Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with istatic.eshopcomp.com


  • This topic is locked This topic is locked
17 replies to this topic

#1 JP_Smith

JP_Smith

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 30 September 2015 - 07:44 AM

I have a Windows  7 Pro computer that seems to be infected with some kind of malware.  Every time one user logs onto it he gets redirected through the browser.  I ran Malwarebytes on the system and deleted all of the items it found but I still get this problem.

 

Here are the FRST logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-09-2015

Ran by kuechj (administrator) on VALKOR (30-09-2015 06:38:28)
Running from C:\Users\kuechj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I4U3DQ7H
Loaded Profiles: kuechj & adsemj &  (Available Profiles: chrisn & kuechj & adsemj & JP)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
( ) C:\Windows\System32\lxducoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Dropbox, Inc.) C:\Users\adsemj\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-01-08] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [VX3000] => C:\windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe [729744 2013-01-20] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2015-04-10] (Oracle Corporation)
HKLM-x32\...\runonceex: [ContentMerger] => c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-11-23] (Sonic Solutions)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2014-12-16] (Microsoft Corporation)
HKU\S-1-5-21-1715567821-813497703-1801674531-1121-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\S-1-5-21-1715567821-813497703-1801674531-1121-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-22] (Hewlett-Packard Company)
HKU\S-1-5-21-1715567821-813497703-1801674531-1121-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\System32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1715567821-813497703-1801674531-1213\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\System32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1715567821-813497703-1801674531-1213-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\System32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1715567821-813497703-1801674531-1656\...\MountPoints2: D - D:\LaunchU3.exe -a
HKU\S-1-5-21-1715567821-813497703-1801674531-1656\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\System32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: D - D:\LaunchU3.exe -a
HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\System32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3863894753-4190228360-1962728708-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-22] (Hewlett-Packard Company)
HKU\S-1-5-21-3863894753-4190228360-1962728708-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\System32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2014-12-16] (Microsoft Corporation)
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
Startup: C:\Users\adsemj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-09-28]
ShortcutTarget: Dropbox.lnk -> C:\Users\kuechj\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.0.0.10
Tcpip\..\Interfaces\{3678B818-1FCF-4778-BAA4-77AC0FD172BC}: [DhcpNameServer] 10.0.0.10
Tcpip\..\Interfaces\{3E76B745-B483-4A2D-BE8C-1B1F8E748FA1}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1715567821-813497703-1801674531-1121-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1715567821-813497703-1801674531-1213\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1715567821-813497703-1801674531-1213-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1715567821-813497703-1801674531-1656\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1715567821-813497703-1801674531-1121-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM/1
HKU\S-1-5-21-1715567821-813497703-1801674531-1121-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM/1
HKU\S-1-5-21-1715567821-813497703-1801674531-1213\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://companyweb
HKU\S-1-5-21-1715567821-813497703-1801674531-1213\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://companyweb
HKU\S-1-5-21-1715567821-813497703-1801674531-1213-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://companyweb
HKU\S-1-5-21-1715567821-813497703-1801674531-1213-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://companyweb
HKU\S-1-5-21-1715567821-813497703-1801674531-1656\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://companyweb/
HKU\S-1-5-21-1715567821-813497703-1801674531-1656\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://companyweb
HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://companyweb/
HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://companyweb
HKU\S-1-5-21-3863894753-4190228360-1962728708-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM/1
HKU\S-1-5-21-3863894753-4190228360-1962728708-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM/1
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {A9CC9C3F-9C5C-4350-A5D6-A5E63E54D631} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {A9CC9C3F-9C5C-4350-A5D6-A5E63E54D631} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1715567821-813497703-1801674531-1121-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-1715567821-813497703-1801674531-1213 -> {A9CC9C3F-9C5C-4350-A5D6-A5E63E54D631} URL = 
SearchScopes: HKU\S-1-5-21-1715567821-813497703-1801674531-1213 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\S-1-5-21-1715567821-813497703-1801674531-1213-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A9CC9C3F-9C5C-4350-A5D6-A5E63E54D631} URL = 
SearchScopes: HKU\S-1-5-21-1715567821-813497703-1801674531-1213-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\S-1-5-21-3863894753-4190228360-1962728708-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {A9CC9C3F-9C5C-4350-A5D6-A5E63E54D631} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3863894753-4190228360-1962728708-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A9CC9C3F-9C5C-4350-A5D6-A5E63E54D631} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
BHO: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2010-04-02] (DigitalPersona, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Lexmark Toolbar -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> C:\Program Files\Lexmark Toolbar\toolband.dll [2008-09-10] ()
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22] (Adobe Systems Incorporated)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2010-01-19] (Hewlett-Packard)
BHO-x32: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2010-04-02] (DigitalPersona, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-09-29] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Lexmark Printable Web -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files\Lexmark Printable Web\bho.dll [2008-09-10] ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-09-29] (Oracle Corporation)
Toolbar: HKLM-x32 - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll [2008-09-10] ()
Toolbar: HKU\S-1-5-21-1715567821-813497703-1801674531-1121-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKU\S-1-5-21-1715567821-813497703-1801674531-1213 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1715567821-813497703-1801674531-1213-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1715567821-813497703-1801674531-1656 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {2FD395CB-BD93-4BA9-AA4B-D725754E20D1} hxxp://test.player.portalarium.com/installers/win32/PortalariumPlayer.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2012-10-29] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-09-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-09-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1715567821-813497703-1801674531-1656: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\adsemj\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-26] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\adsemj\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-26] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2010-09-10]
FF HKLM-x32\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com => not found
 
