-08-15 05:38:34 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2015-08-15 05:29:36 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2015-08-15 05:29:12 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2015-08-15 05:22:47 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2015-08-15 05:22:03 2126336 ----a-w- C:\windows\System32\inetcpl.cpl
2015-08-15 05:16:37 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-08-15 05:10:32 4520448 ----a-w- C:\windows\SysWow64\jscript9.dll
2015-08-15 05:07:28 2427392 ----a-w- C:\windows\System32\wininet.dll
2015-08-15 05:01:47 2052608 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2015-08-15 05:01:23 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2015-08-15 04:43:00 1951232 ----a-w- C:\windows\SysWow64\wininet.dll
2015-08-13 09:23:07 118 ----a-w- C:\windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-08-12 22:03:42 96528 ----a-w- C:\windows\System32\dns-sd.exe
2015-08-12 22:03:42 86288 ----a-w- C:\windows\System32\dnssd.dll
2015-08-12 22:03:42 61712 ----a-w- C:\windows\System32\jdns_sd.dll
2015-08-12 22:03:42 213264 ----a-w- C:\windows\System32\dnssdX.dll
2015-08-12 22:03:38 84240 ----a-w- C:\windows\SysWow64\dns-sd.exe
2015-08-12 22:03:38 72976 ----a-w- C:\windows\SysWow64\dnssd.dll
2015-08-12 22:03:38 50960 ----a-w- C:\windows\SysWow64\jdns_sd.dll
2015-08-12 22:03:38 178960 ----a-w- C:\windows\SysWow64\dnssdX.dll
2015-08-06 23:31:12 425 ----a-w- C:\windows\System32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-08-06 17:43:02 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
2015-08-06 17:43:02 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts
2015-08-05 17:56:14 1110016 ----a-w- C:\windows\System32\schedsvc.dll
2015-08-05 17:56:07 24576 ----a-w- C:\windows\System32\jnwmon.dll
2015-08-05 17:56:06 275456 ----a-w- C:\windows\System32\InkEd.dll
2015-08-05 17:40:50 216064 ----a-w- C:\windows\SysWow64\InkEd.dll
2015-08-04 18:00:24 616360 ----a-w- C:\windows\System32\winresume.efi
2015-08-04 17:56:54 63488 ----a-w- C:\windows\System32\setbcdlocale.dll
2015-08-04 17:56:37 59392 ----a-w- C:\windows\System32\appidapi.dll
2015-08-04 17:56:37 32768 ----a-w- C:\windows\System32\appidsvc.dll
2015-08-04 17:55:57 17920 ----a-w- C:\windows\System32\appidcertstorecheck.exe
2015-08-04 17:55:57 147456 ----a-w- C:\windows\System32\appidpolicyconverter.exe
2015-08-04 17:47:42 50688 ----a-w- C:\windows\SysWow64\appidapi.dll
2015-08-04 16:58:09 61440 ----a-w- C:\windows\System32\drivers\appid.sys
2015-07-30 1857 2565120 ----a-w- C:\windows\System32\d3d10warp.dll
2015-07-30 1857 1648128 ----a-w- C:\windows\System32\DWrite.dll
2015-07-30 1857 1180160 ----a-w- C:\windows\System32\FntCache.dll
2015-07-30 17:57:30 1987584 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2015-07-30 17:57:30 1251328 ----a-w- C:\windows\SysWow64\DWrite.dll
2015-07-30 13:13:38 103120 ----a-w- C:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-30 13:13:11 124624 ----a-w- C:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-07-15 18:15:12 5568960 ----a-w- C:\windows\System32\ntoskrnl.exe
2015-07-15 18:15:11 94656 ----a-w- C:\windows\System32\drivers\mountmgr.sys
2015-07-15 18:15:10 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2015-07-15 18:15:10 155584 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2015-07-15 18:12:09 1730496 ----a-w- C:\windows\System32\ntdll.dll
2015-07-15 18:11:14 362496 ----a-w- C:\windows\System32\wow64win.dll
2015-07-15 18:11:14 243712 ----a-w- C:\windows\System32\wow64.dll
2015-07-15 18:11:14 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2015-07-15 18:11:13 215040 ----a-w- C:\windows\System32\winsrv.dll
2015-07-15 18:11:01 210944 ----a-w- C:\windows\System32\wdigest.dll
2015-07-15 18:09:57 338432 ----a-w- C:\windows\System32\conhost.exe
2015-07-15 18:09:52 64000 ----a-w- C:\windows\System32\auditpol.exe
2015-07-15 18:05:47 60416 ----a-w- C:\windows\System32\msobjs.dll
2015-07-15 18:05:26 146432 ----a-w- C:\windows\System32\msaudite.dll
2015-07-15 17:59:45 3989952 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2015-07-15 17:59:45 3934656 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2015-07-15 17:56:24 1311768 ----a-w- C:\windows\SysWow64\ntdll.dll
2015-07-15 17:55:07 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
.
============= FINISH: 18:23:32.80 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/3/2014 7:31:02 PM
System Uptime: 10/8/2015 5:48:33 AM (13 hours ago)
.
Motherboard: Hewlett-Packard | | 2AF7
Processor: Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz | | 3400/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 916 GiB total, 852.662 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 1.883 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP106: 9/15/2015 10:16:28 AM - Windows Update
RP107: 9/22/2015 7:22:47 AM - Windows Update
RP108: 9/25/2015 9:28:10 AM - Windows Update
RP109: 9/29/2015 8:25:29 AM - Windows Update
RP110: 10/2/2015 3:58:17 PM - Windows Update
RP111: 10/4/2015 6:16:57 PM - HPSF Applying updates
RP112: 10/4/2015 6:35:09 PM - Removed Citrix Online Launcher
RP113: 10/6/2015 5:03:43 AM - Windows Update
RP114: 10/7/2015 3:00:17 AM - Windows Update
.
==== Installed Programs ======================
.
4 Elements II
7-Zip 9.20 (x64 edition)
Adobe Flash Player 19 ActiveX
Adobe Reader X (10.1.12) MUI
Alcor Micro USB Card Reader Driver
Apple Application Support (32-bit)
Apple Application Support (64-bit)
Apple Mobile Device Support
Apple Software Update
Bejeweled 3
Blackhawk Striker 2
Bonjour
Box Sync
Canon MX890 series MP Drivers
Canon MX890 series On-screen Manual
Chromium
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cradle of Rome 2
CyberLink LabelPrint
CyberLink Power2Go 8
D3DX10
DisableMSDefender
Dora's World Adventure
Escape the Emerald Star
Farm Frenzy
Farmscapes
FATE
Final Drive Fury
Golden Trails 2: The Lost Legacy Collector's Edition
Hewlett-Packard ACLM.NET v1.2.2.3
Hoyle Card Games
HP Customer Experience Enhancements
HP Desktop Keyboard
HP Documentation
HP Games
HP PC Hardware Diagnostics UEFI
HP Postscript Converter
HP Setup
HP Support Assistant
HP Support Information
iCloud
IDT Audio
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
iTunes
Jewel Match 3
Jewel Quest Mysteries: The Seventh Gate Collector's Edition
John Deere Drive Green
Luxor HD
Mah Jong Medley
Microsoft .NET Framework 4.5
Microsoft Application Error Reporting
Microsoft Office Home and Student 2013 - en-us
Microsoft Security Client
Microsoft Security Essentials
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Mortimer Beckett and the Crimson Thief Premium Edition
Movie Maker
MSVCRT
MSVCRT110
MSVCRT110_amd64
My Farm Life 2
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
opensource
Penguins!
Photo Common
Photo Gallery
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
Poker Superstars III
Polar Bowler
Polar Golfer
PRO PC Cleaner Soft
Qualcomm Atheros Driver Installation Program
QuickTime 7
Realtek Card Reader
Recovery Manager
Roads of Rome 3
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)
Security Update for Microsoft .NET Framework 4.5 (KB2861208)
Security Update for Microsoft .NET Framework 4.5 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5 (KB2898864)
Security Update for Microsoft .NET Framework 4.5 (KB2901118)
Security Update for Microsoft .NET Framework 4.5 (KB2931368)
Security Update for Microsoft .NET Framework 4.5 (KB2972107)
Security Update for Microsoft .NET Framework 4.5 (KB2972216)
Security Update for Microsoft .NET Framework 4.5 (KB2978128)
Security Update for Microsoft .NET Framework 4.5 (KB2979578v2)
Security Update for Microsoft .NET Framework 4.5 (KB3023224)
Security Update for Microsoft .NET Framework 4.5 (KB3035490)
Security Update for Microsoft .NET Framework 4.5 (KB3037581)
Security Update for Microsoft .NET Framework 4.5 (KB3074230)
Security Update for Microsoft .NET Framework 4.5 (KB3074550)
Skype™ 6.11
Tales of Lagoona
Torchlight
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Web Bar 2.0.5749.22382
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Youda Fisherman
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
10/8/2015 6:15:09 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
10/2/2015 5:21:38 PM, Error: Schannel [36887] - The following fatal alert was received: 40.
10/1/2015 7:42:24 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 252.
.
==== End Of File ===========================

Farbar Service Scanner Version: 26-07-2015
Ran by Home (administrator) on 08-10-2015 at 18:30:28
Running from "C:\Users\Home\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
verstellung77 is offline  
Old 10-08-2015, 06:19 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, verstellung77. Who installed PRO PC Cleaner Soft?

