Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP3 Pro - AdPunisher and script load errors, hard to use computer due to infecti


  • This topic is locked This topic is locked
10 replies to this topic

#1 MrMark52

MrMark52

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 02 July 2015 - 10:51 AM

Don't know how I got what I got (probably a supposed YouTube video click but I get an array of popup windows and neverending loading icon on FIrefox tab (it's taken me 5 minutes just to write this statement).I also continously get a flag to continue, debug, or cancel a script in FIrefox.

 

HiJack This log below -

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:30:14 AM, on 7/2/2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

FIREFOX: 38.0.5 (x86 en-US)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\Markie\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\Markie\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Documents and Settings\Markie\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = duckduckgo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Markie\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Download Master] C:\Program Files\ASUS\Download Master Utility\DM2.exe /hide
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Markie\Local Settings\Application Data\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: *.dell.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://biz.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} - http://www.sayatv.com/download/SayaTV.cab
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} - http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353069653843
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMService - Unknown owner - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: OpenVPN Service (OpenVPNService) - The OpenVPN Project - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService.exe) - Paramount Software UK Ltd - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013\RpcAgentSrv.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: User Profile Hive Cleanup (UPHClean) - Windows ® Codename Longhorn DDK provider - C:\Program Files\UPHClean\uphclean.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: DW WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 14588 bytes
 

 
 
 
 


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:51 AM

Posted 04 July 2015 - 09:07 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running?
Wait for further instructions.

#3 MrMark52

MrMark52
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 06 July 2015 - 10:22 AM

Thanks nasdaq! Sorry for the delay, long 4th of July weekend!

 

In the few minutes I've had FireFox open since my AdwCleaner scan, initially no indication of AdPunisher or script load errors. AdPunisher seemed to always load in a delayed manner, or either when I opened or shortly after I opened a new window.

 

# AdwCleaner v4.207 - Logfile created 06/07/2015 at 09:12:32
# Updated 21/06/2015 by Xplode
# Database : 2015-07-05.2 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Markie - MARKDELL
# Running from : C:\Documents and Settings\Markie\Desktop\adwcleaner_4.207.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : 87f4ea86

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\2949267695046574819
Folder Deleted : C:\Documents and Settings\All Users\Application Data\{26f09bfe-7e4c-14c0-26f0-09bfe7e46ff9}
Folder Deleted : C:\Documents and Settings\Markie\Application Data\1H1Q
Folder Deleted : C:\Documents and Settings\Markie\Application Data\ARecEngine
File Deleted : C:\Program Files\mozilla firefox\dbghelp.dll
File Deleted : C:\Program Files\prefs.js
File Deleted : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\d8391459-152b-a5e3-cb02-6265a71f441b
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{87f4ea86}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5DEBC66A-136E-4F2C-84CC-8A984EBA1195}
Key Deleted : HKCU\Software\CoinisRS
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2C98B47-B5F4-94AA-281D-4135416774CF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A2C98B47-B5F4-94AA-281D-4135416774CF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:3265;hxxps=127.0.0.1:3265;
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;<local>

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v39.0 (x86 en-US)