Chrome: 
=======
CHR Profile: C:\Users\kuechj\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\kuechj\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-29]
CHR Extension: (Google Docs) - C:\Users\kuechj\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-29]
CHR Extension: (Google Drive) - C:\Users\kuechj\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-29]
CHR Extension: (YouTube) - C:\Users\kuechj\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\kuechj\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-29]
CHR Extension: (Google Sheets) - C:\Users\kuechj\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-29]
CHR Extension: (Google Docs Offline) - C:\Users\kuechj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\kuechj\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kuechj\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-29]
CHR Extension: (Gmail) - C:\Users\kuechj\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-29]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
R2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe [729744 2013-01-20] (Kaspersky Lab ZAO)
R3 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2010-02-01] (McAfee, Inc.) [File not signed]
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462088 2010-03-30] (DigitalPersona, Inc.)
R2 FileOpenManagerSvc; C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe [334720 2011-12-09] (FileOpen Systems Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [362040 2009-12-07] (Hewlett-Packard Ltd)
R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-03-24] (Hewlett-Packard) [File not signed]
R2 HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2010-03-16] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [90112 2010-06-14] (Hewlett-Packard Company) [File not signed]
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2010-02-01] (McAfee, Inc.)
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984 2010-01-19] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [264248 2010-03-01] (Hewlett-Packard Company)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-02-22] (Hewlett-Packard Company) [File not signed]
R2 lxdu_device; C:\windows\system32\lxducoms.exe [1039360 2009-10-16] ( )
R2 lxdu_device; C:\windows\SysWOW64\lxducoms.exe [594600 2008-05-23] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2010-03-06] (PDF Complete Inc)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe [244736 2010-03-17] (IDT, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
R2 wgsslvpnsrc; C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe [58368 2011-06-29] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 Impcd; C:\Windows\System32\DRIVERS\Impcd.sys [158976 2010-02-26] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [271872 2010-02-03] (Intel® Corporation) [File not signed]
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [94992 2014-10-11] (Kaspersky Lab ZAO)
R1 KLFLTDEV; C:\Windows\System32\DRIVERS\klfltdev.sys [32088 2012-09-13] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [644368 2014-10-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-11-23] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54104 2012-11-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178008 2012-11-16] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2010-02-01] (McAfee, Inc.)
R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2010-02-01] (McAfee, Inc.)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [89344 2010-01-30] (Realtek Semiconductor Corp.)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2010-02-01] ()
R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2010-02-01] (McAfee, Inc.)
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2010-02-01] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2010-02-01] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2010-02-01] (McAfee, Inc.)
S3 STIrUsb; C:\Windows\System32\DRIVERS\irstusb.sys [33792 2008-01-19] (SigmaTel, Inc.)
S3 USA19H; C:\Windows\System32\DRIVERS\USA19Hx64.sys [740096 2007-10-30] (Keyspan)
S3 USA19HP; C:\Windows\System32\DRIVERS\USA19Hx64p.SYS [35840 2007-10-23] (Keyspan)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 SWVNIC; system32\DRIVERS\swvnic.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-30 06:37 - 2015-09-30 06:38 - 00000000 ____D C:\FRST
2015-09-29 15:26 - 2015-09-29 15:27 - 00000000 ____D C:\Users\adsemj\Desktop\Ptarmigan Hunt
2015-09-29 07:58 - 2015-09-29 07:58 - 00000000 ____D C:\ProgramData\Oracle
2015-09-29 07:57 - 2015-09-29 07:57 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2015-09-29 07:57 - 2015-09-29 07:57 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2015-09-29 07:57 - 2015-09-29 07:57 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2015-09-29 07:57 - 2015-09-29 07:57 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-09-29 07:57 - 2015-09-29 07:57 - 00000000 ____D C:\ProgramData\Sun
2015-09-29 07:57 - 2015-09-29 07:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-29 07:57 - 2015-09-29 07:57 - 00000000 ____D C:\Program Files (x86)\Java
2015-09-29 07:35 - 2015-09-29 07:35 - 00000000 ____D C:\Users\kuechj\AppData\Local\Apps\2.0
2015-09-28 13:54 - 2015-09-28 13:54 - 00000429 _____ C:\Users\adsemj\Downloads\last5days_D034022_20150928135450.txt
2015-09-28 11:15 - 2015-09-28 11:15 - 00000000 ____D C:\ProgramData\Intel
2015-09-24 10:47 - 2015-09-24 10:47 - 00001068 _____ C:\Users\adsemj\Desktop\malwarebytes output.txt
2015-09-24 09:55 - 2015-09-29 19:33 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-24 09:54 - 2015-09-24 09:54 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\adsemj\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-24 09:54 - 2015-09-24 09:54 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-24 09:54 - 2015-09-24 09:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-24 09:54 - 2015-09-24 09:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-24 09:54 - 2015-09-24 09:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-24 09:54 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-09-24 09:54 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-09-24 09:54 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-09-23 15:02 - 2015-08-05 13:02 - 00157016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-09-23 15:02 - 2015-08-05 13:02 - 00097112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-09-23 15:02 - 2015-08-05 12:56 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-09-23 15:02 - 2015-08-05 12:56 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-09-23 15:02 - 2015-08-05 12:56 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-09-23 15:02 - 2015-08-05 12:56 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-09-23 15:02 - 2015-08-05 12:56 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-09-23 15:02 - 2015-08-05 12:56 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-09-23 15:02 - 2015-08-05 12:56 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-09-23 15:02 - 2015-08-05 12:56 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-09-23 15:02 - 2015-08-05 12:56 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-09-23 15:02 - 2015-08-05 12:55 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-09-23 15:02 - 2015-08-05 12:55 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-09-23 15:02 - 2015-08-05 12:41 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-09-23 15:02 - 2015-08-05 12:41 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-09-23 15:02 - 2015-08-05 12:41 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-09-23 15:02 - 2015-08-05 12:40 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-09-23 15:02 - 2015-08-05 12:40 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-09-23 15:02 - 2015-08-05 12:40 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-09-23 15:02 - 2015-08-05 12:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-09-23 15:02 - 2015-08-05 11:38 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-09-23 15:01 - 2015-08-05 12:56 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-09-23 15:01 - 2015-08-05 12:56 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-09-23 15:01 - 2015-08-05 12:56 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-09-23 15:01 - 2015-08-05 12:56 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\icaapi.dll
2015-09-23 15:01 - 2015-08-05 12:56 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-09-23 15:01 - 2015-08-05 12:50 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-09-23 15:01 - 2015-08-05 12:50 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-09-23 15:01 - 2015-08-05 12:46 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-09-23 15:01 - 2015-08-05 12:41 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-09-23 15:01 - 2015-08-05 12:40 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-09-23 15:01 - 2015-08-05 12:40 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-09-23 15:01 - 2015-08-05 12:39 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-09-23 15:01 - 2015-08-05 12:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-09-23 15:01 - 2015-08-05 12:34 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-09-23 15:01 - 2015-08-05 12:34 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-09-23 15:01 - 2015-08-05 12:30 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-09-23 15:01 - 2015-08-05 12:06 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2015-09-23 15:01 - 2015-08-05 11:37 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-09-23 15:01 - 2015-08-05 11:37 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-09-22 11:16 - 2015-09-22 11:16 - 00000000 ____D C:\windows\TEMPfolder
2015-09-22 11:16 - 2015-09-22 11:16 - 00000000 ____D C:\windows\system32\vefj
2015-09-18 15:22 - 2015-09-18 15:22 - 00000000 ____D C:\windows\pss
2015-09-09 08:18 - 2015-08-17 20:42 - 00393304 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-09-09 08:18 - 2015-08-17 20:14 - 00344168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-09-09 08:18 - 2015-08-15 01:34 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-09-09 08:18 - 2015-08-15 01:33 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-09-09 08:18 - 2015-08-15 01:18 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-09-09 08:18 - 2015-08-15 01:09 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-09-09 08:18 - 2015-08-15 01:06 - 19856896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-09-09 08:18 - 2015-08-15 01:04 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-09-09 08:18 - 2015-08-15 00:57 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-09-09 08:18 - 2015-08-15 00:46 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-09-09 08:18 - 2015-08-15 00:40 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-09-09 08:18 - 2015-08-15 00:40 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-09-09 08:18 - 2015-08-15 00:39 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-09-09 08:18 - 2015-08-15 00:39 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-09-09 08:18 - 2015-08-15 00:38 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-09-09 08:18 - 2015-08-15 00:35 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-09-09 08:18 - 2015-08-15 00:33 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-09-09 08:18 - 2015-08-15 00:32 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-09-09 08:18 - 2015-08-15 00:30 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-09-09 08:18 - 2015-08-15 00:29 - 00665600 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-09-09 08:18 - 2015-08-15 00:29 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-09-09 08:18 - 2015-08-15 00:29 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-09-09 08:18 - 2015-08-15 00:24 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-09-09 08:18 - 2015-08-15 00:23 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-09-09 08:18 - 2015-08-15 00:21 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-09-09 08:18 - 2015-08-15 00:16 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-09-09 08:18 - 2015-08-15 00:12 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-09-09 08:18 - 2015-08-15 00:11 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-09-09 08:18 - 2015-08-15 00:04 - 12857344 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-09-09 08:18 - 2015-08-15 00:02 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-09-09 08:18 - 2015-08-15 00:01 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-09-09 08:18 - 2015-08-14 23:55 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-09-09 08:18 - 2015-08-14 23:39 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-09-09 08:18 - 2015-08-14 23:37 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-09-09 08:18 - 2015-08-05 12:56 - 01110016 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2015-09-09 08:18 - 2015-08-05 12:56 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-09-09 08:18 - 2015-08-05 12:56 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-09-09 08:18 - 2015-08-05 12:40 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-09-09 08:18 - 2015-07-14 22:17 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2015-09-09 08:18 - 2015-07-14 21:54 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2015-09-09 08:18 - 2015-07-09 12:58 - 01632256 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-09-09 08:18 - 2015-07-09 12:58 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2015-09-09 08:18 - 2015-07-09 12:42 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2015-09-09 08:18 - 2015-07-09 12:42 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2015-09-09 08:17 - 2015-08-15 01:48 - 25190400 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-09-09 08:17 - 2015-08-15 01:18 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-09-09 08:17 - 2015-08-15 01:17 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-09-09 08:17 - 2015-08-15 01:17 - 00585216 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-09-09 08:17 - 2015-08-15 01:17 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-09-09 08:17 - 2015-08-15 01:17 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-09-09 08:17 - 2015-08-15 01:10 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-09-09 08:17 - 2015-08-15 01:06 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-09-09 08:17 - 2015-08-15 01:04 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-09-09 08:17 - 2015-08-15 01:04 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-09-09 08:17 - 2015-08-15 01:04 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-09-09 08:17 - 2015-08-15 01:00 - 05923328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-09-09 08:17 - 2015-08-15 00:53 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-09-09 08:17 - 2015-08-15 00:53 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-09-09 08:17 - 2015-08-15 00:42 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-09-09 08:17 - 2015-08-15 00:41 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-09-09 08:17 - 2015-08-15 00:39 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-09-09 08:17 - 2015-08-15 00:22 - 02126336 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-09-09 08:17 - 2015-08-15 00:22 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-09-09 08:17 - 2015-08-15 00:16 - 14451712 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-09-09 08:17 - 2015-08-15 00:14 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-09-09 08:17 - 2015-08-15 00:10 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-09-09 08:17 - 2015-08-15 00:07 - 02427392 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-09-09 08:17 - 2015-08-15 00:01 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-09-09 08:17 - 2015-08-14 23:43 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-09-09 08:17 - 2015-08-14 23:43 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-09-09 08:17 - 2015-07-22 19:06 - 05568960 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-09-09 08:17 - 2015-07-22 19:03 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-09-09 08:17 - 2015-07-22 19:03 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-09-09 08:17 - 2015-07-22 19:03 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-09-09 08:17 - 2015-07-22 19:03 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-09-09 08:17 - 2015-07-22 19:03 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-09-09 08:17 - 2015-07-22 19:02 - 01390592 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-09-09 08:17 - 2015-07-22 19:02 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-09-09 08:17 - 2015-07-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-09-09 08:17 - 2015-07-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-09-09 08:17 - 2015-07-22 19:02 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-09-09 08:17 - 2015-07-22 19:02 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-09-09 08:17 - 2015-07-22 19:02 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-09-09 08:17 - 2015-07-22 19:02 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-09-09 08:17 - 2015-07-22 19:02 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-09-09 08:17 - 2015-07-22 19:02 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-09-09 08:17 - 2015-07-22 19:02 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-09-09 08:17 - 2015-07-22 19:01 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-09-09 08:17 - 2015-07-22 18:52 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-09-09 08:17 - 2015-07-22 18:52 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 18:52 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 18:52 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 18:52 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 12:57 - 03989952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-09-09 08:17 - 2015-07-22 12:57 - 03934656 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-09-09 08:17 - 2015-07-22 12:54 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-09-09 08:17 - 2015-07-22 12:53 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-09-09 08:17 - 2015-07-22 12:53 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-09-09 08:17 - 2015-07-22 12:53 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-09-09 08:17 - 2015-07-22 12:53 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-09-09 08:17 - 2015-07-22 12:52 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-09-09 08:17 - 2015-07-22 12:52 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-09-09 08:17 - 2015-07-22 12:52 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-09-09 08:17 - 2015-07-22 12:52 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-09-09 08:17 - 2015-07-22 12:42 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-09-09 08:17 - 2015-07-22 12:42 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 12:42 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 11:48 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-09-09 08:17 - 2015-07-22 11:34 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-09-09 08:17 - 2015-07-22 11:34 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-09-09 08:17 - 2015-07-22 11:31 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 11:31 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 11:31 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-09 08:17 - 2015-07-22 11:31 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-09-09 08:15 - 2015-08-27 13:18 - 02004480 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-09-09 08:15 - 2015-08-27 13:18 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-09-09 08:15 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2015-09-09 08:15 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-09-09 08:15 - 2015-08-27 12:58 - 01391104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2015-09-09 08:15 - 2015-08-27 12:58 - 01241088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-09-09 08:15 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2015-09-09 08:15 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-09-09 08:15 - 2015-08-04 13:03 - 00692672 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-09-09 08:15 - 2015-08-04 13:00 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-09-09 08:15 - 2015-08-04 12:56 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-09-09 08:15 - 2015-08-04 12:56 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-09-09 08:15 - 2015-08-04 12:56 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-09-09 08:15 - 2015-08-04 12:55 - 00147456 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-09-09 08:15 - 2015-08-04 12:55 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-09-09 08:15 - 2015-08-04 12:47 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-09-09 08:15 - 2015-06-25 05:06 - 00115136 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2015-09-09 08:15 - 2015-06-25 05:01 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-09-09 08:15 - 2015-06-25 05:01 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2015-09-09 08:15 - 2015-06-25 04:44 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-09-09 08:14 - 2015-09-01 22:04 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-09-09 08:14 - 2015-09-01 22:04 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-09-09 08:14 - 2015-09-01 22:04 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-09-09 08:14 - 2015-09-01 22:04 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-09-09 08:14 - 2015-09-01 21:48 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-09-09 08:14 - 2015-09-01 21:48 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-09-09 08:14 - 2015-09-01 21:48 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-09-09 08:14 - 2015-09-01 21:47 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-09-09 08:14 - 2015-09-01 20:51 - 03209216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-09-09 08:14 - 2015-09-01 20:47 - 00372736 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-09-09 08:14 - 2015-09-01 20:33 - 00299520 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-09-09 08:14 - 2015-08-26 13:07 - 03165696 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-09-09 08:14 - 2015-08-26 13:07 - 02606080 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-09-09 08:14 - 2015-08-26 13:07 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-09-09 08:14 - 2015-08-26 13:07 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-09-09 08:14 - 2015-08-26 13:07 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-09-09 08:14 - 2015-08-26 13:07 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-09-09 08:14 - 2015-08-26 13:07 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-09-09 08:14 - 2015-08-26 13:06 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-09-09 08:14 - 2015-08-26 13:06 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-09-09 08:14 - 2015-08-26 13:06 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-09-09 08:14 - 2015-08-26 13:06 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-09-09 08:14 - 2015-08-26 12:56 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-09-09 08:14 - 2015-08-26 12:56 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-09-09 08:14 - 2015-08-26 12:56 - 00093184 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-09-09 08:14 - 2015-08-26 12:56 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-09-09 08:14 - 2015-08-26 12:55 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-09-09 08:14 - 2015-08-04 11:58 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-09-08 10:08 - 2015-09-25 13:23 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-08 10:07 - 2015-09-08 10:07 - 00929360 _____ (Google Inc.) C:\Users\adsemj\Downloads\ChromeSetup.exe
2015-09-04 10:41 - 2015-09-04 10:41 - 00000000 ____D C:\Users\adsemj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-04 09:31 - 2015-09-04 09:31 - 01804688 _____ (Microsoft Corporation) C:\windows\system32\WdfCoInstaller01011.dll
2015-09-04 09:31 - 2015-09-04 09:31 - 00096536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dc3d.sys
2015-09-03 09:28 - 2015-09-03 09:33 - 431085454 _____ C:\Users\adsemj\Desktop\Collarinfo_forATS(31Aug2015).zip
2015-09-03 08:29 - 2015-09-29 15:36 - 00000000 ____D C:\Users\adsemj\Desktop\September 2015 Order Confirmation
2015-09-03 08:29 - 2015-09-28 12:19 - 00000000 ____D C:\Users\adsemj\Desktop\September 2015 Quotes
2015-09-03 08:29 - 2015-09-24 13:52 - 00000000 ____D C:\Users\adsemj\Desktop\September 2015 Proforma Invoices
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-30 06:38 - 2010-12-20 04:16 - 01967368 _____ C:\windows\WindowsUpdate.log
2015-09-30 06:35 - 2015-06-19 08:15 - 00000922 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1715567821-813497703-1801674531-1656UA.job
2015-09-30 06:35 - 2014-09-03 11:57 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-09-30 06:35 - 2011-03-23 11:27 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-30 06:34 - 2011-03-23 11:27 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-30 06:34 - 2011-02-09 12:15 - 00000128 _____ C:\windows\system32\config\netlogon.ftl
2015-09-29 14:27 - 2015-06-19 08:15 - 00000870 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1715567821-813497703-1801674531-1656Core.job
2015-09-29 08:42 - 2015-07-15 14:40 - 00000000 ____D C:\Users\adsemj\AppData\Roaming\TeamViewer
2015-09-29 08:19 - 2009-07-13 23:51 - 00163469 _____ C:\windows\setupact.log
2015-09-29 08:16 - 2009-07-13 23:45 - 00020944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-29 08:16 - 2009-07-13 23:45 - 00020944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-29 08:10 - 2013-05-31 14:35 - 00000000 ____D C:\Users\Public\Report
2015-09-29 08:04 - 2012-11-26 11:26 - 00000000 ___RD C:\Users\adsemj\Dropbox
2015-09-29 08:03 - 2012-11-26 11:05 - 00000000 ____D C:\Users\adsemj\AppData\Roaming\Dropbox
2015-09-29 08:01 - 2010-09-10 18:56 - 00000000 ____D C:\ProgramData\HPQLOG
2015-09-29 08:01 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-09-28 13:46 - 2009-07-14 00:13 - 00782510 _____ C:\windows\system32\PerfStringBackup.INI
2015-09-28 11:10 - 2010-09-10 18:34 - 00000000 ____D C:\Program Files (x86)\Intel
2015-09-28 11:02 - 2010-09-10 19:33 - 00637332 _____ C:\windows\PFRO.log
2015-09-28 08:34 - 2011-02-09 08:50 - 00000000 ____D C:\Intel
2015-09-28 08:07 - 2012-07-08 03:36 - 00000000 ____D C:\Program Files (x86)\1ClickDownload
2015-09-25 10:00 - 2012-02-01 11:57 - 00000000 ____D C:\Users\adsemj\Desktop\Word Docs
2015-09-24 17:52 - 2011-02-09 12:16 - 00009361 __RSH C:\ProgramData\ntuser.pol
2015-09-24 10:50 - 2011-03-23 11:27 - 00000000 ____D C:\Program Files\Google
2015-09-24 10:50 - 2011-03-23 11:26 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-24 10:50 - 2009-07-13 22:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-09-24 10:47 - 2012-09-12 10:37 - 00000000 ____D C:\windows\SysWOW64\WNLT
2015-09-24 10:00 - 2013-04-09 08:21 - 00000000 ____D C:\windows\SysWOW64\ARFC
2015-09-24 08:21 - 2011-03-23 11:27 - 00000000 ____D C:\Users\adsemj\AppData\Local\Google
2015-09-24 08:21 - 2011-03-23 11:26 - 00000000 ____D C:\ProgramData\Google
2015-09-24 08:08 - 2014-03-31 14:48 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-09-24 07:58 - 2011-02-09 12:39 - 00000844 __RSH C:\Users\adsemj\ntuser.pol
2015-09-24 07:58 - 2011-02-09 12:38 - 00000000 ____D C:\Users\adsemj
2015-09-24 07:58 - 2010-09-10 18:56 - 00000000 ____D C:\ProgramData\PDFC
2015-09-23 17:14 - 2011-02-07 21:07 - 00000000 ____D C:\windows\rescache
2015-09-22 11:16 - 2011-04-15 14:41 - 00357888 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2015-09-22 11:16 - 2011-04-15 14:41 - 00270336 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2015-09-17 12:58 - 2014-02-19 16:52 - 00011807 _____ C:\Users\adsemj\Desktop\Frequency Stock List 160 ICM.xlsx
2015-09-16 18:11 - 2011-03-23 11:27 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-16 18:11 - 2011-03-23 11:27 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-14 15:40 - 2011-02-17 14:17 - 00000000 ____D C:\Users\adsemj\AppData\Local\Deployment
2015-09-10 11:20 - 2011-03-23 11:25 - 00000000 ____D C:\Users\adsemj\AppData\Roaming\Skype
2015-09-10 07:59 - 2009-07-13 23:45 - 00459496 _____ C:\windows\system32\FNTCACHE.DAT
2015-09-10 07:55 - 2009-07-27 09:36 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 16:09 - 2011-02-09 08:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-09 16:07 - 2013-08-15 03:00 - 00000000 ____D C:\windows\system32\MRT
2015-09-09 07:56 - 2015-05-04 08:25 - 00010313 _____ C:\Users\adsemj\Desktop\ATS Australia Discounts.xlsx
2015-09-07 07:27 - 2011-02-09 12:18 - 00125136 _____ C:\Users\kuechj\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-07 07:26 - 2011-02-09 12:19 - 00000000 ___RD C:\Users\kuechj\Virtual Machines
2015-09-07 07:25 - 2014-09-03 11:44 - 00002255 _____ C:\Users\kuechj\Desktop\Google Chrome.lnk
2015-09-07 07:25 - 2011-02-09 12:19 - 00001413 _____ C:\Users\kuechj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-09-04 16:13 - 2014-02-21 10:25 - 00012887 _____ C:\Users\adsemj\Desktop\Frequency Stock List Epson 160-169.xlsx
2015-09-03 08:44 - 2015-02-03 09:00 - 00000000 ____D C:\Users\adsemj\Desktop\2015 Order Confirmation
2015-09-03 08:30 - 2015-02-03 09:01 - 00000000 ____D C:\Users\adsemj\Desktop\2015 Quotes
2015-09-03 08:30 - 2015-02-03 09:01 - 00000000 ____D C:\Users\adsemj\Desktop\2015 Proforma Invoices
 
