Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE feels like it has been hijacked...


  • Please log in to reply
3 replies to this topic

#1 moestroz14

moestroz14

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 23 June 2016 - 01:52 PM

IE feels like it has been hijacked....

The home address is www.msn.com, which it can reach...

but then from there Internet Explorer takes a long time to go to another site or will give message that it has to recover the webpage.

Feels like something has changed recently.

I ran the two logs and are attaching them to case.

 

Thanks for you assistance.

moestroz14

Attached Files



BC AdBot (Login to Remove)

 


#2 moestroz14

moestroz14
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 23 June 2016 - 04:14 PM

Here is the FRST.TXT log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-06-2016 01
Ran by rick (administrator) on GX780-C0SBDQ1 (23-06-2016 11:46:38)
Running from C:\Users\rick\Desktop
Loaded Profiles: rick (Available Profiles: admin & rick & lynn & Administrator)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nuance Communications, Inc.) C:\Program Files\Xerox Scan To PC Desktop 12\PaperPort 14\PDFProFiltSrvPP.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Windows\Xerox\PanelMgr\SSMMgr.exe
() C:\Program Files\Xerox\Xerox WorkCentre 3220\PSU\Scan2pc.exe
(Nuance Communications, Inc.) C:\Program Files\Xerox Scan To PC Desktop 12\PaperPort 14\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Xerox Scan To PC Desktop 12\OmniPage 18\omnipage.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Nuance Communications, Inc.) C:\Program Files\Xerox Scan To PC Desktop 12\PDF Viewer 7\PdfPro7Hook.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Business Technical Consulting) C:\Program Files\VizManager\VizManager.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\UdaterUI.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\McTray.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\BusinessMessaging.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Gadwin Systems, Inc) C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office10\MSOFFICE.EXE
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(ASUS Cloud Corporation) C:\Program Files\ASUS\WebStorage\2.2.8.559\AsusWSPanel.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\ASUS\WebStorage\2.2.8.559\AsusWSService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.223.2397.0.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-06-22] (Analog Devices, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM\...\Run: [RemoteControl9] => C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM\...\Run: [PDVD9LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [Xerox PanelMgr] => C:\Windows\Xerox\PanelMgr\SSMMgr.exe [626688 2010-01-26] ()
HKLM\...\Run: [Stanley-H_XRX_S2P] => C:\Program Files\Xerox\Xerox WorkCentre 3220\PSU\Scan2pc.exe [253952 2010-01-26] ()
HKLM\...\Run: [IndexSearch] => C:\Program Files\Xerox Scan To PC Desktop 12\PaperPort 14\IndexSearch.exe [51616 2013-02-26] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Xerox Scan To PC Desktop 12\PaperPort 14\pptd40nt.exe [39328 2013-02-26] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort14reminder] => "C:\Program Files\Xerox Scan To PC Desktop 12\PaperPort 14\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\14\Config\Ereg\Ereg.ini"
HKLM\...\Run: [ISUSPM] => "C:\ProgramData\FLEXnet\Connect\11\isuspm.exe" -scheduler
HKLM\...\Run: [OmniPage Preload] => C:\Program Files\Xerox Scan To PC Desktop 12\OmniPage 18\OmniPage.exe [1460736 2013-03-01] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFProHook] => C:\Program Files\Xerox Scan To PC Desktop 12\PDF Viewer 7\pdfpro7hook.exe [641424 2012-11-05] (Nuance Communications, Inc.)
HKLM\...\Run: [WebStorage] => C:\Program Files\ASUS\WebStorage\2.2.8.559\ASUSWSLoader.exe [62944 2016-05-04] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [23972712 2016-05-31] (Dropbox, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM\...\Run: [VizManager] => C:\Program Files\VizManager\VizManager.exe [241664 2015-08-07] (Business Technical Consulting)
HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\udaterui.exe [337440 2013-12-04] (McAfee, Inc.)
HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [244080 2015-08-20] (McAfee, Inc.)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll [2010-09-15] (UPEK Inc.)
HKU\S-1-5-21-758252316-122362781-1648912389-1146\...\Run: [VizManager] => [X]
HKU\S-1-5-21-758252316-122362781-1648912389-1146\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-04-28] (Google Inc.)
HKU\S-1-5-21-758252316-122362781-1648912389-1146\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-758252316-122362781-1648912389-1146\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-758252316-122362781-1648912389-1146\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-758252316-122362781-1648912389-1146\...\Run: [Gadwin PrintScreen] => C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [1842384 2012-05-30] (Gadwin Systems, Inc)
HKU\S-1-5-21-758252316-122362781-1648912389-1146\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_21_0_0_242_Plugin.exe -update plugin
HKU\S-1-5-21-758252316-122362781-1648912389-1146\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [293888 2010-11-20] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 wvauth
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_BN] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB9} => C:\Program Files\Common Files\AWS\2.2.8.559\ASUSWSShellExt.dll [2014-11-18] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_ON] -> {618A47A2-528B-4D9A-AFC8-97D3233511E3} => C:\Program Files\Common Files\AWS\2.2.8.559\ASUSWSShellExt.dll [2014-11-18] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_UN] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files\Common Files\AWS\2.2.8.559\ASUSWSShellExt.dll [2014-11-18] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2010-10-16] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2010-10-16] (Wave Systems Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2011-05-09]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 151.106.100.47 151.106.100.46
Tcpip\..\Interfaces\{A0BA5C0D-B282-4E43-88A6-E17B4612E5AF}: [DhcpNameServer] 151.106.100.47 151.106.100.46