It appears you didn't follow my last instructions.

I'll post them again...

Please go to: VirusTotal
  • Click the Choose File button.
  • Please copy/paste the following bolded text into the 'File name:' box:

    C:\windows\System32\winload.efi

  • Click Open then click the Scan it! button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File already analysed: click Reanalyse
  • Once scanned, copy and paste the URL from your browser address bar in your next reply.
------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Do NOT click the green 'Download' button(if visible).
  • Click the blue 'Download now @bleepingcomputer' button.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-10-2015, 04:46 PM   #7
Registered Member
 
Join Date: Nov 2005
Posts: 93
OS: Windows 7 Service Pack 1



My Apologies...I thought I did it correctly.


Please go to: VirusTotal
Click the Choose File button.
Please copy/paste the following bolded text into the 'File name:' box:

C:\windows\System32\winload.efi


When I paste C:\windows\System32\winload.efi it says file not found.
verstellung77 is offline  
Old 10-10-2015, 04:50 PM   #8
Registered Member
 
Join Date: Nov 2005
Posts: 93
OS: Windows 7 Service Pack 1



Please download AdwCleaner from here and save it to your desktop.
Do NOT click the green 'Download' button(if visible).
Click the blue 'Download now @bleepingcomputer' button.


This I thought I did correctly.
When I go to the page today, there is no Blue "download now @bleepingcomputer"
Only green.
verstellung77 is offline  
Old 10-10-2015, 04:55 PM   #9
Registered Member
 
Join Date: Nov 2005
Posts: 93
OS: Windows 7 Service Pack 1



FARBAR Logs

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-10-2015
Ran by Home (administrator) on HOME-HP (10-10-2015 17:51:55)
Running from C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8X4P9HDN
Loaded Profiles: Home (Available Profiles: Home)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Web Bar Media) C:\Program Files\WebBar\2.0.5749.22382\wb.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_19_0_0_185_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-11-13] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-13] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [456808 2015-07-26] ()
HKLM\...\Run: [Persistence] => "C:\windows\system32\igfxpers.exe"
HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [5817760 2015-07-27] (Box, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-11-07] (Intel Corporation)
HKLM-x32\...\Run: [HP KEYBOARDx] => C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CouponXplorer AppIntegrator 32-bit] => C:\PROGRA~2\COUPON~2\bar\1.bin\AppIntegrator.exe
HKLM-x32\...\Run: [CouponXplorer AppIntegrator 64-bit] => C:\PROGRA~2\COUPON~2\bar\1.bin\AppIntegrator64.exe
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\RunOnce: [CouponXplorer_5zbar Uninstall] => rundll32 C:\PROGRA~2\5ZUNIN~1.DLL,O -3 uninstalltype=IE
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2209216096-135292408-1765737723-1001\...\Run: [GoogleChromeAutoLaunch_9110AE79EC4ABE44F7DF18841DA0806F] => C:\Users\Home\AppData\Local\Chromium\Application\chrome.exe [667136 2015-08-11] (The Chromium Authors)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [43816 2015-04-26] (Apple Inc.)
ShellIconOverlayIdentifiers: [ BoxSyncFileLocked] -> {2a607da5-abe8-358e-a881-c0f5faf2d3a5} => C:\windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncFileLockedByOther] -> {f7d2951f-0b6b-346c-99ec-69cffc30a364} => C:\windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncNotSynced] -> {5ea95e3d-3e46-3812-b03c-49785fa67d41} => C:\windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncProblem] -> {a88b7184-bfa1-3d14-8efb-2225df9699bc} => C:\windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncSynced] -> {c89f9943-8f58-3eca-bd55-a658f53b2f48} => C:\windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{01752DED-C1AD-45E7-B665-D0CB9F2D5047}: [DhcpNameServer] 192.168.0.1 205.171.3.25