==================== Files in the root of some directories =======
 
2011-03-23 11:28 - 2011-03-23 11:28 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2012-03-28 08:03 - 2012-03-28 08:03 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
 
Some files in TEMP:
====================
C:\Users\adsemj\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpupdzlz.dll
C:\Users\JP\AppData\Local\Temp\HPQSi.exe
C:\Users\JP\AppData\Local\Temp\MSN7E93.exe
C:\Users\kuechj\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\kuechj\AppData\Local\Temp\nagrest.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll
[2011-04-15 14:41] - [2015-09-22 11:16] - 0357888 ____A (Microsoft Corporation) 2D128B91D26ECC77D85C228768A26945
 
C:\windows\SysWOW64\dnsapi.dll
[2011-04-15 14:41] - [2015-09-22 11:16] - 0270336 ____A (Microsoft Corporation) EB9D6583A90D56D3E99D77445FA54266
 
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-21 11:30
 
==================== End of FRST.txt ============================

 

 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:25 PM

Posted 30 September 2015 - 02:25 PM

Greetings JP_Smith and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please download a fresh copy of FRST and save it to your Desktop:
 

Running from C:\Users\kuechj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I4U3DQ7H


----------

There should already be an Addition.txt file on your Desktop. Please copy and paste that information in your reply. If it is not there please rerun a FRST scan after completing the below making sure to check Addition.txt.

----------

Does this behavior only occur with Chrome or is it present with other browsers?

Please do these things for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShortcutTarget: Dropbox.lnk -> C:\Users\kuechj\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
HKU\S-1-5-21-1715567821-813497703-1801674531-1121-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1715567821-813497703-1801674531-1213\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1715567821-813497703-1801674531-1213-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1715567821-813497703-1801674531-1656\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1715567821-813497703-1801674531-1121-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-1715567821-813497703-1801674531-1213 -> {A9CC9C3F-9C5C-4350-A5D6-A5E63E54D631} URL = 
SearchScopes: HKU\S-1-5-21-1715567821-813497703-1801674531-1213 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\S-1-5-21-1715567821-813497703-1801674531-1213-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A9CC9C3F-9C5C-4350-A5D6-A5E63E54D631} URL = 
SearchScopes: HKU\S-1-5-21-1715567821-813497703-1801674531-1213-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
Toolbar: HKU\S-1-5-21-1715567821-813497703-1801674531-1121-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKU\S-1-5-21-1715567821-813497703-1801674531-1213 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1715567821-813497703-1801674531-1213-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1715567821-813497703-1801674531-1656 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF HKLM-x32\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com => not found
S3 SWVNIC; system32\DRIVERS\swvnic.sys [X]
C:\Users\JP\AppData\Local\Temp\MSN7E93.exe
Folder: C:\windows\system32\vefj
Folder: C:\windows\TEMPfolder
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Copy/paste the following in the Search Field
dnsapi.dll
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed you will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Cleaning
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Addition.txt
  • Only Chrome?
  • Fixlog
  • Search log
  • AdwCleaner log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 JP_Smith

JP_Smith
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 01 October 2015 - 08:16 AM

Gary,

 

Thanks for the help!!  

 

-We're having the same problem in Internet Explorer as well.  

 

-There was NO AdwCleaner log on the reboot...  Is there a way to still get that??

 