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-758252316-122362781-1648912389-1146\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKLM -> DefaultScope {880906F8-FCAD-4FE2-B327-56FF462A53B3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {880906F8-FCAD-4FE2-B327-56FF462A53B3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-758252316-122362781-1648912389-1146 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-758252316-122362781-1648912389-1146 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Xerox Scan To PC Desktop 12\PDF Viewer 7\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-09] (Oracle Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20160408154259.dll [2016-04-08] (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-09] (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-758252316-122362781-1648912389-1146 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} hxxp://duneside.viewnetcam.com/SysCamInst.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {36299202-09EF-4ABF-1337-47C599DBE7A6} hxxp://www.biddingtraveler.com/binary/autobid-v39.cab
DPF: {79EDAEA5-7BF5-11D3-9D68-00C04F962ACC} hxxp://adc-ezismp3.whirlpool.com/clientreg/WCDCAB.CAB
DPF: {81C509A4-A101-11D4-9D69-00C04F962ACC} hxxp://adc-ezismp3.whirlpool.com/clientreg/CRegistration.CAB
DPF: {88DD90B6-C770-4CFF-B7A4-3AFD16BB8824} hxxp://rsc5:8080/CrystalReports/crystalreportviewers/ActiveXControls/PrintControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {C05FE3D5-CD6A-4FBA-BBD5-54E3BDE35F07} hxxp://rsc01:8080/BOE/portal/1510021328/CrystalReports/crystalreportviewers/ActiveXControls/PrintControl.cab
DPF: {C0A870C3-66BB-4106-9A25-60A26F3C1DA8} hxxp://rsc01:8080/BOE/portal/1510021328/CrystalReports/crystalreportviewers/ActiveXControls/ActiveXViewer.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://sap.webex.com/client/WBXclient-T27L10NSP25-10481/webex/ieatgpc1.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2011-02-04] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\rick\AppData\Roaming\Mozilla\Firefox\Profiles\bln2z5u0.default-1410804017423
FF Homepage: hxxp://www.msn.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-18] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-09] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-10-04] (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll [No File]
FF Plugin: ZEON/PDF,version=2.0 -> C:\Program Files\Xerox Scan To PC Desktop 12\PDF Viewer 7\bin\nppdf.dll [2011-07-15] (Zeon Corporation)
FF HKLM\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files\Common Files\McAfee\SystemCore [2016-06-23] [not signed]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-10] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-10] (Dropbox, Inc.)
R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-04-12] (Macrovision Europe Ltd.) [File not signed]
S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) [File not signed]
R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [127520 2013-12-04] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [220784 2016-04-08] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [208936 2015-08-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [242408 2016-04-08] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2011-04-13] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files\Xerox Scan To PC Desktop 12\PaperPort 14\PDFProFiltSrvPP.exe [220488 2013-02-26] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2011-04-13] (Hewlett-Packard) [File not signed]
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1477632 2010-11-03] (Wave Systems Corp.) [File not signed]
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () [File not signed]
R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2336104 2010-10-16] (Wave Systems Corp.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [41984 2008-10-28] (Samsung Electronics Co., Ltd.) [File not signed]
S3 HPFXBULKLEDM; C:\Windows\System32\drivers\hppcbulkio.sys [20504 2010-10-03] (Hewlett Packard)
S3 HPFXFAX; C:\Windows\System32\drivers\hppcfaxio.sys [21528 2010-12-14] (Hewlett Packard)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [315576 2016-04-08] (McAfee, Inc.)
R3 mfeaacsk; C:\Windows\System32\drivers\mfeaacsk.sys [59584 2016-04-08] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [116104 2011-04-12] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [269872 2016-04-08] (McAfee, Inc.)
R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [79992 2016-04-08] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [380504 2016-04-08] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [658528 2016-04-08] (McAfee, Inc.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [61736 2016-04-08] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100632 2016-04-08] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [223520 2016-04-08] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [30880 2010-02-03] (Intel Corporation )
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2008-10-27] (Samsung Electronics) [File not signed]
U3 mfeavfk01; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-23 11:46 - 2016-06-23 11:47 - 00025111 _____ C:\Users\rick\Desktop\FRST.txt
2016-06-23 11:46 - 2016-06-23 11:46 - 00000000 ____D C:\FRST
2016-06-23 11:45 - 2016-06-23 11:41 - 01738240 _____ (Farbar) C:\Users\rick\Desktop\FRST.exe
2016-06-22 07:54 - 2016-06-22 07:54 - 00064000 _____ C:\Users\rick\Desktop\History of missing DHIN 10 wire.xls
2016-06-21 12:14 - 2016-06-21 12:14 - 02077392 _____ (Microsoft Corporation) C:\Users\rick\Downloads\IE11-Windows6.1(1).exe
2016-06-21 12:13 - 2016-06-21 12:13 - 02077392 _____ (Microsoft Corporation) C:\Users\rick\Downloads\IE11-Windows6.1.exe
2016-06-17 18:56 - 2016-06-21 10:36 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-06-17 12:06 - 2016-06-17 12:06 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2016-06-15 17:07 - 2016-06-15 17:07 - 00097475 ____N C:\Users\rick\Desktop\Survey response.pdf
2016-06-15 15:39 - 2016-06-15 16:15 - 00031232 _____ C:\Users\rick\Desktop\HydroGear Wire Expenses.xls
2016-06-14 19:48 - 2016-05-11 10:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-14 19:48 - 2016-04-09 01:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-06-14 19:48 - 2016-04-09 01:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-06-14 19:48 - 2016-04-09 00:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-14 19:47 - 2016-06-06 10:26 - 00037096 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-14 19:47 - 2016-06-06 10:23 - 01001472 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-14 19:47 - 2016-06-03 08:04 - 01225216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-14 19:47 - 2016-05-27 08:05 - 00466944 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-06-14 19:47 - 2016-05-27 08:05 - 00461824 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-14 19:47 - 2016-05-27 08:05 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-14 19:47 - 2016-05-27 08:05 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-06-14 19:47 - 2016-05-22 08:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-14 19:47 - 2016-05-13 16:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-14 19:47 - 2016-05-13 16:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-14 19:47 - 2016-05-13 16:49 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-14 19:47 - 2016-05-13 16:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-14 19:47 - 2016-05-13 16:27 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-14 19:47 - 2016-05-12 10:22 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-14 19:47 - 2016-05-12 10:22 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-14 19:47 - 2016-05-12 10:18 - 01062400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-14 19:47 - 2016-05-12 10:18 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-14 19:47 - 2016-05-12 10:18 - 00606720 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-14 19:47 - 2016-05-12 10:18 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-06-14 19:47 - 2016-05-12 10:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-14 19:47 - 2016-05-12 10:18 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-14 19:47 - 2016-05-12 10:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-14 19:47 - 2016-05-12 10:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-14 19:47 - 2016-05-12 10:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-14 19:47 - 2016-05-12 10:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-14 19:47 - 2016-05-12 10:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-14 19:47 - 2016-05-12 10:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-14 19:47 - 2016-05-12 10:18 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-14 19:47 - 2016-05-12 10:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-14 19:47 - 2016-05-12 10:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-14 19:47 - 2016-05-12 10:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-14 19:47 - 2016-05-12 10:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-14 19:47 - 2016-05-12 10:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-14 19:47 - 2016-05-12 09:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-06-14 19:47 - 2016-05-12 09:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2016-06-14 19:47 - 2016-05-12 09:52 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-14 19:47 - 2016-05-12 09:52 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-14 19:47 - 2016-05-12 09:52 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-14 19:47 - 2016-05-12 09:52 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-14 19:47 - 2016-05-12 09:52 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-14 19:47 - 2016-05-12 09:52 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-14 19:47 - 2016-05-12 09:51 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-14 19:47 - 2016-05-12 08:04 - 00370784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-14 19:47 - 2016-05-12 08:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-14 19:47 - 2016-03-09 13:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-06-14 19:46 - 2016-05-12 10:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-14 19:46 - 2016-05-12 10:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-14 19:46 - 2016-05-12 10:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-14 19:46 - 2016-05-12 10:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-14 19:46 - 2016-05-12 10:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-14 19:46 - 2016-05-12 09:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-14 19:46 - 2016-05-12 09:54 - 02397696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-14 19:46 - 2016-05-12 09:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-14 19:46 - 2016-05-12 09:51 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-14 19:46 - 2016-05-11 10:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-14 19:46 - 2016-05-11 10:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-14 19:46 - 2016-05-11 10:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-14 19:46 - 2016-05-11 10:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-14 19:46 - 2016-05-11 09:52 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-14 19:46 - 2016-04-14 10:38 - 00105192 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-06-14 19:46 - 2016-04-14 10:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-06-14 19:46 - 2016-04-14 10:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-06-14 19:46 - 2016-04-14 10:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-06-14 19:46 - 2016-04-14 10:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-06-14 19:46 - 2016-04-14 10:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-06-14 19:46 - 2016-04-14 10:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-06-14 19:45 - 2016-05-23 17:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-14 19:45 - 2016-05-21 11:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-14 19:45 - 2016-05-20 17:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-14 19:45 - 2016-05-20 17:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-14 19:45 - 2016-05-20 16:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-14 19:45 - 2016-05-20 16:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-14 19:45 - 2016-05-20 16:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-14 19:45 - 2016-05-20 16:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-14 19:45 - 2016-05-20 16:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-14 19:45 - 2016-05-20 16:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-14 19:45 - 2016-05-20 16:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-14 19:45 - 2016-05-20 16:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-14 19:45 - 2016-05-20 16:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-14 19:45 - 2016-05-20 16:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-14 19:45 - 2016-05-20 16:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-14 19:45 - 2016-05-20 16:44 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-14 19:45 - 2016-05-20 16:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-14 19:45 - 2016-05-20 16:36 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-14 19:45 - 2016-05-20 16:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-14 19:45 - 2016-05-20 16:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-14 19:45 - 2016-05-20 16:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-14 19:45 - 2016-05-20 16:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-14 19:45 - 2016-05-20 16:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-14 19:45 - 2016-05-20 16:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-14 19:45 - 2016-05-20 16:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-14 19:45 - 2016-05-20 16:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-14 19:45 - 2016-05-20 16:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-14 19:45 - 2016-05-20 16:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-14 19:45 - 2016-05-20 16:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-14 19:45 - 2016-05-20 16:09 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-14 19:45 - 2016-05-20 16:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-14 19:45 - 2016-05-20 16:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-14 19:45 - 2016-05-20 15:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-14 19:45 - 2016-05-20 15:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-14 19:45 - 2016-05-20 15:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-14 19:41 - 2016-05-18 11:10 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-14 09:39 - 2016-06-21 17:40 - 02842624 _____ C:\Users\rick\Desktop\Danfoss Appendix - 061416.xls
2016-06-03 12:45 - 2016-06-03 12:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-02 16:56 - 2016-06-02 16:56 - 00030720 _____ C:\Users\rick\Desktop\Cubs TV Schedule.xls
2016-05-25 10:25 - 2016-05-25 10:25 - 00001233 _____ C:\Users\Public\Desktop\WebStorage.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-23 11:42 - 2015-09-10 00:37 - 00000892 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-06-23 11:29 - 2015-04-07 10:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-23 11:22 - 2009-07-13 23:34 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-23 11:22 - 2009-07-13 23:34 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-23 11:05 - 2014-12-18 12:45 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-23 10:58 - 2015-12-29 10:38 - 00000109 _____ C:\Windows\cdlli52.INI
2016-06-23 10:54 - 2011-04-28 16:03 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-23 10:45 - 2011-04-12 10:31 - 00000136 _____ C:\Windows\system32\config\netlogon.ftl
2016-06-23 09:35 - 2011-04-13 09:06 - 00000000 ____D C:\ProgramData\pdf995
2016-06-23 00:42 - 2015-09-10 00:37 - 00000888 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-06-22 15:54 - 2011-04-28 16:03 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-22 12:00 - 2016-02-08 13:18 - 00000000 ____D C:\Users\rick\Desktop\2016 Wire Price Quotes
2016-06-21 10:36 - 2013-02-04 08:33 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-06-20 22:19 - 2014-07-07 08:09 - 00000000 ____D C:\Users\rick\AppData\Roaming\WebStorage
2016-06-20 21:12 - 2012-05-17 09:47 - 00000000 ____D C:\Program Files\TeamViewer
2016-06-18 09:29 - 2012-05-17 06:30 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-06-18 09:29 - 2011-12-02 10:50 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-06-18 00:21 - 2011-11-04 15:30 - 00000000 ____D C:\QUARANTINE
2016-06-17 14:13 - 2016-04-26 11:08 - 00032256 _____ C:\Users\rick\Desktop\AMEC 3 and DONA 37 Analysis.xls
2016-06-17 12:58 - 2011-05-13 08:30 - 00000000 ____D C:\Users\rick\Desktop\Sauer Forecasts
2016-06-17 12:11 - 2011-04-01 10:58 - 00786558 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-17 12:11 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\inf
2016-06-17 12:09 - 2015-09-14 18:08 - 00000000 ___RD C:\Users\rick\Dropbox
2016-06-17 12:06 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-16 12:03 - 2016-01-12 13:32 - 00044160 ____N C:\Users\rick\Desktop\SCORECARD.pdf
2016-06-15 15:40 - 2013-05-29 11:20 - 00400040 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-15 04:15 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2016-06-15 03:38 - 2011-04-12 13:09 - 00002412 __RSH C:\ProgramData\ntuser.pol
2016-06-15 03:37 - 2009-07-13 23:33 - 00411832 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-15 03:35 - 2014-12-10 04:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-06-15 03:12 - 2013-08-15 03:06 - 00000000 ____D C:\Windows\system32\MRT
2016-06-15 03:05 - 2011-04-13 12:33 - 139785240 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-03 12:45 - 2015-09-10 00:34 - 00000000 ____D C:\Program Files\Dropbox
2016-05-26 03:00 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-25 10:25 - 2016-01-09 00:15 - 00000000 ____D C:\Users\rick\AppData\Roaming\awsRun
2016-05-25 10:24 - 2014-07-07 08:09 - 00000000 ____D C:\Program Files\Common Files\AWS
2016-05-25 07:29 - 2011-07-06 10:40 - 00000000 ____D C:\Users\lynn
2016-05-25 07:29 - 2011-04-12 10:30 - 00000000 ____D C:\Users\admin