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-2209216096-135292408-1765737723-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bimmed_15_41_ssg01&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Bzz0E0EyCyDyDtDzztC0AyDtC0AyDyDtN0D0Tzu0StCtAyByCtN1L2XzutAtFtCtAtFyBtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2S0DyBtByEtBzy0E0DtG0FtD0ByDtGyE0ByByEtGzz0CtA0FtG0FzzyC0CtAyB0ByEtC0Czz0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtCyByEyE0C0CzytG0CtD0A0CtGyEtDzytAtGzy0DtDyDtG0DzyyByD0EyEzzyD0E0C0D0E2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtDzzyB%26cr%3D609395369%26a%3Dwncy_bimmed_15_41_ssg01%26os%3DWindows%2B7%2BHome%2BPremium
HKU\S-1-5-21-2209216096-135292408-1765737723-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bimmed_15_41_ssg01&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Bzz0E0EyCyDyDtDzztC0AyDtC0AyDyDtN0D0Tzu0StCtAyByCtN1L2XzutAtFtCtAtFyBtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2S0DyBtByEtBzy0E0DtG0FtD0ByDtGyE0ByByEtGzz0CtA0FtG0FzzyC0CtAyB0ByEtC0Czz0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtCyByEyE0C0CzytG0CtD0A0CtGyEtDzytAtGzy0DtDyDtG0DzyyByD0EyEzzyD0E0C0D0E2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtDzzyB%26cr%3D609395369%26a%3Dwncy_bimmed_15_41_ssg01%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bimmed_15_41_ssg01&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Bzz0E0EyCyDyDtDzztC0AyDtC0AyDyDtN0D0Tzu0StCtAyByCtN1L2XzutAtFtCtAtFyBtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2S0DyBtByEtBzy0E0DtG0FtD0ByDtGyE0ByByEtGzz0CtA0FtG0FzzyC0CtAyB0ByEtC0Czz0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtCyByEyE0C0CzytG0CtD0A0CtGyEtDzytAtGzy0DtDyDtG0DzyyByD0EyEzzyD0E0C0D0E2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtDzzyB%26cr%3D609395369%26a%3Dwncy_bimmed_15_41_ssg01%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM -> {68DD5566-3B94-4A87-BC7B-97A82EDD7801} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AFA^xdm554^YYA^us&si=331&ptb=87D7BE1A-7F96-48AF-BDCD-1A4796F264C2&ind=2015010813&n=781a9ffd&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {68DD5566-3B94-4A87-BC7B-97A82EDD7801} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2209216096-135292408-1765737723-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bimmed_15_41_ssg01&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Bzz0E0EyCyDyDtDzztC0AyDtC0AyDyDtN0D0Tzu0StCtAyByCtN1L2XzutAtFtCtAtFyBtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2S0DyBtByEtBzy0E0DtG0FtD0ByDtGyE0ByByEtGzz0CtA0FtG0FzzyC0CtAyB0ByEtC0Czz0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtCyByEyE0C0CzytG0CtD0A0CtGyEtDzytAtGzy0DtDyDtG0DzyyByD0EyEzzyD0E0C0D0E2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtDzzyB%26cr%3D609395369%26a%3Dwncy_bimmed_15_41_ssg01%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2209216096-135292408-1765737723-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bimmed_15_41_ssg01&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Bzz0E0EyCyDyDtDzztC0AyDtC0AyDyDtN0D0Tzu0StCtAyByCtN1L2XzutAtFtCtAtFyBtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2S0DyBtByEtBzy0E0DtG0FtD0ByDtGyE0ByByEtGzz0CtA0FtG0FzzyC0CtAyB0ByEtC0Czz0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtCyByEyE0C0CzytG0CtD0A0CtGyEtDzytAtGzy0DtDyDtG0DzyyByD0EyEzzyD0E0C0D0E2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtDzzyB%26cr%3D609395369%26a%3Dwncy_bimmed_15_41_ssg01%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2209216096-135292408-1765737723-1001 -> {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AFA^xdm554^YYA^us&si=331&ptb=87D7BE1A-7F96-48AF-BDCD-1A4796F264C2&ind=2015010813&n=781a9ffd&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2209216096-135292408-1765737723-1001 -> {68DD5566-3B94-4A87-BC7B-97A82EDD7801} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2209216096-135292408-1765737723-1001 -> {AEDACB6A-7980-4A39-8BCF-0CDD73367206} URL = hxxp://isearch.shopathome.com?user_id={6b7f9c16-a4b5-4b8d-8091-7a6d1c6d44d2}&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-09-11] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-09-11] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-2209216096-135292408-1765737723-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-15] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-15] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-10-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2011-09-28] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2209216096-135292408-1765737723-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Home\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-02] (Citrix Online)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [28696 2015-02-10] (Box, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2015-07-26] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-15] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-15] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\stacsv64.exe [339456 2013-11-13] (IDT, Inc.) [File not signed]
S2 wbsvc; C:\Program Files\WebBar\wbsvc.exe [37144 2015-09-28] (Web Bar Media)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-12-03] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-29] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 GENERICDRV; \??\c:\SWSetup\SP70148\samifldrv64.sys [X]
U3 McAPExe; no ImagePath
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mcpltsvc; no ImagePath
U3 McProxy; no ImagePath
U3 mfecore; no ImagePath
U3 MSK80Service; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-10 17:51 - 2015-10-10 17:51 - 00000000 ____D C:\FRST
2015-10-09 09:14 - 2015-10-09 09:14 - 00000045 _____ C:\Users\Home\AppData\Roaming\WB.CFG
2015-10-08 18:30 - 2015-10-08 18:30 - 00001132 _____ C:\Users\Home\Desktop\FSS.txt
2015-10-08 18:29 - 2015-10-08 18:29 - 02194944 _____ (Farbar) C:\Users\Home\Downloads\FRST64.exe
2015-10-08 18:29 - 2015-10-08 18:29 - 00899072 _____ (Farbar) C:\Users\Home\Desktop\FSS.exe
2015-10-08 18:21 - 2015-10-08 18:21 - 00002006 _____ C:\Users\Home\Desktop\Chromium.lnk
2015-10-08 18:20 - 2015-10-08 18:21 - 00000000 ____D C:\Users\Home\AppData\Local\Chromium
2015-10-08 18:20 - 2015-10-08 18:20 - 00003474 _____ C:\windows\System32\Tasks\PROPCCleanerSoft_Popup
2015-10-08 18:20 - 2015-10-08 18:20 - 00003210 _____ C:\windows\System32\Tasks\PROPCCleanerSoft_Start
2015-10-08 18:20 - 2015-10-08 18:20 - 00000000 ____D C:\Users\Home\Documents\PROPCCleaner
2015-10-08 18:20 - 2015-10-08 18:20 - 00000000 ____D C:\Users\Home\AppData\Roaming\updates
2015-10-08 18:20 - 2015-10-08 18:20 - 00000000 ____D C:\Users\Home\AppData\Local\PRO_PC_Cleaner_Soft
2015-10-08 18:19 - 2015-10-10 17:38 - 00000266 _____ C:\windows\Tasks\UpdateTask.job
2015-10-08 18:19 - 2015-10-10 08:40 - 00000000 ____D C:\Users\Home\AppData\Local\{AE8198DD-8A29-F465-E7B1-D18DC3D92D15}
2015-10-08 18:19 - 2015-10-08 18:22 - 00000000 ____D C:\Users\Home\Documents\PROPCCleanerSoft
2015-10-08 18:19 - 2015-10-08 18:19 - 00003784 _____ C:\windows\System32\Tasks\WebBarUpdateTask
2015-10-08 18:19 - 2015-10-08 18:19 - 00003260 _____ C:\windows\System32\Tasks\WebBarLaunchTask
2015-10-08 18:19 - 2015-10-08 18:19 - 00003202 _____ C:\windows\System32\Tasks\UpdateTask
2015-10-08 18:19 - 2015-10-08 18:19 - 00001126 _____ C:\Users\Home\Desktop\PRO PC Cleaner Soft.lnk
2015-10-08 18:19 - 2015-10-08 18:19 - 00000000 ____D C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PRO PC Cleaner Soft
2015-10-08 18:19 - 2015-10-08 18:19 - 00000000 ____D C:\Users\Home\AppData\Local\WebBar
2015-10-08 18:19 - 2015-10-08 18:19 - 00000000 ____D C:\Program Files\WebBar
2015-10-08 18:19 - 2015-10-08 18:19 - 00000000 ____D C:\Program Files (x86)\PRO PC Cleaner Soft
2015-10-08 18:19 - 2015-10-08 18:18 - 01200163 _____ C:\Users\Home\Downloads\7zip.exe
2015-10-08 18:17 - 2015-10-08 18:17 - 00939752 _____ (Soft Installer ) C:\Users\Home\Downloads\zipinstall.exe
2015-10-08 18:17 - 2015-10-08 18:17 - 00939752 _____ (Soft Installer ) C:\Users\Home\Desktop\zipinstall.exe
2015-10-06 05:01 - 2015-10-06 05:01 - 00002119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-10-06 05:01 - 2015-10-06 05:01 - 00001945 _____ C:\windows\epplauncher.mif
2015-10-06 05:01 - 2015-10-06 05:01 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-10-06 05:01 - 2015-10-06 05:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-10-06 05:00 - 2015-10-06 05:01 - 00000000 ____D C:\f760cb5b8642fc8c3089ab499b6a2c14
2015-10-04 18:24 - 2015-01-08 12:53 - 01037896 _____ (Mindspark) C:\Program Files (x86)\5zUninstall CouponXplorer.dll
2015-10-04 18:24 - 2015-01-08 12:53 - 00196488 _____ (Mindspark) C:\Program Files (x86)\5zres.dll
2015-10-02 17:56 - 2015-10-08 18:23 - 00023557 _____ C:\Users\Home\Desktop\dds.txt
2015-10-02 17:56 - 2015-10-08 18:23 - 00006397 _____ C:\Users\Home\Desktop\attach.txt
2015-10-02 17:53 - 2015-10-02 17:53 - 00688992 ____R (Swearware) C:\Users\Home\Desktop\dds.scr
2015-10-02 15:47 - 2015-10-02 17:04 - 00000000 ____D C:\Program Files (x86)\Citrix
2015-10-02 15:46 - 2015-10-04 18:35 - 00000000 ____D C:\Users\Home\AppData\Local\Citrix
2015-09-20 10:57 - 2015-09-20 10:57 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-09-20 10:57 - 2015-09-20 10:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-09-20 10:57 - 2015-09-20 10:57 - 00000000 ____D C:\Program Files\iTunes
2015-09-20 10:57 - 2015-09-20 10:57 - 00000000 ____D C:\Program Files\iPod
2015-09-20 10:57 - 2015-09-20 10:57 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-09-20 10:55 - 2015-09-20 10:55 - 00000000 ____D C:\windows\System32\Tasks\Apple
2015-09-20 10:55 - 2015-09-20 10:55 - 00000000 ____D C:\Program Files\Bonjour
2015-09-20 10:55 - 2015-09-20 10:55 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-09-20 10:55 - 2015-09-20 10:55 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-09-20 10:52 - 2015-09-20 10:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-10 17:38 - 2014-05-02 12:40 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-10-10 10:55 - 2014-10-03 19:28 - 01705297 _____ C:\windows\WindowsUpdate.log
2015-10-10 10:00 - 2014-10-03 19:38 - 00003918 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{2ED6B3B7-4076-4C27-97B3-D8105E3A4C9D}
2015-10-10 08:40 - 2015-01-14 04:18 - 00000364 _____ C:\windows\Tasks\SlimCleaner Plus (Scheduled Scan - Home).job
2015-10-07 03:02 - 2014-05-02 12:41 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-07 03:02 - 2014-05-02 12:41 - 00000000 ____D C:\ProgramData\Skype
2015-10-07 03:01 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-10-06 05:06 - 2009-07-13 22:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-06 05:06 - 2009-07-13 22:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-04 18:19 - 2014-11-17 06:51 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2015-10-04 18:19 - 2014-05-02 12:21 - 00000000 ____D C:\windows\Hewlett-Packard
2015-10-04 18:19 - 2014-02-18 16:43 - 00000000 ____D C:\SWSETUP
2015-10-02 17:46 - 2009-07-13 23:13 - 00781298 _____ C:\windows\system32\PerfStringBackup.INI
2015-10-02 17:12 - 2014-11-17 06:51 - 00000328 _____ C:\windows\Tasks\HPCeeScheduleForHome.job
2015-10-02 17:12 - 2010-11-20 21:47 - 00090044 _____ C:\windows\PFRO.log
2015-10-02 17:12 - 2009-07-13 23:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-10-02 17:12 - 2009-07-13 22:51 - 00039618 _____ C:\windows\setupact.log
2015-09-25 11:00 - 2014-10-03 20:12 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-22 07:48 - 2014-11-17 06:51 - 00003180 _____ C:\windows\System32\Tasks\HPCeeScheduleForHome
2015-09-22 07:12 - 2014-05-02 12:40 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-09-22 07:12 - 2014-05-02 12:40 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-22 07:12 - 2014-05-02 12:40 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-09-20 10:57 - 2014-10-08 18:07 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-09-20 10:55 - 2014-10-08 18:07 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-09-17 09:41 - 2009-07-13 21:20 - 00000000 ____D C:\windows\rescache
2015-09-10 03:21 - 2009-07-13 22:45 - 00327160 _____ C:\windows\system32\FNTCACHE.DAT
2015-09-10 03:20 - 2010-11-21 01:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-10 03:20 - 2009-07-13 21:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-09-10 03:04 - 2014-10-06 15:31 - 00000000 ____D C:\windows\system32\MRT