*************************

AdwCleaner[R0].txt - [7080 bytes] - [16/10/2013 13:04:50]
AdwCleaner[R10].txt - [295 bytes] - [02/07/2015 10:22:17]
AdwCleaner[R11].txt - [4191 bytes] - [06/07/2015 09:00:56]
AdwCleaner[R1].txt - [5698 bytes] - [16/10/2013 13:12:51]
AdwCleaner[R2].txt - [5758 bytes] - [16/10/2013 13:14:55]
AdwCleaner[R3].txt - [5818 bytes] - [16/10/2013 13:20:09]
AdwCleaner[R4].txt - [5792 bytes] - [29/05/2014 13:25:28]
AdwCleaner[R5].txt - [1173 bytes] - [29/05/2014 13:38:56]
AdwCleaner[R6].txt - [1404 bytes] - [09/06/2014 16:28:11]
AdwCleaner[R7].txt - [3543 bytes] - [08/07/2014 10:43:36]
AdwCleaner[R8].txt - [1488 bytes] - [08/07/2014 13:40:31]
AdwCleaner[R9].txt - [6275 bytes] - [20/08/2014 16:43:11]
AdwCleaner[S0].txt - [5910 bytes] - [29/05/2014 13:26:31]
AdwCleaner[S1].txt - [1469 bytes] - [09/06/2014 16:36:36]
AdwCleaner[S2].txt - [3668 bytes] - [08/07/2014 10:44:54]
AdwCleaner[S3].txt - [1549 bytes] - [08/07/2014 13:46:49]
AdwCleaner[S4].txt - [6450 bytes] - [20/08/2014 16:59:10]
AdwCleaner[S5].txt - [3945 bytes] - [06/07/2015 09:12:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [4004  bytes] ##########
 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-07-2015
Ran by Markie (administrator) on MARKDELL on 06-07-2015 09:44:29
Running from C:\Documents and Settings\Markie\Desktop
Loaded Profiles: Markie (Available Profiles: Markie & ASPNET & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe
(CrypKey (Canada) Ltd.) C:\WINDOWS\system32\Crypserv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\WINDOWS\system32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Trend Micro Inc.) C:\Program Files\trend micro\RUBotted\RUBotSrv.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Windows ® Codename Longhorn DDK provider) C:\Program Files\UPHClean\uphclean.exe
(WDC) C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\WINDOWS\system32\fxssvc.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Trend Micro Inc.) C:\Program Files\trend micro\RUBotted\RUBottedGUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\wcescomm.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Akamai Technologies, Inc.) C:\Documents and Settings\Markie\Local Settings\Application Data\Akamai\netsession_win.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\PROGRA~1\MI3AA1~1\rapimgr.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Markie\Local Settings\Application Data\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\hidfind.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe
(Microsoft Corporation) C:\WINDOWS\system32\cidaemon.exe
(Microsoft Corporation) C:\WINDOWS\system32\cidaemon.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [2498560 2010-10-29] (Dell Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [176128 2005-10-07] (Alps Electric Co., Ltd.)
HKLM\...\Run: [APSDaemon] => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\...\Run: [OSSelectorReinstall] => C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Trend Micro RUBotted V2.0 Beta] => C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe [1102872 2013-07-25] (Trend Micro Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1407248 2011-12-23] (Intel® Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1210640 2011-12-23] (Intel® Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624056 2011-08-30] (Adobe Systems Inc.)
HKLM\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\Run: [H/PC Connection Agent] => C:\Program Files\Microsoft ActiveSync\wcescomm.exe [1289000 2006-11-13] (Microsoft Corporation)
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\Run: [cdloader] => C:\Documents and Settings\Markie\Application Data\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [429120 2014-01-23] (BillP Studios)
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\Run: [Download Master] => C:\Program Files\ASUS\Download Master Utility\DM2.exe /hide
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\Run: [Akamai NetSession Interface] => C:\Documents and Settings\Markie\Local Settings\Application Data\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6714136 2015-05-15] (SUPERAntiSpyware)
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6369048 2015-05-08] (Piriform Ltd)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2014-09-05] ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2015-04-01]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
BootExecute: autocheck autochk * sdnclean.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = duckduckgo.com
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1220945662-1532298954-1417001333-1003 -> {4A2CC286-3F90-49AD-AA0F-AD6EDC923BAC} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1220945662-1532298954-1417001333-1003 -> {5E9DB3E5-68B8-4983-BBA3-BE258EB9FF32} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1220945662-1532298954-1417001333-1003 -> {E9DB9E7B-A275-41D1-8158-D0423FBEBDEB} URL = http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&cof=&q={searchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2011-08-30] (Adobe Systems Incorporated)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2011-08-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2011-08-30] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1220945662-1532298954-1417001333-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2011-08-30] (Adobe Systems Incorporated)
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://biz.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} http://www.sayatv.com/download/SayaTV.cab
DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL No File []
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL No File []
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL No File []
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL No File []
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL No File []
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL No File
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL No File []
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL No File []
Handler: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL No File
Handler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL No File
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.200.100
Tcpip\..\Interfaces\{189AACEE-B5D5-4B50-B406-771EE865D9C1}: [DhcpNameServer] 192.168.200.100
Tcpip\..\Interfaces\{39C29138-E35B-4581-B377-8DD2AFA3474F}: [DhcpNameServer] 192.168.200.100
Tcpip\..\Interfaces\{4E96252E-6B4E-4E3F-83EB-3DF92056D5CE}: [DhcpNameServer] 192.168.200.100