==================== Files in the root of some directories =======

2011-12-13 14:13 - 2011-12-13 14:13 - 0000336 _____ () C:\Program Files\temp995.bat
2014-06-17 12:02 - 2014-06-17 12:02 - 0008049 _____ () C:\Users\rick\AppData\Roaming\XeroxFaxOptions.xml

Some files in TEMP:
====================
C:\Users\administrator\AppData\Local\Temp\MSN5CD.exe
C:\Users\rick\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjknkzi.dll
C:\Users\rick\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

LastRegBack: 2016-06-17 00:49

==================== End of FRST.txt ============================



#3 moestroz14

moestroz14
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 23 June 2016 - 04:15 PM

Here is the Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-06-2016 01
Ran by rick (2016-06-23 11:48:36)
Running from C:\Users\rick\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2011-04-12 15:30:02)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

admin (S-1-5-21-2227947053-4176945692-534161092-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-2227947053-4176945692-534161092-500 - Administrator - Disabled)
Guest (S-1-5-21-2227947053-4176945692-534161092-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AV: McAfee VirusScan Enterprise (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.4 - Hewlett-Packard) Hidden
32 Bit HP CIO Components Installer (Version: 8.1.4 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Acrobat 8.1.0 Standard (HKLM\...\Adobe Acrobat  8 Standard) (Version: 8.1.0 - Adobe Systems)
Adobe Flash Player 22 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Amazon Cloud Drive (HKU\S-1-5-21-758252316-122362781-1648912389-1146\...\23ab716f18849b6f) (Version: 2.4.2013.3290 - Amazon)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
BitTorrent (HKLM\...\BitTorrent) (Version: 7.2.1 - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Cook'n (HKLM\...\Cook'n) (Version:  - )
Custom (Version: 12.34.56.789 - Wave Systems Corp.) Hidden
CyberLink PowerDVD 9.5 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{4688EB75-28E2-4731-9BCB-55E624F7CD45}) (Version: 1.3 - Dell Inc.)
Dell Data Protection | Access (HKLM\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.0.00000.154 - Dell Inc.)
Dell Data Protection | Access (Version: 01.00.00.154 - Wave Systems Corp) Hidden
Dell Data Protection | Access | Drivers (HKLM\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 1.00.011 - Dell Inc.)
Dell Data Protection | Access | Middleware (HKLM\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 1.00.005 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
DellAccess (Version: 01.00.00.078 - Wave Systems Corp.) Hidden
doPDF 7.2 printer (HKLM\...\doPDF 7 printer_is1) (Version:  - Softland)
Dropbox (HKLM\...\Dropbox) (Version: 4.4.29 - Dropbox, Inc.)
Dropbox Setup (HKLM\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.0.7 - Dropbox, Inc.)
Dropbox Update Helper (Version: 1.3.27.35 - Dropbox, Inc.) Hidden
EMBASSY Security Center (Version: 04.02.00.072 - Wave Systems Corp.) Hidden
Gadwin PrintScreen (HKLM\...\Gadwin PrintScreen) (Version: 4.7 - Gadwin Systems, Inc.)
Gemalto (Version: 01.01.01.0000 - Wave Systems Corp) Hidden
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
Gupta Runtime 4.0 (HKLM\...\{A22AD9CB-45C1-4EF1-A6A1-615CF87A0B9C}) (Version: 4.00 - Gupta Corp)
HP FWUpdateEDO3 (HKLM\...\{A82D0C46-EBDF-4B27-A731-D06EF2056E81}) (Version: 1.0.0.0 - Hewlett-Packard Company)
HP LaserJet Professional M1530 MFP Series (HKLM\...\{74280B5D-A0AF-46c5-9C85-D9EA078262F1}) (Version:  - Hewlett-Packard)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
hppLaserJetService (Version: 002.015.00599 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
Image Retriever (HKLM\...\{5F0EECDE-4C30-48A0-AEFD-9F3E06811465}) (Version: 11.0 - Nuance Communications, Inc.)
Infor VISUAL ERP 7.1.2 with Service Pack 1 (HKLM\...\InstallShield_{A187FB5F-D7BC-4E05-AA43-19AAF935BD48}) (Version: 7.1.2 - Infor Global Solutions)
Infor VISUAL ERP 7.1.2 with Service Pack 1 (Version: 7.1.2 - Infor Global Solutions) Hidden
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2281 - Intel Corporation)
Intel® Network Connections 15.2.89.0 (HKLM\...\PROSetDX) (Version: 15.2.89.0 - Dell)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 66 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Agent (HKLM\...\{EBF3D65F-011E-44D2-8F4F-C74B52682EDD}) (Version: 4.8.0.1500 - McAfee, Inc.)
McAfee Customer Submission Tool (HKLM\...\{4FB4698D-0131-4F91-A11F-824193379B48}) (Version: 2.3.732 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.06000 - McAfee, Inc.)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Streets & Trips 2011 (HKLM\...\{C82185E8-C27B-4EF4-2011-4444BC2C2B6D}) (Version: 18.0.26.0201 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Firefox 47.0 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTRU TCG Software Stack (Version: 2.1.34 - Security Innovation) Hidden
OmniPage (HKLM\...\{4B302BBC-63B8-49B8-B38C-5C5F4785DD95}) (Version: 18.1.0000 - Nuance Communications, Inc.)
PaperPort (HKLM\...\{6DB68047-634F-4091-BEF7-5694E2A66689}) (Version: 14.2.0000 - Nuance Communications, Inc.)