==================== Files in the root of some directories =======

2015-10-04 18:24 - 2015-01-08 12:53 - 0196488 _____ (Mindspark) C:\Program Files (x86)\5zres.dll
2015-10-04 18:24 - 2015-01-08 12:53 - 1037896 _____ (Mindspark) C:\Program Files (x86)\5zUninstall CouponXplorer.dll
2015-10-09 09:14 - 2015-10-09 09:14 - 0000045 _____ () C:\Users\Home\AppData\Roaming\WB.CFG

Some files in TEMP:
====================
C:\Users\Home\AppData\Local\Temp\Extract.exe
C:\Users\Home\AppData\Local\Temp\sp64126.exe
C:\Users\Home\AppData\Local\Temp\SP69313.exe
C:\Users\Home\AppData\Local\Temp\SP69840.exe
C:\Users\Home\AppData\Local\Temp\SP70148.exe
C:\Users\Home\AppData\Local\Temp\SP70273.exe
C:\Users\Home\AppData\Local\Temp\SP70869.exe
C:\Users\Home\AppData\Local\Temp\SP71057.exe
C:\Users\Home\AppData\Local\Temp\SP71319.exe
C:\Users\Home\AppData\Local\Temp\SP71522.exe
C:\Users\Home\AppData\Local\Temp\SP71862.exe
C:\Users\Home\AppData\Local\Temp\SP72230.exe
C:\Users\Home\AppData\Local\Temp\SP72853.exe
C:\Users\Home\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Home\AppData\Local\Temp\UninstallHPSA.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-01 20:07

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-10-2015
Ran by Home (2015-10-10 17:52:29)
Running from C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8X4P9HDN
Windows 7 Home Premium Service Pack 1 (X64) (2014-10-04 01:31:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2209216096-135292408-1765737723-500 - Administrator - Disabled)
Guest (S-1-5-21-2209216096-135292408-1765737723-501 - Limited - Disabled)
Home (S-1-5-21-2209216096-135292408-1765737723-1001 - Administrator - Enabled) => C:\Users\Home
HomeGroupUser$ (S-1-5-21-2209216096-135292408-1765737723-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Box Sync (HKLM\...\{B11132D3-0787-4AE1-A0BD-6DAB24AE0532}) (Version: 4.0.6541.0 - Box, Inc.)
Box Sync (x32 Version: 4.0.6073.0 - Box Inc.) Hidden
Canon MX890 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX890_series) (Version: - )
Canon MX890 series On-screen Manual (HKLM-x32\...\Canon MX890 series On-screen Manual) (Version: - )
Chromium (HKU\S-1-5-21-2209216096-135292408-1765737723-1001\...\Chromium) (Version: 46.0.2480.0 - Chromium)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6805 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3606 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Escape the Emerald Star (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.97 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Golden Trails 2: The Lost Legacy Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{C869E3D3-23D3-4102-A5C5-3D33448FC613}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.5.1367 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4029 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)
iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4753.1003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2209216096-135292408-1765737723-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
My Farm Life 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
PRO PC Cleaner Soft (HKLM-x32\...\PRO PC Cleaner Soft) (Version: 3.0.4 - PRO PC Cleaner Soft) <==== ATTENTION
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.30175 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.6704 - CyberLink Corp.) Hidden
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Web Bar 2.0.5749.22382 (HKLM\...\{0BCE8B0A-1E76-44E5-9909-3CF804D92E4D}_is1) (Version: 2.0.5749.22382 - Web Bar Media) <==== ATTENTION
WildTangent Games App (HP Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Youda Fisherman (x32 Version: 2.2.0.98 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2209216096-135292408-1765737723-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

15-09-2015 10:16:28 Windows Update
22-09-2015 07:22:47 Windows Update
25-09-2015 09:28:10 Windows Update
29-09-2015 08:25:29 Windows Update
02-10-2015 15:58:17 Windows Update
04-10-2015 18:16:57 HPSF Applying updates
04-10-2015 18:35:09 Removed Citrix Online Launcher
06-10-2015 05:03:43 Windows Update
07-10-2015 03:00:17 Windows Update
10-10-2015 10:54:25 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1834358D-BCB2-4796-806F-09B3109F1708} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {234329B4-60DB-448E-8AD3-7D3B7F65A1B0} - System32\Tasks\UpdateTask => C:\Users\Home\AppData\Local\{AE819~1\UNINST~1.EXE [2015-10-08] ()
Task: {29A380CB-D82C-4A13-806E-7ACEAEA22B1F} - System32\Tasks\WebBarLaunchTask => C:\Program Files\WebBar\wbsvc.exe [2015-09-28] (Web Bar Media) <==== ATTENTION
Task: {2A05E3F2-098C-496D-8836-C70418920E02} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {2ED83F64-10F6-4376-A5D6-D29C57135330} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {2FE4DFF1-9286-46B9-B9A1-34E0C7404B9A} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {4CA4836C-B41C-46EE-80CC-E20FF2AC81F7} - System32\Tasks\PROPCCleanerSoft_Start => C:\Program Files (x86)\PRO PC Cleaner Soft\PROPCCleanerSoft.exe [2015-10-06] (PRO PC Cleaner Soft) <==== ATTENTION
Task: {69E79A98-6E77-4A02-BA62-ED72F2357A13} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-08-27] (Hewlett-Packard)
Task: {6D4ECDE9-5F8B-4BB4-AA78-2877881F347D} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Home) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {6E39C52D-D83C-44BC-BCE4-1D099390DD77} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-08-27] (Hewlett-Packard)
Task: {76096C5E-715D-4E68-98D3-C655F452088B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22] (Adobe Systems Incorporated)
Task: {9BF05FEC-B90C-4B37-8AEA-3F65D5D075ED} - System32\Tasks\HPCeeScheduleForHome => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {9E277AB8-1CA6-425A-9F03-6C3B27E085A6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {A9E0C08F-84D4-47BE-9078-41BA27A705EC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {AA64CF8C-F8B0-486A-9F2E-DB17C0016515} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {B8D3F993-99A0-4BF3-8387-3F3381557DFA} - System32\Tasks\PROPCCleanerSoft_Popup => C:\Program Files (x86)\PRO PC Cleaner Soft\Splash.exe [2015-10-06] () <==== ATTENTION
Task: {BC53E1F4-D066-4E80-93EA-994881217F6A} - System32\Tasks\WebBarUpdateTask => C:\Program Files\WebBar\wbsvc.exe [2015-09-28] (Web Bar Media) <==== ATTENTION
Task: {FE4AEF13-CB78-44F1-9692-2E8FF0199C6F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {FED331BA-8C05-4759-9760-A211FD5E00DB} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2013-07-04] (CyberLink)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\HPCeeScheduleForHome.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\windows\Tasks\SlimCleaner Plus (Scheduled Scan - Home).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: C:\windows\Tasks\UpdateTask.job => C:\Users\Home\AppData\Local\{AE819~1\UNINST~1.EXE