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-09-2015

Ran by kuechj (2015-10-01 06:44:49)
Running from C:\Users\kuechj\Desktop
Windows 7 Professional Service Pack 1 (X64) (2011-02-07 18:12:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3863894753-4190228360-1962728708-500 - Administrator - Disabled)
Guest (S-1-5-21-3863894753-4190228360-1962728708-501 - Limited - Disabled)
JP (S-1-5-21-3863894753-4190228360-1962728708-1002 - Administrator - Enabled) => C:\Users\JP
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Endpoint Security 10 for Windows (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Endpoint Security 10 for Windows (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Endpoint Security 10 for Windows (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
ActivClient x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Reader 9.4.0 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.0 - Adobe Systems Incorporated)
Advanced Telemetry Systems, Inc ATSWinRec_C 1.0.9 (HKLM-x32\...\{84EE0F24-0995-11D5-A81F-00C06D16652B}) (Version:  - )
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
ATS Archive Tag Reader (HKLM-x32\...\{442520A8-D421-4730-9238-CF4D15B6B767}) (Version: 1.0.2 - Advanced Telemetry Systems, Inc)
ATS SureDrop (HKLM-x32\...\{AF4B8CF1-2135-4885-80BA-3DE8343B7A83}) (Version: 1.0.0 - Default Company Name)
ATS WinRec 12 Table (HKU\S-1-5-21-1715567821-813497703-1801674531-1656\...\19fbdb8f15546b34) (Version: 1.0.0.143 - Advanced Telemetry Systems, Inc)
ATS WinRec 12 Table (HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\19fbdb8f15546b34) (Version: 1.0.0.143 - Advanced Telemetry Systems, Inc)
ATSFixes for Loggers - 1  (HKU\S-1-5-21-1715567821-813497703-1801674531-1656\...\abeb7124d1c64cdf) (Version: 1.0.0.16 - Advanced Telemetry Systems, Inc)
ATSFixes for Loggers - 1  (HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\abeb7124d1c64cdf) (Version: 1.0.0.16 - Advanced Telemetry Systems, Inc)
ATSFixes for Loggers - 2  (HKU\S-1-5-21-1715567821-813497703-1801674531-1656\...\ad6a9f6ca9662f0b) (Version: 1.0.0.16 - Advanced Telemetry Systems, Inc)
ATSFixes for Loggers - 2  (HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\ad6a9f6ca9662f0b) (Version: 1.0.0.16 - Advanced Telemetry Systems, Inc)
ATSFixes for Loggers (HKU\S-1-5-21-1715567821-813497703-1801674531-1656\...\57e20bfe6fee3a56) (Version: 1.0.0.16 - Advanced Telemetry Systems, Inc)
ATSFixes for Loggers (HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\57e20bfe6fee3a56) (Version: 1.0.0.16 - Advanced Telemetry Systems, Inc)
ATSGPSBattLifeCalc_2012 (HKU\S-1-5-21-1715567821-813497703-1801674531-1656\...\d09daaae29d2a7ef) (Version: 1.0.0.10 - Microsoft)
ATSGPSBattLifeCalc_2012 (HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\d09daaae29d2a7ef) (Version: 1.0.0.10 - Microsoft)
ATSWinCollar (HKLM-x32\...\InstallShield_{8B5AA7AF-70F4-4867-B6DF-DFA08CE64512}) (Version: 1.2.2 - Advanced Telemetry Systems, Inc)
ATSWinCollar (x32 Version: 1.2.2 - Advanced Telemetry Systems, Inc) Hidden
ATSWinRec_R4520 (HKU\S-1-5-21-1715567821-813497703-1801674531-1656\...\d56841fea71d20e2) (Version: 2.0.0.4 - Advanced Telemetry Systems, Inc)
ATSWinRec_R4520 (HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\d56841fea71d20e2) (Version: 2.0.0.4 - Advanced Telemetry Systems, Inc)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.48.35 - Broadcom Corporation)
Chinese Simplified Fonts Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-2447-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 5.0.1.6 - Hewlett-Packard)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Drive Encryption for HP ProtectTools (HKLM-x32\...\Drive Encryption) (Version: 5.0.6.0 - Hewlett-Packard)
Drive Encryption for HP ProtectTools (Version: 5.0.6.0 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-1715567821-813497703-1801674531-1656\...\Dropbox) (Version: 3.10.6 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.10.6 - Dropbox, Inc.)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 5.0.1.3 - Hewlett-Packard)
FileOpen Client (x64) (HKLM\...\{8D8B35B1-4F80-412C-8F96-0BEE6AF1C57D}) (Version: 3.0.73.917 - FileOpen Systems, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Earth (HKLM-x32\...\{3E8A20E1-223F-11E2-9116-B8AC6F98CCE3}) (Version: 7.0.1.8244 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HP 3D DriveGuard (HKLM\...\{299625B9-6C69-462C-9CEA-8E06D878B1C5}) (Version: 4.0.5.1 - Hewlett-Packard Company)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{4054365C-8CD6-4F08-A2F9-44CADFD7A9D0}) (Version: 1.1.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{722A2876-B382-4AB5-8CC9-007FF5B28641}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HP HotKey Support (HKLM\...\{4BBA5224-C5B1-4B8C-AAA4-68DA6654B9C1}) (Version: 3.5.15.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{3C33FD2E-6B21-4CD3-B41A-A7331D467617}) (Version: 1.0.6.0 - Hewlett-Packard)
HP Power Data (HKLM\...\{42DBA167-C25D-49CE-BBAF-DEC25E737DA8}) (Version: 1.0.21.158 - Hewlett-Packard)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 5.07.711 - Hewlett-Packard)
HP QuickLook (HKLM\...\{F9DB9D94-7ABF-4FF0-AE71-4FC9DAB7D4A1}) (Version: 3.3.1.4 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{7861911B-4270-498A-8F7A-FCF0570F4877}) (Version: 1.0.1.62 - DeviceVM, Inc.)
HP Setup (HKLM-x32\...\{96AC1B0B-02D1-4FAA-9C1E-C92ECA74921A}) (Version: 8.2.4130.3367 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{2DA697D7-FED3-4DE2-A174-92A2A12F9688}) (Version: 3.0.5.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{DA200FDD-DE3D-4958-8465-C4FBC869544B}) (Version: 3.5.20.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{04801E42-B1A6-4C52-9F3D-CADB5A050433}) (Version: 7.0.1.6 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}) (Version: 4.4.6.3 - Hewlett-Packard)
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.19.5 - Roxio)
HP Wireless Assistant (HKLM\...\{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}) (Version: 4.0.6.0 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6275.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 14.8 - Intel)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Japanese Fonts Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5760-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Java 7 Update 79 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217079FF}) (Version: 7.0.790 - Oracle)
Java Card Security for HP ProtectTools (HKLM\...\{F4477CC0-7293-414A-93BC-20EE897A80F0}) (Version: 5.0.4.1 - Hewlett-Packard)
Kaspersky Endpoint Security 10 for Windows (HKLM\...\{04CF7FBD-E56C-446D-8FC9-DD444BDBEE8E}) (Version: 10.1.0.867 - Kaspersky Lab)
Keyspan USB Serial Adapter (HKLM-x32\...\{2E97DE76-851A-48AA-A0D6-665860FAD9CA}) (Version:  - )
Lexmark 5600-6600 Series (HKLM\...\Lexmark 5600-6600 Series) (Version:  - Lexmark International, Inc.)
Lexmark Printable Web (HKLM-x32\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - )
Lexmark Toolbar (HKLM-x32\...\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}) (Version: 4.0.53.0 - )
LightScribe System Software (HKLM-x32\...\{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}) (Version: 1.18.12.1 - LightScribe)
Live Support Chat for Web Site Operator Console - Version: 5.7.3.r15174 (HKLM-x32\...\Live Support Chat for Web Site_is1) (Version: 5.7.3 - Provide Support, LLC)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft IntelliPoint 8.1 (HKLM\...\Microsoft IntelliPoint 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 (KB971118) (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971118)) (Version:  - Microsoft Corporation)
Microsoft ReportViewer 2010 SP1 Redistributable (KB2549864) (HKLM-x32\...\{1282C0BC-3B22-33D4-B72E-62922415DDCA}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.117 - PDF Complete, Inc)
Privacy Manager for HP ProtectTools (HKLM\...\{04255D34-6C6D-4F63-A218-EE8FD2D13AF0}) (Version: 5.10.796 - Hewlett-Packard)
PyQt GPL v4.9.4 for Python v2.7 (x86) (HKLM-x32\...\PyQt GPL v4.9.4 for Python v2.7 (x86)) (Version: 4.9.4-1 - )
Python 2.7 pywin32-216 (HKU\S-1-5-21-1715567821-813497703-1801674531-1656\...\pywin32-py2.7) (Version:  - )
Python 2.7 pywin32-216 (HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\pywin32-py2.7) (Version:  - )
Python 2.7 setuptools-0.6c11 (HKU\S-1-5-21-1715567821-813497703-1801674531-1656\...\setuptools-py2.7) (Version:  - )
Python 2.7 setuptools-0.6c11 (HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\setuptools-py2.7) (Version:  - )
Python 2.7.2 (HKLM-x32\...\{2E295B5B-1AD4-4D36-97C2-A316084722CF}) (Version: 2.7.2150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek PC Camera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.1.7600.0028 - Realtek Semiconductor Corp.)
RICOH Media Driver (HKLM-x32\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.14.00.05 - RICOH)
Roxio Creator Business (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3.56.20 - Roxio)
Scribus 1.4.3 (64bit) (HKLM\...\Scribus 1.4.3) (Version: 1.4.3 - The Scribus Team)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version:  - Silicon Laboratories)
Silicon Laboratories CP210x VCP Drivers for Windows 2000 (HKLM-x32\...\{4A29DA2B-2097-4FF3-AFFB-8CEBBD987CFF}) (Version: 6.3a - Silicon Laboratories, Inc.)
Silicon Laboratories IDE & Examples (HKLM-x32\...\{946A7928-686D-4C59-AF2E-D6817C1631E4}) (Version: 4.10 - Silicon Laboratories, Inc.)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SymmTime (HKLM-x32\...\{E8C4C64A-CA0E-4A1F-9C94-0EF137F7910B}) (Version: 4.10.00 - Symmetricom)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
Theft Recovery (HKLM-x32\...\InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}) (Version: 5.1.0.21 - Hewlett-Packard)
Theft Recovery (x32 Version: 5.1.0.21 - Hewlett-Packard) Hidden
Total Phase USB Driver v2.12 (HKLM-x32\...\TotalPhase) (Version:  - )
Unity Web Player (HKU\S-1-5-21-1715567821-813497703-1801674531-1656\...\UnityWebPlayer) (Version: 4.6.5f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 4.6.5f1 - Unity Technologies ApS)
Validity Fingerprint Driver (HKLM\...\{DD966CEF-5EA9-4BA2-B210-490FEBC27EA7}) (Version: 4.0.15.0 - Validity Sensors, Inc.)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
WatchGuard Mobile VPN with SSL client 11.4.2 (HKLM-x32\...\Mobile VPN with SSL client_is1) (Version:  - WatchGuard)
Windows 7 Default Setting (HKLM-x32\...\{5BF8E079-D6E2-4323-B794-75152371122A}) (Version: 1.0.1.6 - Hewlett-Packard Company)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (12/16/2009 6.2.0.9414) (HKLM\...\7E38E30BB92ED94B21CF062A7386554CBA991FEB) (Version: 12/16/2009 6.2.0.9414 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Silicon Laboratories (silabenm) Ports  (03/19/2014 6.7.0.0) (HKLM\...\B97004A400E30DCF940971EFA7A0C13C6B0A4B66) (Version: 03/19/2014 6.7.0.0 - Silicon Laboratories)
Windows Driver Package - Silicon Laboratories (silabenm) Ports  (10/18/2013 6.6.1.0) (HKLM\...\F92C2D6CB4EA0EE558BDF5F8BDD69083DFC62179) (Version: 10/18/2013 6.6.1.0 - Silicon Laboratories)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Small Business Server 2008 ClientAgent (HKLM\...\{E4FF4DF1-F99C-49AC-B398-BE0887432846}) (Version: 6.0.5601.0 - Microsoft Corporation)
Windows Small Business Server 2008 Desktop Links Gadget (HKLM\...\{F5E5D7CA-0F94-41A3-8106-66473C2F3728}) (Version: 6.0.5601.0 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\adsemj\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\adsemj\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adsemj\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adsemj\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adsemj\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adsemj\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adsemj\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adsemj\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adsemj\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adsemj\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\adsemj\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-813497703-1801674531-1656_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\adsemj\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-813497703-1801674531-1656_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\adsemj\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-813497703-1801674531-1656_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adsemj\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-813497703-1801674531-1656_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adsemj\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-813497703-1801674531-1656_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adsemj\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-813497703-1801674531-1656_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adsemj\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-813497703-1801674531-1656_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adsemj\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-813497703-1801674531-1656_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adsemj\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-813497703-1801674531-1656_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adsemj\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-813497703-1801674531-1656_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adsemj\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-813497703-1801674531-1656_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\adsemj\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0C6DA44D-4D99-4B44-9CC8-191608867FC3} - System32\Tasks\{F5C7244D-E10F-4805-84DF-54AD33B85685} => pcalua.exe -a C:\Users\adsemj\Desktop\setup.exe -d C:\Users\adsemj\Desktop
Task: {20EAE4AB-494E-4A38-9A54-58E95E0DC8F1} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1715567821-813497703-1801674531-1656Core => C:\Users\adsemj\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {223FEC82-89E0-45D9-A0A2-DB24D660F47D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {2CF0A9EE-A9F0-4697-B450-F6A1AD11193C} - System32\Tasks\{DE30D1FD-04D4-4C3F-95B1-DC80B6DCB7EC} => Iexplore.exe http://ui.skype.com/ui/0/5.5.0.124/en/abandoninstall?page=tsPlugin&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {3BE25DAA-4948-42E9-BA51-F9EB83E63EC8} - System32\Tasks\{1B2F8230-8C1F-4825-B58C-A0597546E2EB} => Iexplore.exe http://ui.skype.com/ui/0/5.8.0.158/en/abandoninstall?page=tsMain
Task: {3E4C57B2-79A7-4272-A6D3-423D6A65F17D} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-04-13] (Microsoft Corporation)
Task: {3E560CB2-F977-4326-BF0D-254478C1330A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {41312E97-3559-4FD6-B3F7-AD27BF149932} - System32\Tasks\{143DB83B-F525-474F-A172-1898E5E5B0BF} => pcalua.exe -a G:\Avian\Cheetah\TotalPhaseUSB-v2.11.exe -d G:\Avian
Task: {49C2441B-14F9-43E3-A278-9BA0F05D934B} - System32\Tasks\{D601B846-BE08-444D-82DC-DAC71C16A99B} => pcalua.exe -a "C:\Users\adsemj\Desktop\Promo Items\atsfixesfor collarsv11_1\setup.exe" -d "C:\Users\adsemj\Desktop\Promo Items\atsfixesfor collarsv11_1"
Task: {5D07749C-FFFB-48D8-8B0E-AE21968DCEC5} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-03-24] (Hewlett-Packard)
Task: {6A22539F-1D2E-4BF5-9B54-6A6677A7BA5E} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-03-24] (Hewlett-Packard)
Task: {907D96B1-97D8-4975-9CC2-4759EFEE7BE3} - System32\Tasks\UpdaterEX => C:\Users\adsemj\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {9EF902A5-786F-4A7D-9BC2-C60F723F1A29} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {BBB4366A-EE81-4E20-8249-961825B39399} - System32\Tasks\{4D22AA03-3CFF-4EEA-B27E-78811D59BBFD} => pcalua.exe -a "C:\Users\adsemj\Desktop\Robin GPS Unit\Terrestrial\Cheetah\TotalPhaseUSB-v2.11.exe" -d "C:\Users\adsemj\Desktop\Robin GPS Unit\Terrestrial"
Task: {C3FC1A20-E337-4C16-8426-91FD4EDE2A77} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe [2008-09-10] ()
Task: {D7170187-A660-48E1-A999-3048AD3FAF97} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1715567821-813497703-1801674531-1656UA => C:\Users\adsemj\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {E398C575-3871-44E1-94B8-CD178EF61042} - System32\Tasks\{7A9757A3-4533-417A-9F17-1F7E11E4D378} => pcalua.exe -a "C:\Users\adsemj\AppData\Local\Temp\Temp1_ATSFixes for Satellite Collars 14.zip\setup.exe"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1715567821-813497703-1801674531-1656Core.job => C:\Users\adsemj\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1715567821-813497703-1801674531-1656UA.job => C:\Users\adsemj\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\UpdaterEX.job => C:\Users\adsemj\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-03-28 08:07 - 2008-04-30 19:44 - 00045568 _____ () C:\windows\System32\LXDUPMON.DLL
2012-03-28 08:07 - 2008-09-10 04:43 - 00086016 _____ () C:\windows\System32\LXDUOEM.DLL
2012-03-28 08:06 - 2008-09-10 04:41 - 00081408 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\ipcmt64.dll
2012-03-28 08:11 - 2009-10-16 16:07 - 00186880 _____ () C:\windows\system32\spool\PRTPROCS\x64\lxdudrpp.dll
2010-04-20 10:10 - 2010-04-20 10:10 - 00100352 _____ () c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2011-11-03 13:20 - 2011-06-29 23:02 - 00058368 _____ () C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-04-05 13:15 - 2010-04-05 13:15 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HPCommon.XmlSerializers.dll
2010-04-05 13:12 - 2010-04-05 13:12 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2010-04-05 13:11 - 2010-04-05 13:11 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-04-05 13:12 - 2010-04-05 13:12 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2013-01-20 00:21 - 2013-01-20 00:21 - 00106920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\BundlesController.ppl
2013-01-20 00:16 - 2013-01-20 00:16 - 00478120 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\dblite.dll
2013-01-20 00:16 - 2013-01-20 00:16 - 00150952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\self_defence.dll
2013-01-20 00:16 - 2013-01-20 00:16 - 01309608 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\kpcengine.2.2.dll
2013-01-20 00:15 - 2013-01-20 00:15 - 00182184 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\application_categorizer.dll
2013-01-20 00:15 - 2013-01-20 00:15 - 00313256 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\categorizer_facade.dll
2015-09-30 19:28 - 2015-09-30 19:28 - 00071168 _____ () c:\users\adsemj\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyqw2t3.dll
2015-08-12 13:30 - 2015-09-02 18:03 - 00012800 _____ () C:\Users\adsemj\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-08-12 13:30 - 2015-09-02 18:03 - 00779776 _____ () C:\Users\adsemj\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-08-12 13:30 - 2015-09-02 18:03 - 00056320 _____ () C:\Users\adsemj\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-08-12 13:30 - 2015-09-02 18:03 - 00012288 _____ () C:\Users\adsemj\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1715567821-813497703-1801674531-1121-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\chrisn\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1715567821-813497703-1801674531-1213\Control Panel\Desktop\\Wallpaper -> C:\Users\kuechj\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1715567821-813497703-1801674531-1213-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\kuechj\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1715567821-813497703-1801674531-1656\Control Panel\Desktop\\Wallpaper -> C:\Users\adsemj\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\adsemj\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3863894753-4190228360-1962728708-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\JP\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SymmTime.lnk => C:\windows\pss\SymmTime.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^adsemj^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^adsemj^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Dropbox Update => "C:\Users\adsemj\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: DW6 => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
MSCONFIG\startupreg: File Sanitizer => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
MSCONFIG\startupreg: FileOpenBroker => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
MSCONFIG\startupreg: HPPowerAssistant => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Lexmark 5600-6600 Series => "C:\Program Files (x86)\Lexmark 5600-6600 Series\fm3032.exe" /s
MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: lxduamon => "C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe"
MSCONFIG\startupreg: lxdumon.exe => "C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe"
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: QLBController => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: VX3000 => C:\windows\vVX3000.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{599E0F23-3E4B-4248-AEE2-5EA1CAD64059}] => (Allow) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
FirewallRules: [{A0536E09-FF7B-4353-A555-51ED62973EEB}] => (Allow) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{A69B2CDC-6B16-4EE1-A7B0-7B1412A18C67}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{68DEE060-4092-4A9C-8188-0970465CB33C}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{129AC274-CF8F-4A15-9606-C14D8C0089DE}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{058EB6D9-3A0E-4CCF-8360-606996081D7F}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{2C1D9CBF-60A1-4903-8AAE-5C6B5B6E5E9A}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{982C7280-A3DB-4D17-8F0C-9BE8F065FB28}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{E358395F-63E7-4F13-B097-434E986AE884}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{055A3E53-6065-4790-9BC3-C4A903899643}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{C7231850-6777-4103-9972-3E8E1FC0E87A}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{C15A1DD7-CA0A-43A7-A8AF-CC62AEC6E795}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{563C51EE-5D54-4CFE-945C-440A94E38B14}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [TCP Query User{FE0D922C-8A73-40A4-A0F6-A6D90D1EEE2D}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Block) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{C227FA11-1FF4-4E62-BB86-8E13A14FF8F5}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Block) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [TCP Query User{F966981A-B3F1-43F1-BE5E-AB9A638E9602}C:\program files (x86)\microsoft office\office14\outlook.exe] => (Block) C:\program files (x86)\microsoft office\office14\outlook.exe
FirewallRules: [UDP Query User{6EE717E0-C90F-43F7-B5EE-23FDD6AB69F2}C:\program files (x86)\microsoft office\office14\outlook.exe] => (Block) C:\program files (x86)\microsoft office\office14\outlook.exe
FirewallRules: [{7C1319A5-0669-4014-81D6-0D93C593AD51}] => (Allow) C:\Windows\SysWOW64\lxducoms.exe
FirewallRules: [{5A7AB8D4-D0B4-4C10-864E-3F190B2A7AD7}] => (Allow) C:\Windows\SysWOW64\lxducoms.exe
FirewallRules: [{F7EF19B9-1188-414F-ABC3-CEF62C25C411}] => (Allow) C:\Windows\System32\lxducoms.exe
FirewallRules: [{E28AB386-36D6-48F9-8E74-244AF5B0D477}] => (Allow) C:\Windows\System32\lxducoms.exe
FirewallRules: [{BEFC8C27-30C5-4529-A985-44C59F6A3560}] => (Allow) C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe
FirewallRules: [{519C1AF5-F572-41F2-8018-AB0D6F9E5CB1}] => (Allow) C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe
FirewallRules: [{3057FE11-5F05-4502-B35B-F874EACCAD18}] => (Allow) C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe
FirewallRules: [{CCBF0CFA-E157-434C-BC1A-B78B50F2FBB3}] => (Allow) C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe
FirewallRules: [{B5BB3C08-1F14-4862-B47A-9DAE3405CA34}] => (Allow) C:\Program Files (x86)\Lexmark 5600-6600 Series\frun.exe
FirewallRules: [{CCDAF16F-C342-4810-8AAC-F9C567C3837F}] => (Allow) C:\Program Files (x86)\Lexmark 5600-6600 Series\frun.exe
FirewallRules: [{3D1BA6E1-06FB-4794-BA78-1B001CD5A85E}] => (Allow) C:\Program Files (x86)\Lexmark 5600-6600 Series\frun.exe
FirewallRules: [{0E1D580A-04B1-40BB-8BF5-D59547D78E43}] => (Allow) C:\Program Files (x86)\Lexmark 5600-6600 Series\frun.exe
FirewallRules: [{D21A73D8-C0EE-45D6-9B65-7DE97E447990}] => (Allow) C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdufax.exe
FirewallRules: [{94C7B1E1-1A13-40C7-8AA0-AE3C582AE6D4}] => (Allow) C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdufax.exe
FirewallRules: [{462BAB58-2C3D-41D0-9D4F-2D2F9EE5081E}] => (Allow) C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdufax.exe
FirewallRules: [{03BF7575-0E9D-48FC-BD8F-0AD89D121001}] => (Allow) C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdufax.exe
FirewallRules: [TCP Query User{01ACC09C-A664-4279-A39F-0101A853D277}C:\program files (x86)\advanced telemetry systems, inc\atsreader\irda_connection_server.exe] => (Allow) C:\program files (x86)\advanced telemetry systems, inc\atsreader\irda_connection_server.exe
FirewallRules: [UDP Query User{CDB24FE3-F5F5-45FA-899C-F1BE9A8C62D0}C:\program files (x86)\advanced telemetry systems, inc\atsreader\irda_connection_server.exe] => (Allow) C:\program files (x86)\advanced telemetry systems, inc\atsreader\irda_connection_server.exe
FirewallRules: [TCP Query User{24177153-E76C-498E-A1B7-F01E6D6517FA}C:\program files (x86)\1clickdownload\1clickdownloader.exe] => (Allow) C:\program files (x86)\1clickdownload\1clickdownloader.exe
FirewallRules: [UDP Query User{73B3A32D-E302-44AD-8D1B-5E17C830BA97}C:\program files (x86)\1clickdownload\1clickdownloader.exe] => (Allow) C:\program files (x86)\1clickdownload\1clickdownloader.exe
FirewallRules: [{9F9A913E-D0B0-4C7D-AC4D-C804D836FA31}] => (Allow) C:\Users\adsemj\AppData\Local\Temp\nshBA2C.tmp\incredimail_Setup.exe
FirewallRules: [{DF73D5B8-102F-4F47-B5D8-E23864B01EAA}] => (Allow) C:\Users\adsemj\AppData\Local\Temp\nshBA2C.tmp\incredimail_Setup.exe
FirewallRules: [{2A9221D9-6BC6-4B23-9B93-00A8A0A561F8}] => (Block) C:\program files (x86)\1clickdownload\1clickdownloader.exe
FirewallRules: [{5A28EBFB-E9F5-4FA5-BD4F-98FD99FF6951}] => (Block) C:\program files (x86)\1clickdownload\1clickdownloader.exe
FirewallRules: [{F1FC50D6-D6EE-4A8C-933D-107090BB1F08}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{2113AB88-67A5-47A1-A5C4-AEA560B94749}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{EF25AB3C-52FE-4B50-8526-7F3A3EE55F2F}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{35E542B7-CB6B-44A1-91C5-B207DBFE0390}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{357094C7-636F-483F-AB66-31551F92F3A2}] => (Allow) C:\Users\adsemj\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F174BBA2-E1EB-4699-8472-6E3AA3A25A37}] => (Allow) C:\Users\adsemj\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{221C8287-2281-4135-AD7E-3864BD5B810B}C:\users\adsemj\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\adsemj\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{F94F1342-06AC-471F-93CC-494D90A6BDA4}C:\users\adsemj\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\adsemj\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{0A957FAA-B615-4BBB-AEAB-38673662E4AF}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{82769E69-CA08-4188-B59A-EFD2ABAD0882}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{71D3456D-69C7-4AE4-A6E7-CC7ADCC64F54}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{682D1F22-6C03-4833-8A18-561C912F6FC7}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{7DCD7CD5-0A84-47E0-9E14-82647D45E009}] => (Allow) LPort=80
FirewallRules: [{0FE422FF-88C6-4555-9C52-7F1A583BF8B9}] => (Allow) LPort=443
FirewallRules: [{68CE1874-0C0B-438C-8743-CC1BD6BE003A}] => (Allow) LPort=20010
FirewallRules: [{6C7AEF53-1C2C-4A7C-8D4D-00EF2AA589F1}] => (Allow) LPort=3478
FirewallRules: [{EB1AB57C-0654-487E-AB2C-3ACC034CE217}] => (Allow) LPort=7850
FirewallRules: [{578C280D-D9AE-4EE3-94F3-904F016F2D37}] => (Allow) LPort=27022
FirewallRules: [{EEA085B6-1A4C-4BEC-A584-F67F548B2010}] => (Allow) LPort=6881
FirewallRules: [{133D2C9B-63D7-4241-B5A5-27DDEF05F15C}] => (Allow) LPort=33333
FirewallRules: [{2E252C01-4B26-4EB4-95B0-5A007D014EEB}] => (Allow) LPort=20443
FirewallRules: [{FC0BC966-E1C8-4BDE-81AE-1D2A343F8867}] => (Allow) LPort=8090
FirewallRules: [TCP Query User{8A9ECDD8-6607-4FDF-87E2-45E95E6F8697}C:\program files (x86)\advanced telemetry systems, inc\atssuredrop\irda_connection_server.exe] => (Allow) C:\program files (x86)\advanced telemetry systems, inc\atssuredrop\irda_connection_server.exe
FirewallRules: [UDP Query User{2CF571A9-DDA0-4817-B51E-05B61C28866C}C:\program files (x86)\advanced telemetry systems, inc\atssuredrop\irda_connection_server.exe] => (Allow) C:\program files (x86)\advanced telemetry systems, inc\atssuredrop\irda_connection_server.exe
FirewallRules: [{AC22B481-1D98-4C94-9A2C-5EC86E4C20D6}] => (Block) C:\program files (x86)\advanced telemetry systems, inc\atssuredrop\irda_connection_server.exe
FirewallRules: [{4ED0E478-F836-44AA-A242-E02954D7485E}] => (Block) C:\program files (x86)\advanced telemetry systems, inc\atssuredrop\irda_connection_server.exe
FirewallRules: [{360DFC24-860C-4D2B-B20F-80D6BF4125F3}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{F2A8CBFD-E017-43EF-B882-A34C17DEFA56}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{70EE0C86-0D46-4564-B64C-7B671554B3B5}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{ED7420F1-21ED-4902-8A97-EC99661DD44C}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{D6CF62CD-C799-4CBA-907A-C5155598E91A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FA7B509F-B5D4-42F2-BCA2-08E2E7C95EF3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0BE57EB4-E130-4D53-84A9-65D58BEF77EB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2B81A2D2-F49D-4A63-A44F-BAC024492EAB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9845B952-9D10-4704-A47C-E7C18BB37DBC}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{4B71ACE0-0793-4D0D-B4E0-2B15373EA67F}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{5F93D3A8-0B6A-45F6-84A7-7A65653163B6}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{83EFEB8A-31B4-4552-9A2E-0C1653E5730D}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{F150D615-C8F0-420D-A06D-6A7A435B5425}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6B373B51-9CBF-4FFB-B8FE-09B4BEF54424}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3BE710EE-AF8B-4684-AD15-925C46C7E977}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{87EFB95C-DD68-4C46-B160-3B0DCBDA1B12}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F8A8CFD3-0872-4133-823F-CB82ED2819D0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/30/2015 02:15:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18015 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1f70
 
Start Time: 01d0fbb437abf006
 
Termination Time: 0
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id:
 
Error: (09/30/2015 06:46:20 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x81000101).
 
Error: (09/30/2015 06:46:17 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101).
 
Error: (09/29/2015 04:34:16 PM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x80042308).
 
Error: (09/29/2015 04:34:16 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80042308).
 
Error: (09/29/2015 07:57:27 AM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy2 - 00000000000000C4,0x00560038,0000000000000000,0,0000000000319FD0,4096,[0]).
 
 
Operation:
   Processing PreFinalCommitSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (09/29/2015 07:55:57 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: ATSTRACK)
Description: Application or service 'Java™ Update Checker' could not be shut down.
 
Error: (09/29/2015 07:02:26 AM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy9 - 0000000000000130,0x00560034,0000000000329FE0,0,0000000000328FD0,4096,[0]).
 
 
Operation:
   Processing PreFinalCommitSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (09/28/2015 08:28:01 AM) (Source: PerfNet) (EventID: 2002) (User: )
Description: 
 
Error: (09/28/2015 08:28:01 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 
 
 
System errors:
=============
Error: (10/01/2015 06:34:02 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/01/2015 06:33:51 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "ATSTRACK       :1d" could not be registered on the interface with IP address 10.0.0.58.
The computer with the IP address 10.0.0.119 did not allow the name to be claimed by
this computer.
 
Error: (10/01/2015 06:33:36 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/01/2015 06:33:34 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/01/2015 06:33:24 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
 
Error: (09/30/2015 08:50:46 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (09/30/2015 02:14:47 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (09/30/2015 08:23:03 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (09/30/2015 08:23:03 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (09/30/2015 07:09:15 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
 
CodeIntegrity:
===================================
  Date: 2015-02-12 09:29:57.206
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-12 09:29:13.156
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-12 08:23:31.724
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-12 08:23:00.545
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-12 08:18:39.821
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-12 08:18:20.992
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-13 08:20:50.469
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-13 08:20:50.339
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-13 08:20:50.149
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-13 08:20:50.109
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 80%
Total physical RAM: 3887.43 MB
Available physical RAM: 741.59 MB
Total Virtual: 7773.06 MB
Available Virtual: 3016.16 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:280.79 GB) (Free:133.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: () (Removable) (Total:0.06 GB) (Free:0.06 GB) FAT
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.48 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 58EA323E)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=280.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)
 
========================================================
Disk: 1 (Size: 62 MB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.
 
==================== End of Addition.txt ============================
 
Fixlog:
 
Fix result of Farbar Recovery Scan Tool (x64) Version:30-09-2015
Ran by kuechj (2015-10-01 06:50:35) Run:1
Running from C:\Users\kuechj\Desktop
Loaded Profiles: kuechj & adsemj &  (Available Profiles: chrisn & kuechj & adsemj & JP)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShortcutTarget: Dropbox.lnk -> C:\Users\kuechj\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
HKU\S-1-5-21-1715567821-813497703-1801674531-1121-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1715567821-813497703-1801674531-1213\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1715567821-813497703-1801674531-1213-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1715567821-813497703-1801674531-1656\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1715567821-813497703-1801674531-1121-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-1715567821-813497703-1801674531-1213 -> {A9CC9C3F-9C5C-4350-A5D6-A5E63E54D631} URL = 
SearchScopes: HKU\S-1-5-21-1715567821-813497703-1801674531-1213 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\S-1-5-21-1715567821-813497703-1801674531-1213-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A9CC9C3F-9C5C-4350-A5D6-A5E63E54D631} URL = 
SearchScopes: HKU\S-1-5-21-1715567821-813497703-1801674531-1213-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
Toolbar: HKU\S-1-5-21-1715567821-813497703-1801674531-1121-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKU\S-1-5-21-1715567821-813497703-1801674531-1213 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1715567821-813497703-1801674531-1213-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1715567821-813497703-1801674531-1656 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF HKLM-x32\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com => not found
S3 SWVNIC; system32\DRIVERS\swvnic.sys [X]
C:\Users\JP\AppData\Local\Temp\MSN7E93.exe
Folder: C:\windows\system32\vefj
Folder: C:\windows\TEMPfolder
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => key removed successfully
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => key removed successfully
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => key removed successfully
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => key removed successfully
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
C:\Users\kuechj\AppData\Roaming\Dropbox\bin\Dropbox.exe => not found.
"HKU\S-1-5-21-1715567821-813497703-1801674531-1121-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1715567821-813497703-1801674531-1213\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1715567821-813497703-1801674531-1213-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1715567821-813497703-1801674531-1656\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-1715567821-813497703-1801674531-1121-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1715567821-813497703-1801674531-1213\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A9CC9C3F-9C5C-4350-A5D6-A5E63E54D631}" => key removed successfully
HKCR\CLSID\{A9CC9C3F-9C5C-4350-A5D6-A5E63E54D631} => key not found. 
"HKU\S-1-5-21-1715567821-813497703-1801674531-1213\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => key removed successfully
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => key not found. 
"HKU\S-1-5-21-1715567821-813497703-1801674531-1213-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A9CC9C3F-9C5C-4350-A5D6-A5E63E54D631}" => key removed successfully
HKCR\CLSID\{A9CC9C3F-9C5C-4350-A5D6-A5E63E54D631} => key not found. 
"HKU\S-1-5-21-1715567821-813497703-1801674531-1213-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => key removed successfully
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => key not found. 
HKU\S-1-5-21-1715567821-813497703-1801674531-1121-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-1715567821-813497703-1801674531-1121-{{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => value not found.
HKCR\CLSID\Toolbar: HKU\S-1-5-21-1715567821-813497703-1801674531-1121-{{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => key not found. 
HKU\S-1-5-21-1715567821-813497703-1801674531-1213\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKU\S-1-5-21-1715567821-813497703-1801674531-1213-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-1715567821-813497703-1801674531-1213-{{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value not found.
HKCR\CLSID\Toolbar: HKU\S-1-5-21-1715567821-813497703-1801674531-1213-{{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKU\S-1-5-21-1715567821-813497703-1801674531-1656\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value not found.
HKCR\CLSID\Toolbar: HKU\S-1-5-21-1715567821-813497703-1801674531-1656-{{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ocr@babylon.com => value removed successfully
SWVNIC => service removed successfully
C:\Users\JP\AppData\Local\Temp\MSN7E93.exe => moved successfully
 
========================= Folder: C:\windows\system32\vefj ========================
 
2015-09-22 11:16 - 2015-09-24 10:47 - 0000000 ____D () C:\windows\system32\vefj\lhjo
 
====== End of Folder: ======
 
 
========================= Folder: C:\windows\TEMPfolder ========================
 
 
====== End of Folder: ======
 
 
 
The system needed a reboot.. 
 
==== End of Fixlog 06:53:07 ====
 
Search log:
 
Farbar Recovery Scan Tool (x64) Version:30-09-2015
Ran by kuechj (2015-10-01 07:04:22)
Running from C:\Users\kuechj\Desktop
Boot Mode: Normal
 
================== Search Files: "dnsapi.dll" =============
 
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_4aa4e997e6a8ddc0\dnsapi.dll
[2011-04-15 14:41][2011-03-03 00:12] 0270336 ____A (Microsoft Corporation) 1F79F611109C2B97260B68FD6B4FC7DD [File is digitally signed]
 
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_4a184beecd8df1f1\dnsapi.dll
[2011-04-15 14:41][2011-03-03 00:38] 0270336 ____A (Microsoft Corporation) B40420876B9288E0A1C8CCA8A84E5DC9 [File is digitally signed]
 
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4a5d2c9ecd59afa7\dnsapi.dll
[2014-12-16 10:12][2010-11-20 07:18] 0270336 ____A (Microsoft Corporation) 59DF156711A76BCB993253EC6C9BBF41 [File is digitally signed]
 
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_49006e49e950e0ac\dnsapi.dll
[2011-04-15 14:41][2011-03-03 00:50] 0270336 ____A (Microsoft Corporation) 11DD7EB4446F25C132D0D8527DDCAF4D [File is digitally signed]
 
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_4833ef7cd065b8b3\dnsapi.dll
[2011-04-15 14:41][2011-03-03 00:29] 0269824 ____A (Microsoft Corporation) 62390F4ACE9E2B63E3CA26B7F7497897 [File is digitally signed]
 
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_482c18d6d06b2c0d\dnsapi.dll
[2009-07-13 18:12][2009-07-13 20:15] 0269824 ____A (Microsoft Corporation) 6D5A49D6479EB753C7879F73A4C35E0F [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsapi.dll
[2011-04-15 14:41][2011-03-03 01:12] 0357888 ____A (Microsoft Corporation) DCC0888655823103F19EF8FFD330080D [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsapi.dll
[2011-04-15 14:41][2011-03-03 01:24] 0357888 ____A (Microsoft Corporation) 492D07D79E7024CA310867B526D9636D [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsapi.dll
[2014-12-16 10:13][2010-11-20 08:26] 0357888 ____A (Microsoft Corporation) A52B6CC24063CC83C78C0E6F24DEEC01 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_3eabc3f7b4f01eb1\dnsapi.dll
[2011-04-15 14:41][2011-03-03 01:23] 0356864 ____A (Microsoft Corporation) B538E393F7FD85A054106FF21A4240EA [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_3ddf452a9c04f6b8\dnsapi.dll
[2011-04-15 14:41][2011-03-03 01:17] 0356352 ____A (Microsoft Corporation) E247E7DEB20C0CF0801A8AC39E9CE1DF [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_3dd76e849c0a6a12\dnsapi.dll
[2009-07-13 18:21][2009-07-13 20:40] 0356352 ____A (Microsoft Corporation) 05A2D26ACF0939A4E97160315F1FA12E [File is digitally signed]
 
C:\Windows\SysWOW64\dnsapi.dll
[2011-04-15 14:41][2015-09-22 11:16] 0270336 ____A (Microsoft Corporation) EB9D6583A90D56D3E99D77445FA54266 [File not signed]
 
C:\Windows\System32\dnsapi.dll
[2011-04-15 14:41][2015-09-22 11:16] 0357888 ____A (Microsoft Corporation) 2D128B91D26ECC77D85C228768A26945 [File not signed]
 
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10240.16384_none_9d8c256ebdd2e48a\dnsapi.dll
[2015-07-10 05:30][2015-07-10 05:30] 0680256 ____A (Microsoft Corporation) C287D0E32771E3222A444DC527A29477 [File is digitally signed]
 
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\dnsapi.dll
[2015-07-10 05:30][2015-07-10 05:30] 0680256 ____A (Microsoft Corporation) C287D0E32771E3222A444DC527A29477 [File is digitally signed]
 
====== End of Search ======

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:25 PM

Posted 01 October 2015 - 09:01 AM

Good morning!

Thanks for the additional infrormation.

You should be able to locate the log in the C:\AdwCleaner folder.

Please do this and after I return in a few hours I will review what you have posted.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Task: {0C6DA44D-4D99-4B44-9CC8-191608867FC3} - System32\Tasks\{F5C7244D-E10F-4805-84DF-54AD33B85685} => pcalua.exe -a C:\Users\adsemj\Desktop\setup.exe -d C:\Users\adsemj\Desktop
Task: {49C2441B-14F9-43E3-A278-9BA0F05D934B} - System32\Tasks\{D601B846-BE08-444D-82DC-DAC71C16A99B} => pcalua.exe -a "C:\Users\adsemj\Desktop\Promo Items\atsfixesfor collarsv11_1\setup.exe" -d "C:\Users\adsemj\Desktop\Promo Items\atsfixesfor collarsv11_1"
Task: {907D96B1-97D8-4975-9CC2-4759EFEE7BE3} - System32\Tasks\UpdaterEX => C:\Users\adsemj\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\adsemj\AppData\Roaming\UPDATE~1
Task: {E398C575-3871-44E1-94B8-CD178EF61042} - System32\Tasks\{7A9757A3-4533-417A-9F17-1F7E11E4D378} => pcalua.exe -a "C:\Users\adsemj\AppData\Local\Temp\Temp1_ATSFixes for Satellite Collars 14.zip\setup.exe"
C:\Users\adsemj\AppData\Local\Temp\Temp1_ATSFixes for Satellite Collars 14.zip
Task: C:\windows\Tasks\UpdaterEX.job => C:\Users\adsemj\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\windows\TEMPfolder
cmd: copy /y C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4a5d2c9ecd59afa7\dnsapi.dll C:\Windows\SysWOW64\dnsapi.dll
cmd: copy /y C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsapi.dll C:\Windows\System32\dnsapi.dll
hosts:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:dir
C:\windows\system32\vefj\lhjo /s
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply or, if necessary zip and attach the file.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Fixlog
  • SystemLook log
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 JP_Smith

JP_Smith
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 01 October 2015 - 10:03 AM

Gary,

 

Performance is still the same.  If you try to surf the web, you get Malwarebytes warning that it's blocking istatic.eshopcomp.com and eventually the browser will redirect to a popup you can't browse away from locking the browser.

 

There is no C:\AdwCleaner folder.

 

The new Fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:30-09-2015

Ran by kuechj (2015-10-01 09:37:45) Run:2
Running from C:\Users\kuechj\Desktop
Loaded Profiles: kuechj (Available Profiles: chrisn & kuechj & adsemj & JP)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Task: {0C6DA44D-4D99-4B44-9CC8-191608867FC3} - System32\Tasks\{F5C7244D-E10F-4805-84DF-54AD33B85685} => pcalua.exe -a C:\Users\adsemj\Desktop\setup.exe -d C:\Users\adsemj\Desktop
Task: {49C2441B-14F9-43E3-A278-9BA0F05D934B} - System32\Tasks\{D601B846-BE08-444D-82DC-DAC71C16A99B} => pcalua.exe -a "C:\Users\adsemj\Desktop\Promo Items\atsfixesfor collarsv11_1\setup.exe" -d "C:\Users\adsemj\Desktop\Promo Items\atsfixesfor collarsv11_1"
Task: {907D96B1-97D8-4975-9CC2-4759EFEE7BE3} - System32\Tasks\UpdaterEX => C:\Users\adsemj\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\adsemj\AppData\Roaming\UPDATE~1
Task: {E398C575-3871-44E1-94B8-CD178EF61042} - System32\Tasks\{7A9757A3-4533-417A-9F17-1F7E11E4D378} => pcalua.exe -a "C:\Users\adsemj\AppData\Local\Temp\Temp1_ATSFixes for Satellite Collars 14.zip\setup.exe"
C:\Users\adsemj\AppData\Local\Temp\Temp1_ATSFixes for Satellite Collars 14.zip
Task: C:\windows\Tasks\UpdaterEX.job => C:\Users\adsemj\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\windows\TEMPfolder
cmd: copy /y C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4a5d2c9ecd59afa7\dnsapi.dll C:\Windows\SysWOW64\dnsapi.dll
cmd: copy /y C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsapi.dll C:\Windows\System32\dnsapi.dll
hosts:
*****************
 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C6DA44D-4D99-4B44-9CC8-191608867FC3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C6DA44D-4D99-4B44-9CC8-191608867FC3}" => key removed successfully
C:\windows\System32\Tasks\{F5C7244D-E10F-4805-84DF-54AD33B85685} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F5C7244D-E10F-4805-84DF-54AD33B85685}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49C2441B-14F9-43E3-A278-9BA0F05D934B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49C2441B-14F9-43E3-A278-9BA0F05D934B}" => key removed successfully
C:\windows\System32\Tasks\{D601B846-BE08-444D-82DC-DAC71C16A99B} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D601B846-BE08-444D-82DC-DAC71C16A99B}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{907D96B1-97D8-4975-9CC2-4759EFEE7BE3} => key not found. 
C:\windows\System32\Tasks\UpdaterEX => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX => key not found. 
"C:\Users\adsemj\AppData\Roaming\UPDATE~1" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E398C575-3871-44E1-94B8-CD178EF61042}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E398C575-3871-44E1-94B8-CD178EF61042}" => key removed successfully
C:\windows\System32\Tasks\{7A9757A3-4533-417A-9F17-1F7E11E4D378} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7A9757A3-4533-417A-9F17-1F7E11E4D378}" => key removed successfully
"C:\Users\adsemj\AppData\Local\Temp\Temp1_ATSFixes for Satellite Collars 14.zip" => File/Folder not found.
C:\windows\Tasks\UpdaterEX.job => not found.
C:\windows\TEMPfolder => moved successfully
 
=========  copy /y C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4a5d2c9ecd59afa7\dnsapi.dll C:\Windows\SysWOW64\dnsapi.dll =========
 
The process cannot access the file because it is being used by another process.
        0 file(s) copied.
 
========= End of CMD: =========
 
 
=========  copy /y C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsapi.dll C:\Windows\System32\dnsapi.dll =========
 
The process cannot access the file because it is being used by another process.
        0 file(s) copied.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
==== End of Fixlog 09:37:47 ====
 
 
 
 
 
 
SystemLook file:
 
 
 
SystemLook 30.07.11 by jpshortstuff
 
Log created at 09:39 on 01/10/2015 by kuechj
 
(Limited User)
 
 
 
========== dir ==========
 
 
 
C:\windows\system32\vefj\lhjo - Parameters: "/s"
 
 
 
---Files---
 
None found.
 
 
 
No folders found.
 
 
 
-= EOF =-


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:25 PM

Posted 01 October 2015 - 01:47 PM

Thank you.

Please rerun AdwCleaner and see if you get a log.

Not everything we wanted done got done.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CloseProcesses:
C:\windows\system32\vefj
cmd: copy /y C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4a5d2c9ecd59afa7\dnsapi.dll C:\Windows\SysWOW64\dnsapi.dll
cmd: copy /y C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsapi.dll C:\Windows\System32\dnsapi.dll
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Fixlist
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 JP_Smith

JP_Smith
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 02 October 2015 - 01:55 PM

Gary,

 

The computer performance is still the same... The browsers redirect.

 

I'm still not getting a log from AdwCleaner.  When I click on the Log button I get:

 

Z:\AdwCleaner\AdwareCleaner[S4].txt

The system cannot find the drive specified.

 

Do I need to install it differently somehow?  I put it on the desktop like you said.  

 

Also, I won't have access to this computer again until Monday.  So I won't be able to get back to you on it until then if that's OK.

 

Thanks much!!

 

Here is the fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:30-09-2015

Ran by kuechj (2015-10-02 13:34:45) Run:3
Running from C:\Users\kuechj\Desktop
Loaded Profiles: kuechj (Available Profiles: chrisn & kuechj & adsemj & JP)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
C:\windows\system32\vefj
cmd: copy /y C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4a5d2c9ecd59afa7\dnsapi.dll C:\Windows\SysWOW64\dnsapi.dll
cmd: copy /y C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsapi.dll C:\Windows\System32\dnsapi.dll
*****************
 
Processes closed successfully.
C:\windows\system32\vefj => moved successfully
 
=========  copy /y C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4a5d2c9ecd59afa7\dnsapi.dll C:\Windows\SysWOW64\dnsapi.dll =========
 
The process cannot access the file because it is being used by another process.
        0 file(s) copied.
 
========= End of CMD: =========
 
 
=========  copy /y C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsapi.dll C:\Windows\System32\dnsapi.dll =========
 
The process cannot access the file because it is being used by another process.
        0 file(s) copied.
 
========= End of CMD: =========
 
 
 
The system needed a reboot.. 
 
==== End of Fixlog 13:34:49 ====


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:25 PM

Posted 02 October 2015 - 02:41 PM

Thanks,

We are still not getting the results we want. There are 2 malicious files we are trying to replace. The existing files are resisting our attempts to overwrite them so we need to attempt to accomplish it in the Recovery Environment which allows us to manipulate files prior to Windows (and the files) being launched.

No problem with the delay but when you get a chance please do the following.

===================================================

Farbar's Recovery Scan Tool

--------------------

For this step you will need a USB flash drive.
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
cmd: copy /y C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4a5d2c9ecd59afa7\dnsapi.dll C:\Windows\SysWOW64\dnsapi.dll
cmd: copy /y C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsapi.dll C:\Windows\System32\dnsapi.dll
  • Please download Farbar Recovery Scan Tool and save it to a flash drive. You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Plug the flashdrive into the infected PC and follow the 2 step process below. Step #1 is to boot into the System Recovery Options and Step #2 is running Farbar's Recover Scan Tool
----------

Step #1 - Entering System Recovery Options

Option #1 (Windows7/Vista)

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
Option #2 (Windows 7/Vista)

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next
----------

Step #2 - Running Farbar's Recovery Scan Tool in System Recovery
  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
  • When the tool opens click Yes to disclaimer.
  • Press Fix button.
  • It will make a log (fixlog.txt) on the flash drive. Please copy and paste it to your reply.
  • Reboot your computer into Normal Mode and check the performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 JP_Smith

JP_Smith
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 05 October 2015 - 08:08 AM

Hi Gary,

 

I hope you had a good weekend.

 

The computer is still the same...  Browser redirect.

 

Here's the fix log.txt file:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:04-10-2015

Ran by SYSTEM (2015-10-05 08:01:37) Run:4
Running from I:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
cmd: copy /y C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4a5d2c9ecd59afa7\dnsapi.dll C:\Windows\SysWOW64\dnsapi.dll
cmd: copy /y C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsapi.dll C:\Windows\System32\dnsapi.dll
*****************
 
 
=========  copy /y C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4a5d2c9ecd59afa7\dnsapi.dll C:\Windows\SysWOW64\dnsapi.dll =========
 
        1 file(s) copied.
 
========= End of CMD: =========
 
 
=========  copy /y C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsapi.dll C:\Windows\System32\dnsapi.dll =========
 
        1 file(s) copied.
 
========= End of CMD: =========
 
 
==== End of Fixlog 08:01:37 ====


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:25 PM

Posted 05 October 2015 - 11:46 AM

Greetings,

Yes I did thanks, and I hope it was the same for you too.

Please do these things for me.

===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Note: If after disabling Combofix warns you an Antivirus program is still running ignore the warning and run Combofix.
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Zoek by Smeenk

--------------------
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Copy and paste the following into the main box

createsrpoint;
autoclean;

  • Verify Scan All Users is selected then click Run Script
  • Do not use your computer while the scan is running
  • Copy and paste C:\zoek-results.txt in your reply
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log
  • Zoek log
  • MiniToolBox report
  • Update on browser performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 JP_Smith

JP_Smith
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 07 October 2015 - 07:28 AM

Gary,

 

It seems to be fixed.  The browser doesn't redirect and lock anymore.  I ran the stuff you said to run and the browser hasn't redirected since.  I only say seems because on the first load of the browser Malwarebytes flashed that website blocked istatic.eshopcomp.com warning once but then everything I never got a redirect and I never saw that warning from Malwarebytes again.

 

I had trouble with the Zoek log.  It gave me a path error and an empty notepad, so it's not included.  Here are the other two logs.

 

ComboFix.txt:

 

ComboFix 15-10-06.01 - kuechj 10/06/2015   7:01.1.4 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3887.2214 [GMT -5:00]
Running from: c:\users\kuechj\Desktop\ComboFix.exe
AV: Kaspersky Endpoint Security 10 for Windows *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Endpoint Security 10 for Windows *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Endpoint Security 10 for Windows *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\adsemj\AppData\Roaming\Config
c:\users\chrisn\AppData\Roaming\Config
.
.
(((((((((((((((((((((((((   Files Created from 2015-09-06 to 2015-10-06  )))))))))))))))))))))))))))))))
.
.
2015-10-06 12:09 . 2015-10-06 12:09 -------- d-----w- c:\users\JP\AppData\Local\temp
2015-10-06 11:50 . 2015-08-31 22:45 11062400 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CDDDE447-126C-4ECA-9B5D-50767C9185D0}\mpengine.dll
2015-10-02 13:13 . 2015-10-02 13:13 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-09-30 11:37 . 2015-10-05 16:01 -------- d-----w- C:\FRST
2015-09-29 12:58 . 2015-10-02 13:14 -------- d-----w- c:\programdata\Oracle
2015-09-29 12:57 . 2015-10-02 13:13 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-09-29 12:57 . 2015-10-02 13:14 -------- d-----w- c:\program files (x86)\Java
2015-09-29 12:35 . 2015-09-29 12:35 -------- d-----w- c:\users\kuechj\AppData\Local\Apps
2015-09-28 16:15 . 2015-09-28 16:15 -------- d-----w- c:\programdata\Intel
2015-09-24 14:55 . 2015-10-06 11:43 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-09-24 14:54 . 2015-09-24 14:54 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-09-24 14:54 . 2015-09-24 14:54 -------- d-----w- c:\programdata\Malwarebytes
2015-09-24 14:54 . 2015-06-18 13:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-09-24 14:54 . 2015-06-18 13:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-09-24 14:54 . 2015-06-18 13:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-09-23 20:01 . 2015-08-05 17:56 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-09-09 13:17 . 2015-08-15 06:18 66560 ----a-w- c:\windows\system32\iesetup.dll
2015-09-09 13:15 . 2015-06-25 10:06 115136 ----a-w- c:\windows\system32\consent.exe
2015-09-09 13:14 . 2015-08-04 16:58 61440 ----a-w- c:\windows\system32\drivers\appid.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-04 14:31 . 2015-09-04 14:31 1804688 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2015-09-04 14:31 . 2015-09-04 14:31 96536 ----a-w- c:\windows\system32\drivers\dc3d.sys
2015-08-26 23:37 . 2011-02-09 15:16 134753440 ----a-w- c:\windows\system32\MRT.exe
2015-07-30 18:06 . 2015-08-12 13:27 1648128 ----a-w- c:\windows\system32\DWrite.dll
2015-07-30 18:06 . 2015-08-12 13:27 1180160 ----a-w- c:\windows\system32\FntCache.dll
2015-07-30 18:06 . 2015-08-12 13:27 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2015-07-30 17:57 . 2015-08-12 13:27 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-07-30 17:57 . 2015-08-12 13:27 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2015-07-30 13:13 . 2015-08-12 20:53 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-30 13:13 . 2015-08-12 20:53 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-28 20:09 . 2015-08-10 21:08 17344 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-07-28 20:05 . 2015-08-10 21:08 774656 ----a-w- c:\windows\system32\invagent.dll
2015-07-28 20:05 . 2015-08-10 21:08 743424 ----a-w- c:\windows\system32\generaltel.dll
2015-07-28 20:05 . 2015-08-10 21:08 437760 ----a-w- c:\windows\system32\devinv.dll
2015-07-28 20:05 . 2015-08-10 21:08 1116672 ----a-w- c:\windows\system32\appraiser.dll
2015-07-28 20:05 . 2015-08-10 21:08 69120 ----a-w- c:\windows\system32\acmigration.dll
2015-07-28 20:05 . 2015-08-10 21:08 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-07-28 19:55 . 2015-08-10 21:08 1148416 ----a-w- c:\windows\system32\aeinv.dll
2015-07-22 17:53 . 2015-09-09 13:17 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-07-16 19:12 . 2015-08-12 13:28 856064 ----a-w- c:\windows\SysWow64\rdvidcrl.dll
2015-07-16 19:12 . 2015-08-12 13:28 53248 ----a-w- c:\windows\SysWow64\tsgqec.dll
2015-07-16 19:12 . 2015-08-12 13:28 6131200 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-07-16 19:11 . 2015-08-12 13:28 62976 ----a-w- c:\windows\system32\tsgqec.dll
2015-07-16 19:11 . 2015-08-12 13:28 7077376 ----a-w- c:\windows\system32\mstscax.dll
2015-07-16 19:11 . 2015-08-12 13:28 1057792 ----a-w- c:\windows\system32\rdvidcrl.dll
2015-07-15 18:15 . 2015-08-12 13:28 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-07-15 18:10 . 2015-08-12 13:28 1743360 ----a-w- c:\windows\system32\sysmain.dll
2015-07-15 18:10 . 2015-08-12 13:28 11264 ----a-w- c:\windows\system32\msmmsp.dll
2015-07-15 03:19 . 2015-08-12 13:28 52736 ----a-w- c:\windows\system32\basesrv.dll
2015-07-11 13:15 . 2015-08-12 13:28 429568 ----a-w- c:\windows\system32\wksprt.exe
2015-07-10 17:51 . 2015-08-12 13:27 14177280 ----a-w- c:\windows\system32\shell32.dll
2015-07-09 17:57 . 2015-08-12 13:27 193536 ----a-w- c:\windows\system32\notepad.exe
2015-07-09 17:57 . 2015-08-12 13:27 193536 ----a-w- c:\windows\notepad.exe
2015-07-09 17:42 . 2015-08-12 13:27 179712 ----a-w- c:\windows\SysWow64\notepad.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe" [2013-01-20 729744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-06-09 334896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"RequireSignedAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
R2 wgsslvpnsrc;WatchGuard SSLVPN Service;c:\program files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe;c:\program files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys;c:\windows\SYSNATIVE\DRIVERS\silabenm.sys [x]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys;c:\windows\SYSNATIVE\DRIVERS\silabser.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USA19H;USA19H;c:\windows\system32\DRIVERS\USA19Hx64.sys;c:\windows\SYSNATIVE\DRIVERS\USA19Hx64.sys [x]
R3 USA19HP;USA19HP;c:\windows\system32\DRIVERS\USA19Hx64p.SYS;c:\windows\SYSNATIVE\DRIVERS\USA19Hx64p.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys;c:\windows\SYSNATIVE\DRIVERS\klfltdev.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 RsvLock;RsvLock; [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 FileOpenManagerSvc;FileOpen Manager Service;c:\program files\FileOpen\Services\FileOpenManagerSvc64.exe;c:\program files\FileOpen\Services\FileOpenManagerSvc64.exe [x]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe;c:\windows\SYSNATIVE\lxducoms.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 rtsuvc;Realtek USB2.0 PC Camera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - FileOpenWebPublisherScreenHookDriver
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-25 18:18 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\45.0.2454.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-10-05 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1715567821-813497703-1801674531-1656Core.job
- c:\users\adsemj\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19 13:15]
.
2015-10-06 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1715567821-813497703-1801674531-1656UA.job
- c:\users\adsemj\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19 13:15]
.
2015-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21 13:05]
.
2015-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21 13:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 186904]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 196648]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 483880]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://companyweb
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 10.0.0.10
DPF: {2FD395CB-BD93-4BA9-AA4B-D725754E20D1} - hxxp://test.player.portalarium.com/installers/win32/PortalariumPlayer.cab
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\program files (x86)\Silabs\MCU\CP210x\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-TotalPhase - c:\windows\system32\TPUSBUninstaller.exe
AddRemove-{B60DCA15-56A3-4D2D-8747-22CF7D7B588B} - c:\program files (x86)\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-10-06  07:13:07
ComboFix-quarantined-files.txt  2015-10-06 12:13
.
Pre-Run: 159,711,100,928 bytes free
Post-Run: 166,906,003,456 bytes free
.
- - End Of File - - 4B13F6F3A5F3D557A7B6AB0D6000C9C5
A36C5E4F47E84449FF07ED3517B43A31
 
MTB.txt:
 
MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by kuechj (administrator) on 06-10-2015 at 07:36:53
Running from "C:\Users\kuechj\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Model: HP ProBook 6550b Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
========================= IP Configuration: ================================
 
Intel® 82577LC Gigabit Network Connection = Local Area Connection (Connected)
Broadcom 43224AG 802.11a/b/g/draft-n Wi-Fi Adapter = Wireless Network Connection (Media disconnected)
TAP-Win32 Adapter V9 = Local Area Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled taskoffload=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : VALKOR
   Primary Dns Suffix  . . . . . . . : atstrack.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : atstrack.local
 
Ethernet adapter Local Area Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : TAP-Win32 Adapter V9
   Physical Address. . . . . . . . . : 00-FF-A7-08-24-7C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hitronhub.home
   Description . . . . . . . . . . . : Broadcom 43224AG 802.11a/b/g/draft-n Wi-Fi Adapter
   Physical Address. . . . . . . . . : 00-26-82-F0-03-4C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : atstrack.local
   Description . . . . . . . . . . . : Intel® 82577LC Gigabit Network Connection
   Physical Address. . . . . . . . . : 64-31-50-72-F5-6B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c8b3:bca4:2792:1e48%10(Preferred) 
   IPv4 Address. . . . . . . . . . . : 10.0.0.58(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, October 06, 2015 6:42:24 AM
   Lease Expires . . . . . . . . . . : Wednesday, October 14, 2015 7:11:56 AM
   Default Gateway . . . . . . . . . : 10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.10
   DHCPv6 IAID . . . . . . . . . . . : 191115600
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-A0-D6-63-64-31-50-72-F5-6B
   DNS Servers . . . . . . . . . . . : 10.0.0.10
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  ats10.atstrack.local
Address:  10.0.0.10
 
Name:    google.com
Addresses:  2607:f8b0:4001:c07::66
 24.220.112.91
 24.220.112.117
 24.220.112.84
 24.220.112.110
 24.220.112.112
 24.220.112.99
 24.220.112.95
 24.220.112.121
 24.220.112.90
 24.220.112.88
 24.220.112.101
 24.220.112.80
 24.220.112.102
 24.220.112.123
 24.220.112.113
 24.220.112.106
 
 
Pinging google.com [24.220.112.91] with 32 bytes of data:
Reply from 24.220.112.91: bytes=32 time=16ms TTL=58
Reply from 24.220.112.91: bytes=32 time=16ms TTL=58
 
Ping statistics for 24.220.112.91:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 16ms, Maximum = 16ms, Average = 16ms
Server:  ats10.atstrack.local
Address:  10.0.0.10
 
Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
 2001:4998:44:204::a7
 2001:4998:c:a06::2:4008
 98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=80ms TTL=48
Reply from 98.139.183.24: bytes=32 time=90ms TTL=48
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 80ms, Maximum = 90ms, Average = 85ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 12...00 ff a7 08 24 7c ......TAP-Win32 Adapter V9
 11...00 26 82 f0 03 4c ......Broadcom 43224AG 802.11a/b/g/draft-n Wi-Fi Adapter
 10...64 31 50 72 f5 6b ......Intel® 82577LC Gigabit Network Connection
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1        10.0.0.58     11
         10.0.0.0    255.255.255.0         On-link         10.0.0.58    266
        10.0.0.58  255.255.255.255         On-link         10.0.0.58    266
       10.0.0.255  255.255.255.255         On-link         10.0.0.58    266
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         10.0.0.58    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         10.0.0.58    266
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 10    266 fe80::/64                On-link
 10    266 fe80::c8b3:bca4:2792:1e48/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 07 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 08 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 Z:\Windows\System32\NLAapi.dll [File Not found] ()
x64-Catalog5 02 Z:\Windows\System32\napinsp.dll [File Not found] ()
x64-Catalog5 03 Z:\Windows\System32\pnrpnsp.dll [File Not found] ()
x64-Catalog5 04 Z:\Windows\System32\pnrpnsp.dll [File Not found] ()
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 07 Z:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog5 08 Z:\Windows\System32\winrnr.dll [File Not found] ()
x64-Catalog9 01 Z:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 02 Z:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 03 Z:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 04 Z:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 05 Z:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 06 Z:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 07 Z:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 08 Z:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 09 Z:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 10 Z:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 11 Z:\Windows\System32\mswsock.dll [File Not found] ()
 
**** End of log ****


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:25 PM

Posted 07 October 2015 - 11:17 AM

Very good.

Let's monitor it a bit and in the meantime do this.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:25 PM

Posted 11 October 2015 - 08:35 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 JP_Smith

JP_Smith
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 13 October 2015 - 07:36 AM

Sorry...  Things have been working fine with the computer.  I haven't run those checks you asked for because they were lagging the machine to bad.  What I think I'm going to end up doing is monitoring it going forward and then if there is another problem, just wiping the machine.



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:25 PM

Posted 13 October 2015 - 08:53 AM

Very good. Do you have any other questions or concerns?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users