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Markie\Application Data\Mozilla\Firefox\Profiles\45o9pv9a.default-1435355163140
FF DefaultSearchEngine.US: DuckDuckGo
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-23] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1218158.dll [2015-05-07] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
FF Plugin: @FOSCAM Web Components -> C:\Program Files\Foscam Web Components\npIPcamCloud.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
FF Plugin: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll No File
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 -> C:\WINDOWS\ ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
FF Plugin HKU\S-1-5-21-1220945662-1532298954-1417001333-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Markie\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2013-10-29] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32asw.dll [2004-07-02] (Macromedia, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-06-25] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2011-08-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-12-10] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-12-10] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-12-10] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-12-10] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-12-10] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Markie\Application Data\mozilla\plugins\ieatgpc.dll [2012-11-30] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Markie\Application Data\mozilla\plugins\npatgpc.dll [2012-11-30] (Cisco WebEx LLC)
FF Extension: AdPunisher - C:\Documents and Settings\Markie\Application Data\Mozilla\Firefox\Profiles\45o9pv9a.default-1435355163140\Extensions\jsgbgnnnzbtstia@yvvqdoekokrdj.org [2015-07-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-02-03]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files\Logitech\Harmony Remote Driver\harmony_chrome.crx [2013-01-02]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-12] (SUPERAntiSpyware.com)
R2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [61440 2005-10-18] (Broadcom Corporation) [File not signed]
S2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
R2 Crypkey License; C:\WINDOWS\system32\crypserv.exe [122880 2007-05-23] (CrypKey (Canada) Ltd.) [File not signed]
R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-07-02] (Macrovision Europe Ltd.) [File not signed]
R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [475136 2007-07-20] (Dell Inc.) [File not signed]
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [32568 2014-08-07] (The OpenVPN Project)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [2462160 2014-07-21] (Paramount Software UK Ltd)
R2 RUBotSrv; C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.)
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [882960 2011-12-23] (Intel® Corporation)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013\RpcAgentSrv.exe [68760 2008-11-04] (SiSoftware) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SMTPSVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
R2 UPHClean; C:\Program Files\UPHClean\uphclean.exe [399872 2010-09-13] (Windows ® Codename Longhorn DDK provider) [File not signed]
R2 W3SVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
R2 WDBtnMgrSvc.exe; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [102400 2009-06-26] (WDC) [File not signed]
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [2232320 2010-10-29] (Dell Inc.) [File not signed]
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" [X]
S2 MBAMService; "C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\WINDOWS\system32\ampa.sys [12656 2013-12-18] ()
R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed]
S3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2649216 2010-10-29] (Broadcom Corporation)
R1 BUFADPT; C:\WINDOWS\system32\BUFADPT.SYS [10880 2007-11-25] (BUFFALO INC.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
S3 CSRBC; C:\WINDOWS\System32\Drivers\csrbcxp.sys [31744 2007-01-16] (CSR, plc) [File not signed]
R1 Ext2Fsd; C:\WINDOWS\system32\Drivers\Ext2Fsd.sys [686360 2011-07-09] (www.ext2fsd.com)
R1 fanio; C:\WINDOWS\system32\drivers\fanio.sys [14464 2007-02-16] (Christian Diefer) [File not signed]
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [57800 2009-10-22] (FTDI Ltd.)
S3 giveio; C:\WINDOWS\system32\giveio.sys [5248 2010-02-04] () [File not signed]
S3 grmnusb; C:\WINDOWS\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.) [File not signed]
S3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [201600 2005-07-22] (Conexant Systems, Inc.)
R0 imagedrv; C:\WINDOWS\System32\Drivers\imagedrv.sys [11304 2007-07-03] (Ahead Software AG)
R0 imagesrv; C:\WINDOWS\System32\DRIVERS\imagesrv.sys [132904 2007-07-03] (Ahead Software AG)