==================== Loaded Modules (Whitelisted) ==============

2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-15 14:25 - 2015-09-15 14:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-21 21:19 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-09-15 10:16 - 2015-08-11 21:15 - 08900672 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-05-02 12:36 - 2009-07-02 15:58 - 00406016 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
2015-10-08 18:19 - 2015-09-14 13:39 - 00253440 _____ () C:\Program Files\WebBar\2.0.5749.22382\isa_x64.dll
2014-05-02 12:41 - 2013-08-05 01:49 - 00627672 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 16:48 - 2013-08-05 16:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2209216096-135292408-1765737723-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Home\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.3.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A5EAE034-3840-4877-9810-F2A18A97CBC4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{297871A3-534F-44A0-A0C8-9FF84D68B7D1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9E2EB3EA-E193-44A7-9451-6D05066E1EE9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{56F57961-8788-43DF-AD58-79FE08AE467B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{24AA9CBA-2C1F-41D4-B466-6D273DE4B75F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F5C81B07-FEEB-4431-A117-448DAF9E1070}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B1CC522C-00A2-4996-B682-E17C3BC3D45C}] => (Allow) LPort=2869
FirewallRules: [{9D14FDC7-E8A3-42BF-8D2E-836D5A351D1A}] => (Allow) LPort=1900
FirewallRules: [{57730E60-56ED-4C17-A2DB-60B44B3321C5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{5C17CC88-D737-4B78-BF5D-43ADF734938C}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{95D09A94-3F41-48A0-A546-1A1C44E8EE19}] => (Allow) C:\Users\Home\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{1A693E9A-F698-4D74-A06E-B5B35F788BFC}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{F0C36761-610F-4349-85D8-B6DAC51F9138}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{B00FF38A-3EBA-47D8-B780-83E9D33A536E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{D6F45472-0A98-4672-9D9E-EAAB32CFAE98}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{1AE60898-F890-413A-B4B2-29414C2DC14C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CCE046E9-B35B-4B32-B201-9CBFB1CF02C4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1E4B6CAF-9D0D-4294-BCAD-F29D35F19C21}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{460AF564-CBDE-4E9B-A0F6-D860CCCAC6DA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6444A084-5D47-4ADD-9E68-FCD9DD580C12}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{DE143F23-E77E-4302-9D6A-5D1F15D754CC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{56AA355E-843A-4DE7-A017-2F74C41E0816}] => (Allow) C:\Users\Home\AppData\Local\Chromium\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/02/2015 05:16:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program BoxSync.exe version 4.0.6541.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c20

Start Time: 01d0fd67dec7e20c

Termination Time: 16

Application Path: C:\Program Files\Box\Box Sync\BoxSync.exe

Report Id:

Error: (10/02/2015 03:40:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6271

Error: (10/02/2015 03:40:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6271

Error: (10/02/2015 03:40:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/02/2015 03:40:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5023

Error: (10/02/2015 03:40:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5023

Error: (10/02/2015 03:40:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/02/2015 03:40:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3775

Error: (10/02/2015 03:40:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3775

Error: (10/02/2015 03:40:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (10/09/2015 05:52:46 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (10/09/2015 05:52:46 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (10/09/2015 05:52:42 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (10/09/2015 05:52:42 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (10/09/2015 05:52:18 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (10/09/2015 05:52:18 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (10/09/2015 05:51:50 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (10/09/2015 05:51:50 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (10/08/2015 06:15:09 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (10/08/2015 06:15:09 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 23%
Total physical RAM: 8097.21 MB
Available physical RAM: 6190.41 MB
Total Virtual: 16192.63 MB
Available Virtual: 13292.36 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:915.94 GB) (Free:852.35 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:15.34 GB) (Free:1.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 797C5C7C)

Partition: GPT.

==================== End of Addition.txt ============================
verstellung77 is offline  
Old 10-10-2015, 04:58 PM   #10
Registered Member
 
Join Date: Nov 2005
Posts: 93
OS: Windows 7 Service Pack 1



I did not knowingly install PRO PC Cleaner Soft

Should I uninstall?
verstellung77 is offline  
Old 10-10-2015, 05:53 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, verstellung77. Yes, please uninstall PRO PC Cleaner Soft, and let me know if it uninstalled.

Sorry about those AdwCleaner instructions, and thanks for letting me know.

bleepingcomputer has changed their download page, so it is OK to click the green 'Download now @bleepingcomputer' button.

Please run AdwCleaner while I review your FRST logs.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-13-2015, 05:53 PM   #12
Registered Member
 
Join Date: Nov 2005
Posts: 93
OS: Windows 7 Service Pack 1



PRO PC Cleaner Uninstalled
...
...


# AdwCleaner v5.013 - Logfile created 13/10/2015 at 05:03:05
# Updated 09/10/2015 by Xplode
# Database : 2015-10-09.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Home - HOME-HP
# Running from : C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HCB9LSOJ\AdwCleaner.exe
# Option : Scan
# Support : Forum - ToolsLib

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Found : C:\Program Files (x86)\AVG Security Toolbar
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\ProgramData\slimware utilities inc
Folder Found : C:\ProgramData\Avg_Update_1114tb
Folder Found : C:\Users\Home\AppData\Local\slimware utilities inc
Folder Found : C:\Users\Home\AppData\LocalLow\iac

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

Task Found : updateTask

***** [ Registry ] *****

Key Found : HKCU\Software\Classes\AppID\ShopAtHomeHelper.EXE
Key Found : HKCU\Software\Classes\ShopAtHomeHelper.CookiesManager
Key Found : HKCU\Software\Classes\ShopAtHomeHelper.CookiesManager.1
Key Found : HKCU\Software\Classes\ShopAtHomeHelper.hxxpHandle302
Key Found : HKCU\Software\Classes\ShopAtHomeHelper.hxxpHandle302.1
Key Found : HKCU\Software\Classes\ShopAtHomeHelper.PostUrlWorker
Key Found : HKCU\Software\Classes\ShopAtHomeHelper.PostUrlWorker.1
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [CouponXplorer AppIntegrator 32-bit]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [CouponXplorer AppIntegrator 64-bit]
Key Found : HKCU\Software\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Key Found : HKCU\Software\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKCU\Software\Classes\CLSID\{08613A51-6E3E-43CC-9ECF-DD58B5837341}
Key Found : HKCU\Software\Classes\CLSID\{153EDC41-A2CC-4BEB-9EC8-008242389E50}
Key Found : HKCU\Software\Classes\CLSID\{188028B8-D91D-4BE2-BABA-68E32BDE4420}
Key Found : HKCU\Software\Classes\CLSID\{28E74F15-18C2-465E-B545-6CC738121C68}
Key Found : HKCU\Software\Classes\CLSID\{2BF6042B-B9B1-46D9-A3F8-9C987FADD4C6}
Key Found : HKCU\Software\Classes\CLSID\{40A222E2-93B1-45F9-9B07-0D1160A31A6C}
Key Found : HKCU\Software\Classes\CLSID\{6325A84C-E746-4007-A9C5-E4C1A50ED61F}
Key Found : HKCU\Software\Classes\CLSID\{9BCA87A0-5B8F-4500-A5AF-EA1279714FDF}
Key Found : HKCU\Software\Classes\CLSID\{BB17DE65-B548-48C2-AC73-1FD1996C7261}
Key Found : HKCU\Software\Classes\CLSID\{C77D3EEF-FDCA-4D37-B0D2-5FF650E07825}
Key Found : HKCU\Software\Classes\CLSID\{EA70EB31-CBAD-4862-AFDA-DCFCC32722ED}
Key Found : HKCU\Software\Classes\CLSID\{EC9100F8-5918-4F1B-9CC1-4D34A64E0FE0}
Key Found : HKCU\Software\Classes\CLSID\{F1A1ABE3-F454-4DD9-B520-01F2EEC5F0DD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BB925FE4-7161-454F-88EE-7F58C40F549C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BB925FE4-7161-454F-88EE-7F58C40F549C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
Key Found : HKU\.DEFAULT\Software\Avg Secure Update
Key Found : HKCU\Software\AVG Security Toolbar
Key Found : HKCU\Software\Avg Secure Update
Key Found : HKCU\Software\PRODUCTSETUP
Key Found : HKLM\SOFTWARE\SlimWare Utilities Inc
Key Found : [x64] HKCU\Software\AVG Security Toolbar
Key Found : [x64] HKCU\Software\Avg Secure Update
Key Found : [x64] HKCU\Software\PRODUCTSETUP
Key Found : [x64] HKLM\SOFTWARE\WebBar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AEDACB6A-7980-4A39-8BCF-0CDD73367206}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AEDACB6A-7980-4A39-8BCF-0CDD73367206}
Key Found : HKU\S-1-5-21-2209216096-135292408-1765737723-1001\Software\Microsoft\Internet Explorer\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}
Key Found : HKU\S-1-5-21-2209216096-135292408-1765737723-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AEDACB6A-7980-4A39-8BCF-0CDD73367206}