PaperPort Image Printer (HKLM\...\{0A18E265-C3C2-45BC-A56E-E2BB281C239F}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
PDF Viewer (HKLM\...\{5A90D3BD-E31D-40B4-8005-6D6B6C6B300E}) (Version: 7.20.3219 - Nuance Communications, Inc.)
Pdf995 (HKLM\...\Pdf995) (Version:  - )
Preboot Manager (Version: 03.02.00.066 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.00.00.026 - Wave Systems Corp.) Hidden
Quicken WillMaker Plus 2013 (HKLM\...\{8065044B-2AF3-434E-A6E2-B7C60CDB978B}) (Version: 1.0.0.0 - Nolo)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
ScanSoft PaperPort Viewer 7.0 (HKLM\...\ScanSoft PaperPort Viewer 7.0) (Version:  - )
Scansoft PDF Professional (Version:  - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Snapshot Viewer (HKLM\...\Snapshot Viewer) (Version:  - )
SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
Trusted Drive Manager (Version: 4.0.0.512 - Wave Systems Corp.) Hidden
Unify Runtime 5.2SP5 MSI (HKLM\...\{E86BF288-5A7D-419D-96DE-2EF2C0A2B61D}) (Version: 5.2.3 - Unify Corp)
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
VizManager 2.5.1 (HKLM\...\{6A5B41D2-3199-4F18-90EE-A18281FBEAFB}) (Version: 2.5.1 - Business Technical Consulting)
Wave Infrastructure Installer (Version: 07.02.40.0008 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.12.00.012 - Wave Systems Corp) Hidden
WebEx (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
WebM Media Foundation Components (HKLM\...\webmmf) (Version: 1.0.1.2 - WebM Project)
WebStorage (HKLM\...\WebStorage) (Version: 2.2.8.559 - ASUS Cloud Corporation)
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Xerox WorkCentre 3220 (HKLM\...\Xerox WorkCentre 3220) (Version:  - )
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-758252316-122362781-1648912389-1146_Classes\CLSID\{53B5243F-8302-4DAD-BE8F-1D0665E8225E}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO3.dll (Hewlett-Packard Company)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2849C885-73EC-41A5-8CCF-7D5DB5316BCD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {3ED43819-8A31-4987-9008-B9E414CED226} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2015-09-10] (Dropbox, Inc.)
Task: {68A5D1E2-87E1-452C-9232-66F557B6DC9A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {AA5A2F31-FD75-4DE1-88BB-3FD0678081CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-18] (Adobe Systems Incorporated)
Task: {DD95AF55-7F70-4E7D-9D46-AA3822FE8373} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2015-09-10] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-04-13 09:06 - 2011-12-13 14:16 - 00051716 _____ () C:\Windows\System32\pdf995mon.dll
2015-06-17 12:18 - 2011-03-03 11:57 - 00024064 _____ () C:\Windows\System32\sxs2ml3.dll
2014-06-17 12:02 - 2009-04-02 09:58 - 00094208 _____ () C:\Windows\System32\XeroxFaxPort.dll
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2007-04-18 19:30 - 2007-04-18 19:30 - 00393216 _____ () C:\Program Files\McAfee\Common Framework\cryptocme2.dll
2007-04-18 19:30 - 2007-04-18 19:30 - 00471040 _____ () C:\Program Files\McAfee\Common Framework\ccme_base.dll
2010-03-29 12:03 - 2010-03-29 12:03 - 00274432 _____ () C:\Windows\system32\SaMinDrv.dll
2014-06-17 11:58 - 2010-01-26 01:55 - 00626688 _____ () C:\Windows\Xerox\PanelMgr\SSMMgr.exe
2014-06-17 12:01 - 2010-01-26 01:53 - 00253952 _____ () C:\Program Files\Xerox\Xerox WorkCentre 3220\PSU\Scan2pc.exe
2014-06-17 12:01 - 2008-10-28 01:02 - 00184320 _____ () C:\Program Files\Xerox\Xerox WorkCentre 3220\PSU\IMFilter.dll
2014-06-17 12:01 - 2008-10-28 01:03 - 01384520 _____ () C:\Program Files\Xerox\Xerox WorkCentre 3220\PSU\ssole.dll
2016-06-03 12:45 - 2016-05-05 05:09 - 00034768 _____ () C:\Program Files\Dropbox\Client\_multiprocessing.pyd
2016-06-03 12:44 - 2016-05-05 05:10 - 00019408 _____ () C:\Program Files\Dropbox\Client\faulthandler.pyd
2016-06-03 12:44 - 2016-05-05 05:09 - 00116688 _____ () C:\Program Files\Dropbox\Client\pywintypes27.dll
2016-06-03 12:45 - 2016-05-05 05:09 - 00093640 _____ () C:\Program Files\Dropbox\Client\_ctypes.pyd
2016-06-03 12:44 - 2016-05-05 05:09 - 00018376 _____ () C:\Program Files\Dropbox\Client\select.pyd
2016-06-03 12:44 - 2016-05-31 13:34 - 00019760 _____ () C:\Program Files\Dropbox\Client\tornado.speedups.pyd
2016-06-03 12:44 - 2016-05-05 05:11 - 00105928 _____ () C:\Program Files\Dropbox\Client\win32api.pyd
2016-06-03 12:44 - 2016-05-05 05:09 - 00392144 _____ () C:\Program Files\Dropbox\Client\pythoncom27.dll
2016-06-03 12:44 - 2016-05-31 13:34 - 00381752 _____ () C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd
2016-06-03 12:44 - 2016-05-05 05:09 - 00692688 _____ () C:\Program Files\Dropbox\Client\unicodedata.pyd
2016-06-03 12:44 - 2016-05-31 13:34 - 00020816 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-06-03 12:45 - 2016-05-05 05:10 - 00123856 _____ () C:\Program Files\Dropbox\Client\_cffi_backend.pyd
2016-06-03 12:44 - 2016-05-31 13:34 - 01682760 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-06-03 12:44 - 2016-05-31 13:34 - 00020808 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-06-03 12:45 - 2016-05-31 13:34 - 00021840 _____ () C:\Program Files\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-06-03 12:44 - 2016-05-31 13:34 - 00038696 _____ () C:\Program Files\Dropbox\Client\fastpath.pyd
2016-06-03 12:44 - 2016-05-05 05:11 - 00020936 _____ () C:\Program Files\Dropbox\Client\mmapfile.pyd
2016-06-03 12:44 - 2016-05-05 05:11 - 00024528 _____ () C:\Program Files\Dropbox\Client\win32event.pyd
2016-06-03 12:45 - 2016-05-05 05:11 - 00114640 _____ () C:\Program Files\Dropbox\Client\win32security.pyd
2016-06-03 12:44 - 2016-05-05 05:11 - 00124880 _____ () C:\Program Files\Dropbox\Client\win32file.pyd
2016-06-03 12:45 - 2016-05-31 13:34 - 00021832 _____ () C:\Program Files\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-06-03 12:44 - 2016-05-05 05:11 - 00024016 _____ () C:\Program Files\Dropbox\Client\win32clipboard.pyd
2016-06-03 12:44 - 2016-05-05 05:11 - 00175560 _____ () C:\Program Files\Dropbox\Client\win32gui.pyd
2016-06-03 12:44 - 2016-05-05 05:11 - 00030160 _____ () C:\Program Files\Dropbox\Client\win32pipe.pyd
2016-06-03 12:45 - 2016-05-05 05:11 - 00043472 _____ () C:\Program Files\Dropbox\Client\win32process.pyd
2016-06-03 12:45 - 2016-05-05 05:11 - 00048592 _____ () C:\Program Files\Dropbox\Client\win32service.pyd
2016-06-03 12:45 - 2016-05-31 13:34 - 00023872 _____ () C:\Program Files\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-06-03 12:44 - 2016-05-05 05:09 - 00134088 _____ () C:\Program Files\Dropbox\Client\pyexpat.pyd
2016-06-03 12:44 - 2016-05-31 13:34 - 00026456 _____ () C:\Program Files\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-06-03 12:44 - 2016-05-05 05:11 - 00057808 _____ () C:\Program Files\Dropbox\Client\win32evtlog.pyd
2016-06-03 12:45 - 2016-05-05 05:11 - 00024016 _____ () C:\Program Files\Dropbox\Client\win32profile.pyd
2016-06-03 12:44 - 2016-05-31 13:33 - 00246592 _____ () C:\Program Files\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-06-03 12:45 - 2016-05-05 05:11 - 00028616 _____ () C:\Program Files\Dropbox\Client\win32ts.pyd
2016-06-03 12:44 - 2016-05-31 13:34 - 00052024 _____ () C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd
2016-06-03 12:45 - 2016-05-05 05:09 - 00134608 _____ () C:\Program Files\Dropbox\Client\_elementtree.pyd
2016-06-03 12:44 - 2016-05-05 05:10 - 00240584 _____ () C:\Program Files\Dropbox\Client\jpegtran.pyd
2016-06-03 12:45 - 2016-05-31 13:34 - 00020800 _____ () C:\Program Files\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-06-03 12:45 - 2016-05-31 13:34 - 00019776 _____ () C:\Program Files\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-06-03 12:45 - 2016-05-31 13:34 - 00020800 _____ () C:\Program Files\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-06-03 12:44 - 2016-05-31 13:34 - 00020280 _____ () C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-06-03 12:45 - 2016-05-31 13:34 - 00023376 _____ () C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-06-03 12:45 - 2016-05-05 05:11 - 00350152 _____ () C:\Program Files\Dropbox\Client\winxpgui.pyd
2016-06-03 12:45 - 2016-05-31 13:34 - 00022352 _____ () C:\Program Files\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-06-03 12:44 - 2016-05-31 13:34 - 00024392 _____ () C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-06-03 12:44 - 2016-05-05 05:12 - 00036296 _____ () C:\Program Files\Dropbox\Client\librsync.dll
2016-06-03 12:44 - 2016-05-31 13:34 - 00084280 _____ () C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-06-03 12:44 - 2016-05-31 13:34 - 01826096 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd
2016-06-03 12:44 - 2016-05-05 05:10 - 00083912 _____ () C:\Program Files\Dropbox\Client\sip.pyd
2016-06-03 12:44 - 2016-05-31 13:34 - 03928880 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-06-03 12:44 - 2016-05-31 13:34 - 01971504 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd
2016-06-03 12:44 - 2016-05-31 13:34 - 00531248 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-06-03 12:44 - 2016-05-31 13:34 - 00132912 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-06-03 12:44 - 2016-05-31 13:34 - 00223544 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-06-03 12:44 - 2016-05-31 13:34 - 00207672 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-06-03 12:44 - 2016-05-05 05:11 - 00060880 _____ () C:\Program Files\Dropbox\Client\win32print.pyd
2016-06-03 12:45 - 2016-05-31 13:34 - 00024904 _____ () C:\Program Files\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-06-03 12:44 - 2016-05-31 13:34 - 00546096 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQuick.pyd
2016-06-03 12:44 - 2016-05-31 13:34 - 00357680 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQml.pyd
2016-06-03 12:44 - 2016-05-05 05:13 - 00017864 _____ () C:\Program Files\Dropbox\Client\libEGL.dll
2016-06-03 12:44 - 2016-05-05 05:13 - 01631184 _____ () C:\Program Files\Dropbox\Client\libGLESv2.dll
2016-06-03 12:44 - 2016-05-05 05:15 - 00697304 _____ () C:\Program Files\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-05-11 03:46 - 2016-05-11 03:46 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5d3fdf7962e3a154830b603096be4216\IsdiInterop.ni.dll
2011-04-01 10:58 - 2010-03-03 20:08 - 00058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2016-05-04 00:24 - 2016-05-04 00:24 - 01378272 _____ () C:\Program Files\ASUS\WebStorage\2.2.8.559\AsusWSService.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-758252316-122362781-1648912389-1146\...\sauer-danfoss.com -> hxxps://suppliers.sauer-danfoss.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-758252316-122362781-1648912389-1146\Control Panel\Desktop\\Wallpaper -> C:\Users\rick\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 151.106.100.47 - 151.106.100.46
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{079A7D40-8BE0-4B9F-A634-3836C5FE33DB}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A340FAC6-DFBC-43B1-B24C-E1F5BCDA76AC}] => (Allow) LPort=2869
FirewallRules: [{C3C3B49F-7C9B-4461-AF7E-CF59E7F79CA9}] => (Allow) LPort=1900
FirewallRules: [{3EEF4C59-E634-46C1-958D-3D257EC6FA57}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{EAC9ED34-86E2-454B-830D-C01EE0805FB9}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{7544F663-4018-4670-A376-7D8B32CF8883}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{39A2E050-06AD-41CF-ACC3-6B5CC90F94EC}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{AC2EA3AC-0B44-43B8-A115-5FEAE5CE6517}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{4BA1FA5E-094A-40B3-B7B8-6C922A263E13}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{9A8535DB-F400-4411-AED5-6D1BE1BCFF07}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{F4FC24AB-C039-447D-AEF3-CC06CC1781D1}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [TCP Query User{EC28B72F-53E2-4311-80D2-372ED7BF0439}C:\program files\google\google earth\client\googleearth.exe] => (Allow) C:\program files\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{C7237CE7-15DD-4442-83D8-F11A8E7F6267}C:\program files\google\google earth\client\googleearth.exe] => (Allow) C:\program files\google\google earth\client\googleearth.exe
FirewallRules: [{375216CA-36DD-4041-AF39-59AAF2E1F500}] => (Allow) C:\Program Files\BitTorrent\BitTorrent.exe
FirewallRules: [{AD7CF1DE-C551-4D47-8159-4E856B6923BC}] => (Allow) C:\Program Files\BitTorrent\BitTorrent.exe
FirewallRules: [{65C34E0B-EB3C-4E78-B66C-60648FE140E7}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{978670B2-CD69-4F0D-A2D7-249D157C4A23}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5FA3DBBE-D6F4-45D3-98BB-336B2D515DFE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{CCE4A699-C84A-49ED-A5FC-E3F28E1A4B90}C:\users\rick\appdata\local\dvo\cook'n10app\cook'n.exe] => (Block) C:\users\rick\appdata\local\dvo\cook'n10app\cook'n.exe
FirewallRules: [UDP Query User{1FA5E6F0-38B3-4491-864E-0D7C735F29D4}C:\users\rick\appdata\local\dvo\cook'n10app\cook'n.exe] => (Block) C:\users\rick\appdata\local\dvo\cook'n10app\cook'n.exe
FirewallRules: [{106F2AC9-3E28-4C7F-A3F3-BADF84A7DDF8}] => (Allow) C:\Program Files\HP\csiInstaller\74280B5D-A0AF-46c5-9C85-D9EA078262F1\Installer\hpbcsiInstaller.exe
FirewallRules: [{DBFC4949-C72C-4202-A2D1-E8A6E15B4843}] => (Allow) C:\Program Files\HP\csiInstaller\74280B5D-A0AF-46c5-9C85-D9EA078262F1\Installer\hpbcsiInstaller.exe
FirewallRules: [{B3948CF3-1F56-4729-8475-BF8B39300D7D}] => (Allow) C:\Windows\twain_32\Xerox\WC3220\Sscan2io.exe
FirewallRules: [{1E35A15A-BDCD-4E8F-8365-3B13675412E1}] => (Allow) C:\Windows\twain_32\Xerox\WC3220\Sscan2io.exe
FirewallRules: [{5D55DB0E-8557-4496-8D58-D52EEECE4710}] => (Allow) C:\Program Files\Xerox Scan To PC Desktop 12\OmniPage 18\OmniPage18.exe
FirewallRules: [{BE59B262-B455-4AD8-ADE2-47F6647BA7E1}] => (Allow) C:\Program Files\Xerox Scan To PC Desktop 12\OmniPage 18\OmniPage18.exe
FirewallRules: [{93089B41-EA93-400D-97F6-D1D89E6F3A36}] => (Allow) C:\Program Files\Xerox Scan To PC Desktop 12\OmniPage 18\Ereg\Ereg.exe
FirewallRules: [{20E333AC-9C0F-4BC4-B22B-36AAC7F67C3E}] => (Allow) C:\Program Files\Xerox Scan To PC Desktop 12\OmniPage 18\Ereg\Ereg.exe
FirewallRules: [{293F78FB-4C2A-4FC0-A8DA-8DE1D3FD31AE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{1E955D83-1198-4BA7-B019-E7831A6090A4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AEE384DF-22D8-4552-8A02-BF10A45B9C37}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E94E97CB-DC75-4AF1-B0A6-1995D533A7CC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F41062C5-EB97-4BAA-985A-EB72E3F04C6F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7869687E-9290-4922-ADE5-EA5C84F41708}] => (Allow) C:\Program Files\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{7829F655-7963-4A15-AFAB-48931D205F29}] => (Allow) C:\Program Files\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{A7BF4FEC-3D2F-4E58-AEF7-C8EEF82F01AF}] => (Allow) C:\Program Files\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{62D55BC6-E891-4043-89FF-933D0821A1B1}] => (Allow) C:\Program Files\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{228FFDBF-AEAA-4C31-BB25-64A8F22F8582}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{DDDAF165-EB20-4C6D-BBB5-8B875A2F3D74}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{EAC59946-CF40-4949-8528-2C9D8E887EC2}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{CF6E276A-66B7-4BA1-A356-2D824F2B9E45}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{68F88082-A9F5-4760-B713-8A0D028EC95C}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

02-06-2016 07:53:28 Windows Update
06-06-2016 07:53:41 Windows Update
10-06-2016 07:53:46 Windows Update
13-06-2016 07:57:55 Windows Update
15-06-2016 03:00:49 Windows Update
18-06-2016 12:17:40 Windows Update
22-06-2016 12:17:17 Windows Update
23-06-2016 11:40:21 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/23/2016 11:40:05 AM) (Source: McLogEvent) (EventID: 5051) (User: NT AUTHORITY)
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 14956 (0x3a6c)

Thread address : 0x77A46BF4

Thread message :

 Build VSCORE.15.4.0.583 / 5800.7501
 Object being scanned = \Device\HarddiskVolume3\Windows\SoftwareDistribution\Download\ec5d032aa791a8f6db0bec5583680df9\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23154_none_a8b01abad44ba24e\secur32.dll
 by c:\Program Files\Microsoft Security Client\MsMpEng.exe
 4(0)(0)
 4(0)(0)
 7200(0)(0)
 7595(0)(0)
 7005(0)(0)
 7004(0)(0)
 5006(0)(0)
 5004(0)(0)

Error: (06/23/2016 11:36:04 AM) (Source: McLogEvent) (EventID: 5051) (User: NT AUTHORITY)
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 15532 (0x3cac)

Thread address : 0x77A46BF4

Thread message :

 Build VSCORE.15.4.0.583 / 5800.7501
 Object being scanned = \Device\HarddiskVolume3\Windows\SoftwareDistribution\Download\9d35208722ba25d7d3225061f752d349\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23455_none_a8b120b6d44ab31a\secur32.dll
 by c:\Program Files\Microsoft Security Client\MsMpEng.exe
 4(0)(0)
 4(0)(0)
 7200(0)(0)
 7595(0)(0)
 7005(0)(0)
 7004(0)(0)
 5006(0)(0)
 5004(0)(0)

Error: (06/23/2016 11:20:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18347 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ba4

Start Time: 01d1cd6b1c59bb6c

Termination Time: 20

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (06/23/2016 11:14:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18347 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3dbc

Start Time: 01d1cd69f27d17a4

Termination Time: 46

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (06/23/2016 11:12:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18347 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1cec

Start Time: 01d1cd69520624b4

Termination Time: 27

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (06/23/2016 11:11:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18347 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a58

Start Time: 01d1cd687dd23ad4

Termination Time: 65

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (06/23/2016 11:07:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18347 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3aec

Start Time: 01d1cd692c428e5c

Termination Time: 20

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (06/23/2016 11:06:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18347 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3468

Start Time: 01d1cd691627ae7c

Termination Time: 33

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (06/23/2016 11:05:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18347 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2c10

Start Time: 01d1cd68866e6474

Termination Time: 28

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (06/23/2016 11:01:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18347 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3a8c

Start Time: 01d1cd6815653294

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: b4ee94cd-395b-11e6-aa49-782bcb81b38b

System errors:
=============
Error: (06/23/2016 11:40:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee McShield service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (06/23/2016 11:36:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee McShield service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (06/20/2016 12:27:13 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1030) (User: RSC)
Description: The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.

Error: (06/19/2016 10:35:13 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1030) (User: RSC)
Description: The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.

Error: (06/19/2016 09:00:12 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1030) (User: RSC)
Description: The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.

Error: (06/19/2016 07:22:12 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1030) (User: RSC)
Description: The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.

Error: (06/19/2016 05:48:11 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1030) (User: RSC)
Description: The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.

Error: (06/19/2016 04:08:11 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1030) (User: RSC)
Description: The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.

Error: (06/19/2016 02:36:10 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1030) (User: RSC)
Description: The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.

Error: (06/19/2016 12:39:10 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1030) (User: RSC)
Description: The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.

CodeIntegrity:
===================================
  Date: 2015-08-01 12:11:44.162
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-01 12:11:44.146
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-01 12:11:44.130
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-01 12:11:44.115
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-01 12:11:43.865
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-01 12:11:43.725
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-01 12:11:43.709
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-01 12:11:43.694
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2012-05-13 14:36:42.148
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-05-13 14:36:42.101
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 65%
Total physical RAM: 3547.59 MB
Available physical RAM: 1240.12 MB
Total Virtual: 7093.51 MB
Available Virtual: 4629.53 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:223.5 GB) (Free:138.95 GB) NTFS
Drive j: (Data) (Network) (Total:1114.71 GB) (Free:796.49 GB) NTFS
Drive n: (Data) (Network) (Total:1114.71 GB) (Free:796.49 GB) NTFS
Drive o: (Data) (Network) (Total:1114.71 GB) (Free:796.49 GB) NTFS
Drive p: (Data) (Network) (Total:1114.71 GB) (Free:796.49 GB) NTFS
Drive q: (Data) (Network) (Total:1114.71 GB) (Free:796.49 GB) NTFS
Drive r: (Data) (Network) (Total:1114.71 GB) (Free:796.49 GB) NTFS
Drive s: (Data) (Network) (Total:1114.71 GB) (Free:796.49 GB) NTFS
Drive v: (Backups) (Network) (Total:550 GB) (Free:245.05 GB) NTFS
Drive x: (Data) (Network) (Total:1114.71 GB) (Free:796.49 GB) NTFS
Drive y: (Data) (Network) (Total:1114.71 GB) (Free:796.49 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.8 GB) (Disk ID: CB59CF0B)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=9.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#4 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:10 AM

Posted 24 June 2016 - 08:16 AM

hi,

​You can try setting IE back to its defaults. with IE open go to tools or the gear looking icon>Internet Settings>Advanced tab, click on the reset button and chcek the box: delete personal settings and follow the prompts.

You also have two AV, Mcafee and MSE. Only need one resident active Antivirus on a machine. Two is not better in the case of AV.

​Usually only on this site once or twice per day so you may not get a response back from me until the following day.


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users