S3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [120024 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 mcdbus; C:\WINDOWS\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [31048 2014-01-10] (Intel Corporation )
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETwNx32; C:\WINDOWS\System32\DRIVERS\NETwNx32.sys [7477120 2011-12-12] (Intel Corporation)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 oneuport; C:\WINDOWS\System32\DRIVERS\oneuport.sys [851840 2005-02-11] ()
S3 PID_0928; C:\WINDOWS\System32\DRIVERS\LV561AV.SYS [495768 2009-04-30] (Logitech Inc.)
R0 pssnap; C:\WINDOWS\System32\DRIVERS\pssnap.sys [13528 2014-07-21] ()
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10320 2013-09-30] ()
S3 RT-USB; C:\WINDOWS\System32\drivers\RT-USB.SYS [59464 2010-06-16] (Ross-Tech LLC)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2010-05-19] (Intel Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Ser2pl; C:\WINDOWS\System32\DRIVERS\ser2pl.sys [119424 2005-06-16] (Prolific Technology Inc.) [File not signed]
R1 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5632 2009-07-22] () [File not signed]
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [26624 2014-06-30] (The OpenVPN Project) [File not signed]
S3 tbhsd; C:\WINDOWS\System32\drivers\tbhsd.sys [26784 2007-12-11] (RapidSolution Software AG)
R1 vcdrom; C:\Downloads\Microsoft\Virtual CD\VCdRom.sys [8576 2001-12-19] (Microsoft Corporation) [File not signed]
S2 BASFND; \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-06 09:44 - 2015-07-06 09:46 - 00026751 _____ C:\Documents and Settings\Markie\Desktop\FRST.txt
2015-07-06 09:41 - 2015-07-06 09:41 - 00000000 ____D C:\Documents and Settings\Markie\Desktop\FRST-OlderVersion
2015-07-06 09:38 - 2015-07-06 09:38 - 01636352 _____ (Farbar) C:\Documents and Settings\Markie\FRST.exe
2015-07-06 08:55 - 2015-07-06 08:56 - 02244096 _____ C:\Documents and Settings\Markie\Desktop\adwcleaner_4.207.exe
2015-07-03 22:04 - 2015-07-06 09:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-07-02 10:30 - 2015-07-02 10:30 - 00014590 _____ C:\Documents and Settings\Markie\Desktop\hijackthis.log
2015-07-02 08:36 - 2015-07-02 08:36 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2015-07-01 20:59 - 2015-02-02 11:06 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20150701-205945.backup
2015-07-01 11:15 - 2015-07-06 09:28 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-07-01 11:15 - 2015-07-01 11:15 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-07-01 11:15 - 2015-07-01 11:15 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-07-01 11:14 - 2015-07-01 11:40 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2015-07-01 11:13 - 2015-07-01 11:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2015-07-01 11:13 - 2015-07-01 11:13 - 00001842 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-07-01 11:13 - 2015-07-01 11:13 - 00001836 _____ C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2015-07-01 11:12 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2015-07-01 11:11 - 2015-07-01 11:26 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-07-01 10:23 - 2015-07-01 10:23 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2015-07-01 10:21 - 2015-07-01 10:21 - 00000000 ____D C:\Program Files\Common Files\ODBC
2015-06-30 15:38 - 2015-06-30 15:38 - 00000000 ____D C:\Documents and Settings\Markie\Application Data\Intel
2015-06-30 15:36 - 2011-12-12 08:05 - 07477120 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\NETwNx32.sys
2015-06-30 15:36 - 2010-05-18 21:31 - 02760704 _____ (Intel Corporation) C:\WINDOWS\system32\NETwNr32.dll
2015-06-30 15:36 - 2010-05-18 21:29 - 00684032 _____ (Intel Corporation) C:\WINDOWS\system32\NETwNc32.dll
2015-06-30 15:35 - 2015-06-30 15:37 - 00010748 _____ C:\WINDOWS\DPINST.LOG
2015-06-30 15:35 - 2015-06-30 15:35 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Intel PROSet Wireless
2015-06-30 15:34 - 2015-06-30 15:34 - 00000000 ____D C:\Program Files\Common Files\Intel
2015-06-30 15:34 - 2015-06-30 15:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Intel
2015-06-24 15:38 - 2015-06-24 15:38 - 00000000 ____D C:\Program Files\TerminusSubs
2015-06-24 15:27 - 2015-06-24 15:27 - 00001998 _____ C:\Documents and Settings\Markie\Desktop\ENGINE PARTS - MODEL 725r 2-CYCLE GAS TRIMMER.lnk
2015-06-23 09:40 - 2015-07-06 09:09 - 00000516 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1220945662-1532298954-1417001333-1003.job
2015-06-23 09:40 - 2015-07-06 08:17 - 00000612 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1220945662-1532298954-1417001333-1003.job
2015-06-22 11:30 - 2015-06-22 11:30 - 00000000 ____D C:\Program Files\pstoedit
2015-06-22 11:07 - 2015-06-22 11:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\VectPDF
2015-06-22 11:06 - 2015-06-22 11:07 - 00000000 ____D C:\Program Files\VectPDF
2015-06-22 10:20 - 2015-07-06 09:33 - 00000430 _____ C:\WINDOWS\Tasks\SystemToolsDailyTest.job
2015-06-22 10:20 - 2015-07-05 10:35 - 00000430 _____ C:\WINDOWS\Tasks\SystemToolsDailyTest_once.job
2015-06-22 10:20 - 2015-06-25 14:15 - 00000660 _____ C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
2015-06-18 13:24 - 2015-06-18 13:24 - 00000000 ____D C:\SUPERDelete
2015-06-18 08:54 - 2015-06-18 08:54 - 00001876 _____ C:\Documents and Settings\All Users\Desktop\AutoCAD LT 2014 - English.lnk
2015-06-18 08:11 - 2015-06-23 17:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Autodesk
2015-06-17 11:19 - 2015-07-06 09:47 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-17 11:19 - 2015-06-23 12:20 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-06-17 11:19 - 2015-06-23 12:20 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-06-16 10:43 - 2015-06-19 09:37 - 00000000 ____D C:\Documents and Settings\Markie\Local Settings\Application Data\Autodesk, Inc
2015-06-15 17:37 - 2015-06-22 11:38 - 00000000 ____D C:\Documents and Settings\Markie\Local Settings\Application Data\cache
2015-06-15 16:51 - 2015-06-15 16:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\FARO
2015-06-15 16:46 - 2015-06-15 16:46 - 00000000 ____D C:\Documents and Settings\Markie\My Documents\Inventor Server SDK ACAD 2014
2015-06-15 16:44 - 2015-06-15 16:44 - 00000147 _____ C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
2015-06-15 16:28 - 2015-07-01 09:27 - 00000000 ____D C:\Program Files\Autodesk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-06 09:51 - 2015-02-02 11:22 - 00000000 ____D C:\Documents and Settings\Markie\Local Settings\temp
2015-07-06 09:44 - 2014-07-08 10:54 - 00000000 ____D C:\FRST
2015-07-06 09:41 - 2015-02-11 10:01 - 01636352 _____ (Farbar) C:\Documents and Settings\Markie\Desktop\FRST.exe
2015-07-06 09:40 - 2009-03-13 15:26 - 00000000 ____D C:\Documents and Settings\Markie
2015-07-06 09:33 - 2009-03-13 09:09 - 00755114 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-06 09:32 - 2009-03-13 15:19 - 01256885 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-06 09:31 - 2009-03-13 08:59 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-07-06 09:28 - 2009-03-13 09:11 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-07-06 09:28 - 2009-03-13 09:11 - 00000048 _____ C:\WINDOWS\wiaservc.log
2015-07-06 09:27 - 2015-04-23 09:06 - 00003720 _____ C:\WINDOWS\error.log
2015-07-06 09:27 - 2009-03-13 15:24 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-07-06 09:27 - 2008-04-14 07:00 - 00012022 _____ C:\WINDOWS\system32\wpa.dbl
2015-07-06 09:26 - 2015-02-10 14:56 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-07-06 09:26 - 2013-10-02 09:41 - 00000316 _____ C:\WINDOWS\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job
2015-07-06 09:26 - 2009-03-13 15:25 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-06 09:26 - 2009-03-13 09:08 - 00578240 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-06 09:25 - 2009-07-29 09:17 - 00000012 _____ C:\WINDOWS\bthservsdp.dat
2015-07-06 09:25 - 2009-03-13 15:26 - 00000178 ___SH C:\Documents and Settings\Markie\ntuser.ini
2015-07-06 09:25 - 2009-03-13 15:25 - 00032450 _____ C:\WINDOWS\SchedLgU.Txt
2015-07-06 09:12 - 2013-10-16 13:04 - 00000000 ____D C:\AdwCleaner
2015-07-04 12:00 - 2013-10-02 09:42 - 00000310 _____ C:\WINDOWS\Tasks\Spybot - Search & Destroy -  Scheduled Task.job
2015-07-02 10:19 - 2015-01-23 12:50 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\Markie\Desktop\HijackThis.exe
2015-07-02 09:27 - 2015-03-04 18:34 - 00000000 ____D C:\Town of Sunnyvale
2015-07-02 08:41 - 2009-03-14 08:40 - 00183936 _____ C:\Documents and Settings\Markie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-07-02 08:36 - 2009-06-23 13:54 - 00002371 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Distiller 8.lnk
2015-07-02 08:36 - 2009-06-23 13:54 - 00002359 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 8 Professional.lnk
2015-07-02 08:36 - 2009-06-23 13:54 - 00001880 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe LiveCycle Designer 8.0.lnk
2015-07-02 08:36 - 2009-06-23 13:54 - 00001736 _____ C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 8 Professional.lnk
2015-07-02 08:36 - 2009-03-23 21:08 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-07-01 18:24 - 2009-09-12 08:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2015-07-01 11:24 - 2009-03-13 15:25 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-07-01 10:24 - 2009-07-02 09:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-07-01 10:23 - 2009-03-13 09:09 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-07-01 10:06 - 2015-04-23 15:29 - 00156355 _____ C:\WINDOWS\setupapi.log
2015-07-01 10:00 - 2009-11-01 10:50 - 00002359 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft ActiveSync.lnk
2015-07-01 09:52 - 2010-08-15 09:28 - 00000000 ____D C:\Program Files\Microchip
2015-07-01 09:52 - 2010-06-23 08:36 - 00000000 ____D C:\Program Files\Logitech
2015-07-01 09:52 - 2009-03-13 15:17 - 00000000 ____D C:\Program Files\Messenger
2015-07-01 09:51 - 2010-06-20 17:17 - 00000000 ____D C:\Program Files\iTunes
2015-07-01 09:50 - 2015-04-16 09:04 - 00000000 ____D C:\Program Files\iPod
2015-07-01 09:50 - 2009-03-23 16:38 - 00000000 ____D C:\Program Files\Intel
2015-07-01 09:47 - 2009-05-05 21:20 - 00000000 ____D C:\Program Files\Electronics Workbench
2015-07-01 09:40 - 2009-03-13 17:30 - 00000000 ____D C:\Program Files\Dell
2015-07-01 09:39 - 2009-03-13 15:18 - 00000000 ____D C:\Program Files\Common Files\System
2015-07-01 09:38 - 2010-06-23 08:32 - 00000000 ____D C:\Program Files\Common Files\logishrd
2015-07-01 09:38 - 2010-05-12 11:22 - 00000000 ____D C:\Program Files\Common Files\ScanSoft Shared
2015-07-01 09:36 - 2009-10-09 09:42 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2015-07-01 09:35 - 2009-09-09 14:39 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-01 09:34 - 2009-10-27 11:20 - 00000000 ____D C:\Program Files\Common Files\Ahead
2015-07-01 09:32 - 2012-03-16 11:50 - 00000000 ____D C:\Program Files\CCleaner
2015-07-01 09:31 - 2010-02-17 17:04 - 00000000 ____D C:\Program Files\Canon
2015-07-01 09:31 - 2009-03-23 17:14 - 00000000 ____D C:\Program Files\Brother
2015-07-01 09:30 - 2011-10-11 12:36 - 00000000 ____D C:\Program Files\Bonjour
2015-07-01 09:30 - 2009-03-13 17:30 - 00000000 ____D C:\Program Files\Broadcom
2015-07-01 09:25 - 2009-03-14 08:28 - 00000000 ____D C:\Program Files\Apoint
2015-07-01 09:24 - 2009-03-23 21:08 - 00000000 ____D C:\Program Files\Adobe
2015-07-01 09:22 - 2015-02-02 11:22 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2015-06-30 15:14 - 2014-07-17 19:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
2015-06-30 15:07 - 2009-07-08 06:29 - 00000000 ____D C:\Documents and Settings\Markie\Local Settings\Application Data\Deployment
2015-06-30 14:37 - 2013-12-17 09:11 - 04986400 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1220945662-1532298954-1417001333-1003-0.dat
2015-06-30 14:37 - 2013-08-13 21:21 - 00512726 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-06-30 13:36 - 2012-05-24 13:04 - 00000000 ____D C:\Documents and Settings\Markie\Application Data\PCDr
2015-06-26 16:46 - 2015-01-13 07:16 - 00000000 ____D C:\Documents and Settings\Markie\Desktop\Old Firefox Data
2015-06-26 12:48 - 2009-06-08 00:13 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2015-06-23 18:03 - 2012-05-24 13:02 - 00000000 ____D C:\Program Files\SystemRequirementsLab
2015-06-23 17:28 - 2009-10-09 09:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Autodesk
2015-06-23 14:39 - 2009-07-02 09:23 - 00065536 _____ C:\WINDOWS\system32\config\ODiag.evt
2015-06-23 12:20 - 2014-08-14 08:24 - 00000000 ____D C:\Documents and Settings\Markie\Local Settings\Application Data\Adobe
2015-06-22 11:05 - 2011-03-25 11:08 - 00000000 ____D C:\Autodesk
2015-06-22 10:20 - 2014-06-12 12:41 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Dell
2015-06-22 10:18 - 2012-05-24 13:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PCDr
2015-06-19 12:07 - 2010-05-12 10:03 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-06-19 09:36 - 2009-10-09 09:42 - 00000000 ____D C:\Documents and Settings\Markie\Application Data\Autodesk
2015-06-18 13:43 - 2014-07-11 13:07 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-18 13:32 - 2015-04-15 03:15 - 00262144 _____ C:\WINDOWS\system32\default_user_class.dat
2015-06-18 13:32 - 2015-04-15 03:15 - 00001024 ____H C:\WINDOWS\system32\default_user_class.dat.LOG
2015-06-18 12:19 - 2013-03-05 18:14 - 00002315 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2015-06-18 10:28 - 2013-03-05 18:14 - 00001734 _____ C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2015-06-18 09:10 - 2009-03-14 08:30 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-06-18 08:54 - 2009-10-09 09:43 - 00000000 ____D C:\Documents and Settings\Markie\Local Settings\Application Data\Autodesk
2015-06-18 08:05 - 2009-03-13 15:19 - 00000000 ____D C:\WINDOWS\system32\DirectX
2015-06-17 22:50 - 2014-01-31 18:10 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-06-17 14:20 - 2015-06-02 12:38 - 00000000 ____D C:\Program Files\MiniTool Partition Wizard Free 9.0
2015-06-15 17:55 - 2009-07-02 09:19 - 00000000 ____D C:\Program Files\Microsoft Office
2015-06-15 17:54 - 2009-03-13 08:59 - 00000000 ____D C:\WINDOWS\Help
2015-06-15 17:30 - 2009-06-23 11:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\FLEXnet
2015-06-10 08:40 - 2013-07-20 03:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 08:22 - 2009-03-13 16:43 - 136900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-09 15:26 - 2013-10-10 11:05 - 00000000 ____D C:\Documents and Settings\Markie\Application Data\vlc

==================== Files in the root of some directories =======

2013-02-14 17:52 - 2013-02-14 17:52 - 0000336 _____ () C:\Program Files\temp995.bat
2009-11-01 10:51 - 2009-11-01 10:51 - 0002528 _____ () C:\Documents and Settings\Markie\Application Data\$_hpcst$.hpc
2011-05-05 14:54 - 2011-05-05 14:54 - 0038445 _____ () C:\Documents and Settings\Markie\Application Data\Comma Separated Values (DOS).ADR
2011-05-05 14:54 - 2011-05-05 15:01 - 0038446 _____ () C:\Documents and Settings\Markie\Application Data\Comma Separated Values (Windows).ADR
2010-04-13 17:22 - 2010-04-13 17:22 - 0000120 _____ () C:\Documents and Settings\Markie\Application Data\FixVTS.ini
2010-08-12 17:10 - 2010-08-25 22:18 - 0000925 _____ () C:\Documents and Settings\Markie\Application Data\gcgb.ini
2015-04-23 15:39 - 2012-11-01 01:52 - 12845056 _____ () C:\Documents and Settings\Markie\Application Data\Sandra.mdb
2014-02-04 14:15 - 2014-02-13 17:38 - 0000600 _____ () C:\Documents and Settings\Markie\Application Data\winscp.rnd
2010-05-03 22:54 - 2010-05-03 22:54 - 0024576 _____ () C:\Documents and Settings\Markie\Application Data\WSM.exe
2014-05-29 16:08 - 2014-08-20 11:40 - 0265053 _____ () C:\Documents and Settings\Markie\Local Settings\Application Data\ars.cache
2014-05-29 16:09 - 2014-08-20 11:42 - 0393582 _____ () C:\Documents and Settings\Markie\Local Settings\Application Data\census.cache
2009-05-10 14:17 - 2015-05-06 10:49 - 0214016 _____ () C:\Documents and Settings\Markie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-03-14 08:34 - 2009-03-14 08:34 - 0000129 _____ () C:\Documents and Settings\Markie\Local Settings\Application Data\fusioncache.dat
2009-10-18 15:53 - 2009-10-18 15:53 - 0000036 _____ () C:\Documents and Settings\Markie\Local Settings\Application Data\housecall.guid.cache
2012-10-01 14:14 - 2014-02-04 15:19 - 0000600 _____ () C:\Documents and Settings\Markie\Local Settings\Application Data\PUTTY.RND
2015-01-13 21:32 - 2015-01-13 21:32 - 0004834 ____N () C:\Documents and Settings\Markie\Local Settings\Application Data\recently-used.xbel

Files to move or delete:
====================
C:\Documents and Settings\Markie\FRST.exe


Some files in TEMP:
====================
C:\Documents and Settings\Markie\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Markie\Local Settings\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:51 AM

Posted 06 July 2015 - 10:54 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = duckduckgo.com
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL No File []
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL No File []
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL No File []
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL No File []
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL No File []
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL No File
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL No File []
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL No File []
Handler: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL No File
Handler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL No File
FF DefaultSearchEngine.US: DuckDuckGo
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
FF Plugin: @FOSCAM Web Components -> C:\Program Files\Foscam Web Components\npIPcamCloud.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
FF Plugin: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
FF Extension: AdPunisher - C:\Documents and Settings\Markie\Application Data\Mozilla\Firefox\Profiles\45o9pv9a.default-1435355163140\Extensions\jsgbgnnnzbtstia@yvvqdoekokrdj.org [2015-07-01]
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" [X]
S2 MBAMService; "C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe" [X]
S2 BASFND; \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [X]
Task: {1ECE08EF-385E-4B1C-B5DB-30169BDB6421} - \Bidaily Synchronize Task[973b] No Task File <==== ATTENTION

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

CHR dev: Chrome dev build detected! <======= ATTENTION

Your copy of Chrome has been compromised

Re-install Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants.

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

===

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

How is the computer running now?

#5 MrMark52

MrMark52
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 06 July 2015 - 01:03 PM

I don't run Chrome, I think I loaded it once upon a time but then uninstalled it and presently there are no occurrences of it in the Add/Remove Programs Manager. Later (Jan '14) I loaded Google Earth but have not used since. Just today, I uninstalled it. There are not any references to Google or Chrome in Task Manager, either the Applications or Processes tab.

I used Revo Uninstaller to see if there were occurrences that could be removed, but none showed. No idea where the references of the FRST scan are coming from.

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 05-07-2015
Ran by Markie at 2015-07-06 11:06:34 Run:2
Running from C:\Documents and Settings\Markie\Desktop\FRST-OlderVersion
Loaded Profiles: Markie (Available Profiles: Markie & ASPNET & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = duckduckgo.com
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL No File []
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL No File []
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL No File []
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} -
C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL No File []
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL No File []
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL No File
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL No File []
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL No File []
Handler: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL No File
Handler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL No File
FF DefaultSearchEngine.US: DuckDuckGo
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
FF
Plugin: @FOSCAM Web Components -> C:\Program Files\Foscam Web Components\npIPcamCloud.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
FF Plugin: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
FF Extension: AdPunisher - C:\Documents and Settings\Markie\Application Data\Mozilla\Firefox\Profiles\45o9pv9a.default-1435355163140\Extensions\jsgbgnnnzbtstia@yvvqdoekokrdj.org [2015-07-01]
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program
Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" [X]
S2 MBAMService; "C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe" [X]
S2 BASFND; \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [X]
Task: {1ECE08EF-385E-4B1C-B5DB-30169BDB6421} - \Bidaily Synchronize Task[973b] No Task File <==== ATTENTION

End

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKCR\PROTOCOLS\Handler\http\0x00000001" => key removed successfully.
"HKCR\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61}" => key removed successfully.
"HKCR\PROTOCOLS\Handler\http\oledb" => key removed successfully.
"HKCR\CLSID\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61}" => key removed successfully.
"HKCR\PROTOCOLS\Handler\https\0x00000001" => key removed successfully.
HKCR\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} => key not found.
"HKCR\PROTOCOLS\Handler\https\oledb" => key removed successfully.
HKCR\CLSID\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} => key not found.
"C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL No File []" => File/Folder not found.
"HKCR\PROTOCOLS\Handler\ipp\0x00000001" => key removed successfully.
HKCR\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} => key not found.
"HKCR\PROTOCOLS\Handler\ms-itss" => key removed successfully.
"HKCR\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754}" => key removed successfully.
"HKCR\PROTOCOLS\Handler\msdaipp\0x00000001" => key removed successfully.
HKCR\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} => key not found.
"HKCR\PROTOCOLS\Handler\msdaipp\oledb" => key removed successfully.
HKCR\CLSID\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} => key not found.
"HKCR\PROTOCOLS\Handler\mso-offdap" => key removed successfully.
"HKCR\CLSID\{3D9F03FA-7A94-11D3-BE81-0050048385D1}" => key removed successfully.
"HKCR\PROTOCOLS\Handler\mso-offdap11" => key removed successfully.
"HKCR\CLSID\{32505114-5902-49B2-880A-1F7738E5A384}" => key removed successfully.
Firefox DefaultSearchEngine.US removed successfully.
"HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0" => key removed successfully.
FF => Error: No automatic fix found for this entry.
Plugin: @FOSCAM Web Components -> C:\Program Files\Foscam Web Components\npIPcamCloud.dll No File => Error: No automatic fix found for this entry.
"HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin" => key removed successfully.
"HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0" => key removed successfully.
"HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully.
"HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully.
"HKLM\Software\MozillaPlugins\Adobe Reader" => key removed successfully.
C:\Documents and Settings\Markie\Application Data\Mozilla\Firefox\Profiles\45o9pv9a.default-1435355163140\Extensions\jsgbgnnnzbtstia@yvvqdoekokrdj.org => moved successfully.
gupdate => Service removed successfully.
gupdatem => Service removed successfully.
Files\Google\Update\GoogleUpdate.exe" /medsvc [X] => Error: No automatic fix found for this entry.
IDriverT => Service removed successfully.
MBAMService => Service removed successfully.
BASFND => Service removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1ECE08EF-385E-4B1C-B5DB-30169BDB6421} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task[973b] => key not found.
EmptyTemp: => 515.4 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 11:10:29 ====



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:51 AM

Posted 07 July 2015 - 06:53 AM


Sorry my mistake, your default browser is FireFox.
If the problem persists execute this.

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

How is the computer running now?

#7 MrMark52

MrMark52
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 07 July 2015 - 08:51 AM

nasdaq,

 

Spent yesterday afternoon browsing before receiving your response and no detectable issues. I think all is good once again.

 

As always, Thanks much for your help!



#8 MrMark52

MrMark52
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 07 July 2015 - 08:59 AM

May have spoken too soon - one thing I've noticed is associative links of Start Menu items to the actual programs appears to be missing on various programs. MSOffice so far seem to be OK, but so far AutoCAD, Nero, MagicDisc to name a few are not linked.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:51 AM

Posted 07 July 2015 - 12:54 PM

Please Download Tweaking.com - Windows Repair from Here
[list]
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click on Repairs
  • Click Repairs - Open Repairs in the bottom right corner
  • Click the Unselect All button then select just the item(s) listed below

  • 11 - Repair Start Menu Icons Removed by Infections
    12 - Repair Icons
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===

    How is it now?


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:51 AM

Posted 13 July 2015 - 07:21 AM

Are you still with me?

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:51 AM

Posted 19 July 2015 - 07:45 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users