***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5161 bytes] ##########
verstellung77 is offline  
Old 10-13-2015, 07:15 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, verstellung77. Have you now installed AVG? We asked not to make major changes to your machine during the cleansing process.

You had Security Essentials installed and running. Why did you change?

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

How To Create a Windows 7 System Repair Disc [Easy]

You can also download recovery software if you don't have an installation DVD:

https://www.microsoft.com/en-us/software-recovery

------------------------------------------------------

Quote:
Running from C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8X4P9HDN
Quote:
R# Running from : C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HCB9LSOJ\AdwCleaner.exe
Please do NOT click Run before downloading the tools to the desktop.

Please note that tools are best Run from the Desktop. Save to the Desktop and then Run from the Desktop.

Easier to find and perform specialized functions which may be required. Thanks.

In IE, go Tools > View Downloads > Options > Browse > highlight 'Desktop' > Select Folder > OK > Close.

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if it still exists:

Web Bar<<Please read this

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Task: {234329B4-60DB-448E-8AD3-7D3B7F65A1B0} - System32\Tasks\UpdateTask => C:\Users\Home\AppData\Local\{AE819~1\UNINST~1.EXE [2015-10-08] ()
    Task: {29A380CB-D82C-4A13-806E-7ACEAEA22B1F} - System32\Tasks\WebBarLaunchTask => C:\Program Files\WebBar\wbsvc.exe [2015-09-28] (Web Bar Media) <==== ATTENTION
    Task: {4CA4836C-B41C-46EE-80CC-E20FF2AC81F7} - System32\Tasks\PROPCCleanerSoft_Start => C:\Program Files (x86)\PRO PC Cleaner Soft\PROPCCleanerSoft.exe [2015-10-06] (PRO PC Cleaner Soft) <==== ATTENTION
    Task: {6D4ECDE9-5F8B-4BB4-AA78-2877881F347D} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Home) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
    Task: {B8D3F993-99A0-4BF3-8387-3F3381557DFA} - System32\Tasks\PROPCCleanerSoft_Popup => C:\Program Files (x86)\PRO PC Cleaner Soft\Splash.exe [2015-10-06] () <==== ATTENTION
    Task: {BC53E1F4-D066-4E80-93EA-994881217F6A} - System32\Tasks\WebBarUpdateTask => C:\Program Files\WebBar\wbsvc.exe [2015-09-28] (Web Bar Media) <==== ATTENTION
    Task: C:\windows\Tasks\SlimCleaner Plus (Scheduled Scan - Home).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
    Task: C:\windows\Tasks\UpdateTask.job => C:\Users\Home\AppData\Local\{AE819~1\UNINST~1.EXE
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    FirewallRules: [{1A693E9A-F698-4D74-A06E-B5B35F788BFC}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
    FirewallRules: [{F0C36761-610F-4349-85D8-B6DAC51F9138}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
    FirewallRules: [{B00FF38A-3EBA-47D8-B780-83E9D33A536E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{D6F45472-0A98-4672-9D9E-EAAB32CFAE98}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    (Web Bar Media) C:\Program Files\WebBar\2.0.5749.22382\wb.exe
    HKLM-x32\...\Run: [CouponXplorer AppIntegrator 32-bit] => C:\PROGRA~2\COUPON~2\bar\1.bin\AppIntegrator.exe
    HKLM-x32\...\Run: [CouponXplorer AppIntegrator 64-bit] => C:\PROGRA~2\COUPON~2\bar\1.bin\AppIntegrator64.exe
    HKLM-x32\...\RunOnce: [CouponXplorer_5zbar Uninstall] => rundll32 C:\PROGRA~2\5ZUNIN~1.DLL,O -3 uninstalltype=IE
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    SearchScopes: HKLM-x32 -> {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AFA^xdm554^YYA^us&si=331&ptb=87D7BE1A-7F96-48AF-BDCD-1A4796F264C2&ind=2015010813&n=781a9ffd&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKU\S-1-5-21-2209216096-135292408-1765737723-1001 -> {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AFA^xdm554^YYA^us&si=331&ptb=87D7BE1A-7F96-48AF-BDCD-1A4796F264C2&ind=2015010813&n=781a9ffd&psa=&st=sb&searchfor={searchTerms}
    Toolbar: HKU\S-1-5-21-2209216096-135292408-1765737723-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    2015-10-04 18:24 - 2015-01-08 12:53 - 01037896 _____ (Mindspark) C:\Program Files (x86)\5zUninstall CouponXplorer.dll
    2015-10-04 18:24 - 2015-01-08 12:53 - 00196488 _____ (Mindspark) C:\Program Files (x86)\5zres.dll
    2015-10-02 15:47 - 2015-10-02 17:04 - 00000000 ____D C:\Program Files (x86)\Citrix
    2015-10-02 15:46 - 2015-10-04 18:35 - 00000000 ____D C:\Users\Home\AppData\Local\Citrix
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

Note: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe

Next, go File > New Task(Run...) and type explorer then press 'Enter'.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-14-2015, 04:54 PM   #14
Registered Member
 
Join Date: Nov 2005
Posts: 93
OS: Windows 7 Service Pack 1



I did not install AVG,,,
A bit puzzled how that and Pro PC Cleaner got installed.
verstellung77 is offline  
Old 10-14-2015, 05:53 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



It appears AdwCleaner just removed some remnants of AVG that were left over from a previous install. Not sure about PRO PC Cleaner though.

Go ahead with the rest of the instructions.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-15-2015, 05:36 PM   #16
Registered Member
 
Join Date: Nov 2005
Posts: 93
OS: Windows 7 Service Pack 1



start
createrestorepoint:
Task: {234329B4-60DB-448E-8AD3-7D3B7F65A1B0} - System32\Tasks\UpdateTask => C:\Users\Home\AppData\Local\{AE819~1\UNINST~1.EXE [2015-10-08] ()
Task: {29A380CB-D82C-4A13-806E-7ACEAEA22B1F} - System32\Tasks\WebBarLaunchTask => C:\Program Files\WebBar\wbsvc.exe [2015-09-28] (Web Bar Media) <==== ATTENTION
Task: {4CA4836C-B41C-46EE-80CC-E20FF2AC81F7} - System32\Tasks\PROPCCleanerSoft_Start => C:\Program Files (x86)\PRO PC Cleaner Soft\PROPCCleanerSoft.exe [2015-10-06] (PRO PC Cleaner Soft) <==== ATTENTION
Task: {6D4ECDE9-5F8B-4BB4-AA78-2877881F347D} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Home) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {B8D3F993-99A0-4BF3-8387-3F3381557DFA} - System32\Tasks\PROPCCleanerSoft_Popup => C:\Program Files (x86)\PRO PC Cleaner Soft\Splash.exe [2015-10-06] () <==== ATTENTION
Task: {BC53E1F4-D066-4E80-93EA-994881217F6A} - System32\Tasks\WebBarUpdateTask => C:\Program Files\WebBar\wbsvc.exe [2015-09-28] (Web Bar Media) <==== ATTENTION
Task: C:\windows\Tasks\SlimCleaner Plus (Scheduled Scan - Home).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: C:\windows\Tasks\UpdateTask.job => C:\Users\Home\AppData\Local\{AE819~1\UNINST~1.EXE
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
FirewallRules: [{1A693E9A-F698-4D74-A06E-B5B35F788BFC}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{F0C36761-610F-4349-85D8-B6DAC51F9138}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{B00FF38A-3EBA-47D8-B780-83E9D33A536E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{D6F45472-0A98-4672-9D9E-EAAB32CFAE98}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Web Bar Media) C:\Program Files\WebBar\2.0.5749.22382\wb.exe
HKLM-x32\...\Run: [CouponXplorer AppIntegrator 32-bit] => C:\PROGRA~2\COUPON~2\bar\1.bin\AppIntegrator.exe
HKLM-x32\...\Run: [CouponXplorer AppIntegrator 64-bit] => C:\PROGRA~2\COUPON~2\bar\1.bin\AppIntegrator64.exe
HKLM-x32\...\RunOnce: [CouponXplorer_5zbar Uninstall] => rundll32 C:\PROGRA~2\5ZUNIN~1.DLL,O -3 uninstalltype=IE
Winlogon\Notify\igfxcui: igfxdev.dll [X]
SearchScopes: HKLM-x32 -> {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AFA^xdm554^YYA^us&si=331&ptb=87D7BE1A-7F96-48AF-BDCD-1A4796F264C2&ind=2015010813&n=781a9ffd&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2209216096-135292408-1765737723-1001 -> {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AFA^xdm554^YYA^us&si=331&ptb=87D7BE1A-7F96-48AF-BDCD-1A4796F264C2&ind=2015010813&n=781a9ffd&psa=&st=sb&searchfor={searchTerms}
Toolbar: HKU\S-1-5-21-2209216096-135292408-1765737723-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
2015-10-04 18:24 - 2015-01-08 12:53 - 01037896 _____ (Mindspark) C:\Program Files (x86)\5zUninstall CouponXplorer.dll
2015-10-04 18:24 - 2015-01-08 12:53 - 00196488 _____ (Mindspark) C:\Program Files (x86)\5zres.dll
2015-10-02 15:47 - 2015-10-02 17:04 - 00000000 ____D C:\Program Files (x86)\Citrix
2015-10-02 15:46 - 2015-10-04 18:35 - 00000000 ____D C:\Users\Home\AppData\Local\Citrix
EmptyTemp:
end



start
createrestorepoint:
Task: {234329B4-60DB-448E-8AD3-7D3B7F65A1B0} - System32\Tasks\UpdateTask => C:\Users\Home\AppData\Local\{AE819~1\UNINST~1.EXE [2015-10-08] ()
Task: {29A380CB-D82C-4A13-806E-7ACEAEA22B1F} - System32\Tasks\WebBarLaunchTask => C:\Program Files\WebBar\wbsvc.exe [2015-09-28] (Web Bar Media) <==== ATTENTION
Task: {4CA4836C-B41C-46EE-80CC-E20FF2AC81F7} - System32\Tasks\PROPCCleanerSoft_Start => C:\Program Files (x86)\PRO PC Cleaner Soft\PROPCCleanerSoft.exe [2015-10-06] (PRO PC Cleaner Soft) <==== ATTENTION
Task: {6D4ECDE9-5F8B-4BB4-AA78-2877881F347D} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Home) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {B8D3F993-99A0-4BF3-8387-3F3381557DFA} - System32\Tasks\PROPCCleanerSoft_Popup => C:\Program Files (x86)\PRO PC Cleaner Soft\Splash.exe [2015-10-06] () <==== ATTENTION
Task: {BC53E1F4-D066-4E80-93EA-994881217F6A} - System32\Tasks\WebBarUpdateTask => C:\Program Files\WebBar\wbsvc.exe [2015-09-28] (Web Bar Media) <==== ATTENTION
Task: C:\windows\Tasks\SlimCleaner Plus (Scheduled Scan - Home).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: C:\windows\Tasks\UpdateTask.job => C:\Users\Home\AppData\Local\{AE819~1\UNINST~1.EXE
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
FirewallRules: [{1A693E9A-F698-4D74-A06E-B5B35F788BFC}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{F0C36761-610F-4349-85D8-B6DAC51F9138}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{B00FF38A-3EBA-47D8-B780-83E9D33A536E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{D6F45472-0A98-4672-9D9E-EAAB32CFAE98}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Web Bar Media) C:\Program Files\WebBar\2.0.5749.22382\wb.exe
HKLM-x32\...\Run: [CouponXplorer AppIntegrator 32-bit] => C:\PROGRA~2\COUPON~2\bar\1.bin\AppIntegrator.exe
HKLM-x32\...\Run: [CouponXplorer AppIntegrator 64-bit] => C:\PROGRA~2\COUPON~2\bar\1.bin\AppIntegrator64.exe
HKLM-x32\...\RunOnce: [CouponXplorer_5zbar Uninstall] => rundll32 C:\PROGRA~2\5ZUNIN~1.DLL,O -3 uninstalltype=IE
Winlogon\Notify\igfxcui: igfxdev.dll [X]
SearchScopes: HKLM-x32 -> {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AFA^xdm554^YYA^us&si=331&ptb=87D7BE1A-7F96-48AF-BDCD-1A4796F264C2&ind=2015010813&n=781a9ffd&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2209216096-135292408-1765737723-1001 -> {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AFA^xdm554^YYA^us&si=331&ptb=87D7BE1A-7F96-48AF-BDCD-1A4796F264C2&ind=2015010813&n=781a9ffd&psa=&st=sb&searchfor={searchTerms}
Toolbar: HKU\S-1-5-21-2209216096-135292408-1765737723-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
2015-10-04 18:24 - 2015-01-08 12:53 - 01037896 _____ (Mindspark) C:\Program Files (x86)\5zUninstall CouponXplorer.dll
2015-10-04 18:24 - 2015-01-08 12:53 - 00196488 _____ (Mindspark) C:\Program Files (x86)\5zres.dll
2015-10-02 15:47 - 2015-10-02 17:04 - 00000000 ____D C:\Program Files (x86)\Citrix
2015-10-02 15:46 - 2015-10-04 18:35 - 00000000 ____D C:\Users\Home\AppData\Local\Citrix
EmptyTemp:
end
verstellung77 is offline  
Old 10-15-2015, 05:38 PM   #17
Registered Member
 
Join Date: Nov 2005
Posts: 93
OS: Windows 7 Service Pack 1



I appreciate your help and patience
verstellung77 is offline  
Old 10-15-2015, 06:35 PM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, verstellung77. You're very welcome. Are you sure you followed the directions to the letter?

The log you posted is just 2 copies of the fixlist.txt you created for the fix.

Did you run FRST then click 'Fix'? Did you save fixlist.txt to the same folder as FRST?

Did you save FRST to your desktop, or other folder, or are you still running it from the browser?

Start all over, download FRST64.exe and save it to your desktop. Create fixlist.txt and save it to your desktop.

Start FRST64 and click 'Fix'. Let me know.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-16-2015, 04:29 AM   #19
Registered Member
 
Join Date: Nov 2005
Posts: 93
OS: Windows 7 Service Pack 1



Fix result of Farbar Recovery Scan Tool (x64) Version:15-10-2015 01
Ran by Home (2015-10-16 05:25:21) Run:2
Running from C:\Users\Home\Desktop
Loaded Profiles: Home (Available Profiles: Home)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
Task: {234329B4-60DB-448E-8AD3-7D3B7F65A1B0} - System32\Tasks\UpdateTask => C:\Users\Home\AppData\Local\{AE819~1\UNINST~1.EXE [2015-10-08] ()
Task: {29A380CB-D82C-4A13-806E-7ACEAEA22B1F} - System32\Tasks\WebBarLaunchTask => C:\Program Files\WebBar\wbsvc.exe [2015-09-28] (Web Bar Media) <==== ATTENTION
Task: {4CA4836C-B41C-46EE-80CC-E20FF2AC81F7} - System32\Tasks\PROPCCleanerSoft_Start => C:\Program Files (x86)\PRO PC Cleaner Soft\PROPCCleanerSoft.exe [2015-10-06] (PRO PC Cleaner Soft) <==== ATTENTION
Task: {6D4ECDE9-5F8B-4BB4-AA78-2877881F347D} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Home) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {B8D3F993-99A0-4BF3-8387-3F3381557DFA} - System32\Tasks\PROPCCleanerSoft_Popup => C:\Program Files (x86)\PRO PC Cleaner Soft\Splash.exe [2015-10-06] () <==== ATTENTION
Task: {BC53E1F4-D066-4E80-93EA-994881217F6A} - System32\Tasks\WebBarUpdateTask => C:\Program Files\WebBar\wbsvc.exe [2015-09-28] (Web Bar Media) <==== ATTENTION
Task: C:\windows\Tasks\SlimCleaner Plus (Scheduled Scan - Home).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: C:\windows\Tasks\UpdateTask.job => C:\Users\Home\AppData\Local\{AE819~1\UNINST~1.EXE
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
FirewallRules: [{1A693E9A-F698-4D74-A06E-B5B35F788BFC}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{F0C36761-610F-4349-85D8-B6DAC51F9138}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{B00FF38A-3EBA-47D8-B780-83E9D33A536E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{D6F45472-0A98-4672-9D9E-EAAB32CFAE98}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Web Bar Media) C:\Program Files\WebBar\2.0.5749.22382\wb.exe
HKLM-x32\...\Run: [CouponXplorer AppIntegrator 32-bit] => C:\PROGRA~2\COUPON~2\bar\1.bin\AppIntegrator.exe
HKLM-x32\...\Run: [CouponXplorer AppIntegrator 64-bit] => C:\PROGRA~2\COUPON~2\bar\1.bin\AppIntegrator64.exe
HKLM-x32\...\RunOnce: [CouponXplorer_5zbar Uninstall] => rundll32 C:\PROGRA~2\5ZUNIN~1.DLL,O -3 uninstalltype=IE
Winlogon\Notify\igfxcui: igfxdev.dll [X]
SearchScopes: HKLM-x32 -> {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AFA^xdm554^YYA^us&si=331&ptb=87D7BE1A-7F96-48AF-BDCD-1A4796F264C2&ind=2015010813&n=781a9ffd&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2209216096-135292408-1765737723-1001 -> {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AFA^xdm554^YYA^us&si=331&ptb=87D7BE1A-7F96-48AF-BDCD-1A4796F264C2&ind=2015010813&n=781a9ffd&psa=&st=sb&searchfor={searchTerms}
Toolbar: HKU\S-1-5-21-2209216096-135292408-1765737723-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
2015-10-04 18:24 - 2015-01-08 12:53 - 01037896 _____ (Mindspark) C:\Program Files (x86)\5zUninstall CouponXplorer.dll
2015-10-04 18:24 - 2015-01-08 12:53 - 00196488 _____ (Mindspark) C:\Program Files (x86)\5zres.dll
2015-10-02 15:47 - 2015-10-02 17:04 - 00000000 ____D C:\Program Files (x86)\Citrix
2015-10-02 15:46 - 2015-10-04 18:35 - 00000000 ____D C:\Users\Home\AppData\Local\Citrix
EmptyTemp:
end
*****************

Restore point was successfully created.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{234329B4-60DB-448E-8AD3-7D3B7F65A1B0} => key not found.
C:\windows\System32\Tasks\UpdateTask => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdateTask => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29A380CB-D82C-4A13-806E-7ACEAEA22B1F} => key not found.
C:\windows\System32\Tasks\WebBarLaunchTask => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WebBarLaunchTask => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CA4836C-B41C-46EE-80CC-E20FF2AC81F7} => key not found.
C:\windows\System32\Tasks\PROPCCleanerSoft_Start => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PROPCCleanerSoft_Start => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D4ECDE9-5F8B-4BB4-AA78-2877881F347D} => key not found.
C:\windows\System32\Tasks\SlimCleaner Plus (Scheduled Scan - Home) => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SlimCleaner Plus (Scheduled Scan - Home) => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8D3F993-99A0-4BF3-8387-3F3381557DFA} => key not found.
C:\windows\System32\Tasks\PROPCCleanerSoft_Popup => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PROPCCleanerSoft_Popup => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC53E1F4-D066-4E80-93EA-994881217F6A} => key not found.
C:\windows\System32\Tasks\WebBarUpdateTask => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WebBarUpdateTask => key not found.
C:\windows\Tasks\SlimCleaner Plus (Scheduled Scan - Home).job => not found.
C:\windows\Tasks\UpdateTask.job => not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => key not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => key not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1A693E9A-F698-4D74-A06E-B5B35F788BFC} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F0C36761-610F-4349-85D8-B6DAC51F9138} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B00FF38A-3EBA-47D8-B780-83E9D33A536E} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D6F45472-0A98-4672-9D9E-EAAB32CFAE98} => value not found.
C:\Program Files\WebBar\2.0.5749.22382\wb.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CouponXplorer AppIntegrator 32-bit => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CouponXplorer AppIntegrator 64-bit => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\CouponXplorer_5zbar Uninstall => value not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a} => key not found.
HKCR\Wow6432Node\CLSID\{5a1d0d31-749c-4186-a295-4106e6e7b26a} => key not found.
HKU\S-1-5-21-2209216096-135292408-1765737723-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a} => key not found.
HKCR\CLSID\{5a1d0d31-749c-4186-a295-4106e6e7b26a} => key not found.
HKU\S-1-5-21-2209216096-135292408-1765737723-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value not found.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key not found.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key not found.
"C:\Program Files (x86)\5zUninstall CouponXplorer.dll" => File/Folder not found.
"C:\Program Files (x86)\5zres.dll" => File/Folder not found.
"C:\Program Files (x86)\Citrix" => File/Folder not found.
"C:\Users\Home\AppData\Local\Citrix" => File/Folder not found.
EmptyTemp: => 30.4 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 05:25:31 ====
verstellung77 is offline  
Old 10-16-2015, 08:08 AM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, verstellung77. How is the machine behaving? Any improvement?

------------------------------------------------------

It appears you didn't run ComboFix after running FRST. Here are the instructions again:

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

Note: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe

Next, go File > New Task(Run...) and type explorer then press 'Enter'.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Small business Firewall issues
Hello Tech Support Forum. This is my first thread here. I'm recently hired on at a small business. As shown in my illustration. There is the ISP modem, then a Netgear FVS318v3 Firewall, then a D-Link switch that goes to all the Lan connected computers and also goes to a wireless router for the...
ChamberGeek Networking Support 5 12-06-2013 03:18 PM
Firewall and Network topology help
Hello, we have the need to re-segment our network to impose better security and control over traffic, etc. Currently we are using a "Screened Subnet" firewall topology with a single firewall and multiple interfaces. Currently we have our public services servers out in front of the firewall...
alupis Security and Firewalls 3 04-04-2011 02:20 PM
Browser won't load but am connected to the internet +can't uninstall norton firewall
Hello there helpful stranger, Been using chrome as my web browser for a while and no problems. But a few days ago struck a problem that has me stumped. Sending this correspondence from my small laptop (which runs linux) but all problems refer to my Dell that runs Windows Vista 6.0 (SP1)....
purple_shag Windows 7 , Windows Vista Support 10 04-03-2011 09:16 PM
Server Firewall issue
I had a prob with changes I made in GPO. I did end up getting that back to a usable settings but now the settings on the server have changed and I am not sure what the difference is or why it happened. the server is now using the windows app for the firewall on the server. I have it set the...
joeny0706 Windows Servers 0 03-02-2011 08:43 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 11:00 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts