|
Log-Analyse und Auswertung: Adware.1Clickdownload in der RegistrydateiWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
23.12.2016, 14:53 | #1 |
| Adware.1Clickdownload in der Registrydatei Ich hatte in letzter Zeit oefters Probleme mit meinem Norton Antivirus, indem ich kurz nach einem Virusdaten Update nochmals ein Update gefahren bin. Jedesmal sah ich grosse Update Dateiemn von ueber 30 mbs. Ich fand das beunruhigend. Habe danach ein zweites Virenscanner Programm benutzt. Waehrend der Scan ist die Software wiederholt an einigen Stellen (file scans haengengeblieben. Waehrend der (ongoing scans ) wurden 5 Malware Programme auf der Registry angezeigt. Ich konnte auch keinen normalen scan fertigstellen. die blieben immer haengen. Habe dann auch Windows defender versucht, der aber die Malware nicht angezeigt hatte. Ein Screenshot der (during scan) Malwareanzeigen ist angeheftet. Geändert von hansreit (23.12.2016 um 15:26 Uhr) |
23.12.2016, 21:52 | #2 |
/// TB-Ausbilder /// Anleitungs-Guru | Adware.1Clickdownload in der RegistrydateiMein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
Hinweis: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst. Los geht's: Bitte Logs in den Thread posten. Falls nötig splitten.
__________________ |
24.12.2016, 16:41 | #3 | |
| Adware.1Clickdownload in der RegistrydateiZitat:
# Database : 2016-12-23.1 [Server] # Operating System : Windows 7 Home Premium Service Pack 1 (X64) # Username : Hans - HP # Running from : C:\Users\Hans\Downloads\AdwCleaner_6.041.exe # Mode: Scan # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** Service Found: swdumon ***** [ Folders ] ***** Folder Found: C:\Users\Hans\AppData\Local\PackageAware Folder Found: C:\Users\Hans\AppData\Local\slimware utilities inc Folder Found: C:\Users\Hans\AppData\Local\WhiteListing Folder Found: C:\Users\Hans\AppData\Local\SlimWare Utilities Inc Folder Found: C:\Users\Hans\AppData\LocalLow\HPAppData Folder Found: C:\Users\Hans\AppData\LocalLow\Inbox Toolbar Folder Found: C:\Users\Hans\AppData\LocalLow\Yahoo!\Companion Folder Found: C:\Users\Marbella\AppData\LocalLow\AVG Secure Search Folder Found: C:\Program Files\Common Files\Goobzo Folder Found: C:\ProgramData\SearchModule Folder Found: C:\ProgramData\Viewpoint Folder Found: C:\ProgramData\Application Data\SearchModule Folder Found: C:\ProgramData\Application Data\Viewpoint Folder Found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar Folder Found: C:\Users\Public\Documents\Downloaded Installers Folder Found: C:\Program Files (x86)\Conduit Folder Found: C:\Program Files (x86)\driverupdate Folder Found: C:\Program Files (x86)\I Want This Folder Found: C:\Program Files (x86)\Viewpoint Folder Found: C:\Program Files (x86)\CompuClever Folder Found: C:\Program Files (x86)\DriverUpdate Folder Found: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion Folder Found: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo!\Companion Folder Found: C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd ***** [ Files ] ***** File Found: C:\Users\Marbella\Desktop\YouTube Accelerator.lnk File Found: C:\Windows\SysNative\drivers\swdumon.sys File Found: C:\Users\Public\Desktop\eBay.lnk File Found: C:\ProgramData\uninstaller.exe File Found: C:\ProgramData\Application Data\uninstaller.exe File Found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk File Found: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\invalidprefs.js File Found: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\searchplugins\bingp.xml File Found: C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fcfenmboojpjinhpgggodefccipikbpd_0.localstorage File Found: C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fcfenmboojpjinhpgggodefccipikbpd_0.localstorage-journal ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** Shortcut infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Help.lnk ( /showurl hxxp://toolbar.inbox.com/faq.aspx ) Shortcut infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Inbox.com.lnk ( /showurl hxxp://www.inbox.com/homepage.aspx?tbid=80114&iwk=253&lng=en ) Shortcut infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Settings.lnk ( /showurl hxxp://toolbar.inbox.com/settings/settings.aspx?lng=en ) ***** [ Scheduled Tasks ] ***** No malicious task found. ***** [ Registry ] ***** Key Found: HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} Key Found: HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF Key Found: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg Key Found: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1 Key Found: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2 Key Found: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1 Key Found: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Found: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Found: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Found: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector.1 Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1 Key Found: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar Key Found: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1 Key Found: [x64] HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF Key Found: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg Key Found: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1 Key Found: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2 Key Found: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1 Key Found: [x64] HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Found: [x64] HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Found: [x64] HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Found: [x64] HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1 Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1 Key Found: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar Key Found: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1 Key Found: HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found: HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Found: HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found: HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Found: HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Found: HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found: HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Found: HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found: HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found: HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} Key Found: HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} Key Found: HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} Key Found: HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} Key Found: HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} Key Found: HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9} Key Found: HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Found: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found: HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} Key Found: HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found: HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000} Key Found: HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF} Key Found: HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF} Key Found: HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found: HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} Key Found: HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1} Key Found: HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} Key Found: HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887} Key Found: HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672} Key Found: HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} Key Found: HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} Key Found: HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found: HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} Key Found: HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} Key Found: HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} Key Found: HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE} Key Found: HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} Key Found: HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found: HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036} Key Found: HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found: HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD} Key Found: HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762} Key Found: HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} Key Found: HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Value Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}] Value Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] Value Found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{46897C77-E7A6-4C33-BFFB-E9C2E2718942}] Value Found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] Value Found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Value Found: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}] Key Found: HKU\.DEFAULT\Software\Yahoo\Companion Key Found: HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522216\Software\Yahoo\Companion Key Found: HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531436\Software\Yahoo\Companion Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Conduit Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\dsiteproducts Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Inbox Toolbar Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\SlimWare Utilities Inc Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\speedypc software Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\wecarereminder Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Yahoo\Companion Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Yahoo\YFriendsBar Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\YahooPartnerToolbar Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\AppDataLow\Software\Crossrider Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\AppDataLow\Software\Mp3Tube Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\AppDataLow\Software\Yahoo\Companion Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages Key Found: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1318442368-710658752-766906897-1000\Software\Yahoo\Companion Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Conduit Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\dsiteproducts Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Inbox Toolbar Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\SlimWare Utilities Inc Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\speedypc software Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\wecarereminder Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Yahoo\Companion Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Yahoo\YFriendsBar Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\YahooPartnerToolbar Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\AppDataLow\Software\Crossrider Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\AppDataLow\Software\Mp3Tube Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\AppDataLow\Software\Yahoo\Companion Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Conduit Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\dsiteproducts Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Inbox Toolbar Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\SlimWare Utilities Inc Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\speedypc software Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\wecarereminder Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Yahoo\Companion Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Yahoo\YFriendsBar Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\YahooPartnerToolbar Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\AppDataLow\Software\Crossrider Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\AppDataLow\Software\Mp3Tube Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\AppDataLow\Software\Yahoo\Companion Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages Key Found: HKU\S-1-5-18\Software\Yahoo\Companion Key Found: HKCU\Software\Conduit Key Found: HKCU\Software\dsiteproducts Key Found: HKCU\Software\Inbox Toolbar Key Found: HKCU\Software\SlimWare Utilities Inc Key Found: HKCU\Software\speedypc software Key Found: HKCU\Software\wecarereminder Key Found: HKCU\Software\Yahoo\Companion Key Found: HKCU\Software\Yahoo\YFriendsBar Key Found: HKCU\Software\YahooPartnerToolbar Key Found: HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} Key Found: HKCU\Software\AppDataLow\Software\Crossrider Key Found: HKCU\Software\AppDataLow\Software\Mp3Tube Key Found: HKCU\Software\AppDataLow\Software\Yahoo\Companion Key Found: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC. Key Found: HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B} Key Found: HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252} Key Found: HKLM\SOFTWARE\AVG Security Toolbar Key Found: HKLM\SOFTWARE\CompeteInc Key Found: HKLM\SOFTWARE\Inbox Toolbar Key Found: HKLM\SOFTWARE\MetaStream Key Found: HKLM\SOFTWARE\SlimWare Utilities Inc Key Found: HKLM\SOFTWARE\speedypc software Key Found: HKLM\SOFTWARE\Viewpoint Key Found: HKLM\SOFTWARE\Yahoo\Companion Key Found: HKLM\SOFTWARE\systweak Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1318442368-710658752-766906897-1000\Software\Yahoo\Companion Key Found: [x64] HKCU\Software\Conduit Key Found: [x64] HKCU\Software\dsiteproducts Key Found: [x64] HKCU\Software\Inbox Toolbar Key Found: [x64] HKCU\Software\SlimWare Utilities Inc Key Found: [x64] HKCU\Software\speedypc software Key Found: [x64] HKCU\Software\wecarereminder Key Found: [x64] HKCU\Software\Yahoo\Companion Key Found: [x64] HKCU\Software\Yahoo\YFriendsBar Key Found: [x64] HKCU\Software\YahooPartnerToolbar Key Found: [x64] HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} Key Found: [x64] HKCU\Software\AppDataLow\Software\Crossrider Key Found: [x64] HKCU\Software\AppDataLow\Software\Mp3Tube Key Found: [x64] HKCU\Software\AppDataLow\Software\Yahoo\Companion Key Found: [x64] HKLM\SOFTWARE\SearchModule Key Found: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites Key Found: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages Data Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language Data Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://toolbar.inbox.com/search/dispa Data Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://toolbar.inbox.com/search/dispa Data Found: HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language Data Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [SearchAssistant] - hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80364&lng=en Data Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [CustomizeSearch] - hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80364 Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\SearchScopes\{55512205-CAB4-4644-8414-D4389B1F6324} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C4B41B3B-7C64-4E54-84D8-443E039042DC} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Internet Explorer\SearchScopes\{55512205-CAB4-4644-8414-D4389B1F6324} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Internet Explorer\SearchScopes\{C4B41B3B-7C64-4E54-84D8-443E039042DC} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Internet Explorer\SearchScopes\{55512205-CAB4-4644-8414-D4389B1F6324} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Internet Explorer\SearchScopes\{C4B41B3B-7C64-4E54-84D8-443E039042DC} Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{55512205-CAB4-4644-8414-D4389B1F6324} Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C4B41B3B-7C64-4E54-84D8-443E039042DC} Key Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{01703C75-A7B5-4A8A-BE14-65262C860195} Key Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{55512205-CAB4-4644-8414-D4389B1F6324} Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C4B41B3B-7C64-4E54-84D8-443E039042DC} Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} Data Found: [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - Safe\FastAndSafe_x64.dll Key Found: HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found: HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Found: HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Found: HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Found: HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Found: HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Found: HKLM\SOFTWARE\Classes\PROTOCOLS\handler\inbox Key Found: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh Key Found: HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found: HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found: HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Found: HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP Key Found: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC} Key Found: HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1} Key Found: HKLM\SOFTWARE\Classes\protocols\handler\inbox Key Found: HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Key Found: HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Key Found: [x64] HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Key Found: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Key Found: HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Key Found: HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd Key Found: [x64] HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd ***** [ Web browsers ] ***** Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "avg.install.extHomepage" - "hxxp://isearch.avg.com?pid=avg&sg=0&cid=%7Be98b0444-f66e-4d5e-b1b7-288909dd5639%7D&mid Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "avg.install.installDirPath" - "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\18.1.0.443" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "avg.userPreferences.URLBarFocus.whiteList" - "bing\\.com google\\.\\w+ yahoo\\.\\w+ gmail\\.\\w+ hotmail\\.\\w+ li Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.crossrider.bic" - "1398d211988ed465331b1100ef487877" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.aflt" - "axl" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.autoRvrt" - false Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.cntry" - "DE" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.cv" - "cv5" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.dfltLng" - "" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.dfltSrch" - false Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.dnsErr" - true Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.envrmnt" - "production" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.excTlbr" - false Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.hdrMd5" - "89307C2ED2A19BCBB7F870A65AF1D948" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.hmpg" - false Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.hmpgUrl" - "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0D0F0C0 Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.id" - "1C659DFCCA6B6F72" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.instlDay" - "15549" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.instlRef" - "axl" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.isdcmntcmplt" - true Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.lastVrsnTs" - "1.5.23.2210:34:49" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.mntrvrsn" - "1.3.0" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.newTab" - false Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.newTabUrl" - "hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0D0F0 Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.pnu_base" - "{\"newVrsn\":\"259\",\"lastVrsn\":\"259\",\"vrsnLoad\":\"\",\"showMsg\":\"false\" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.prdct" - "funmoods" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.prtnrId" - "funmoods" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.sg" - "none" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.smplGrp" - "none" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.srchPrvdr" - "Search" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.tlbrId" - "base" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.tlbrSrchUrl" - "hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0D0 Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.vrsn" - "1.5.23.22" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.vrsnTs" - "1.5.23.2210:34:49" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.vrsni" - "1.5.23.22" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods_i.newTab" - false Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods_i.smplGrp" - "none" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods_i.vrsnTs" - "1.5.23.2210:34:49" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.wecarereminder.merchHash" - "{\"AFFILIATES\":{\"1and1Internet\":{\"name\":\"1&1 Internet Inc.\",\"autor Firefox pref Found: [C:\Users\Marbella\AppData\Roaming\Mozilla\Firefox\Profiles\r9sh7yhe.default\prefs.js] - "avg.install.installDirPath" - "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\15.5.0.2" Firefox pref Found: [C:\Users\Marbella\AppData\Roaming\Mozilla\Firefox\Profiles\r9sh7yhe.default\prefs.js] - "avg.userPreferences.URLBarFocus.whiteList" - "bing\\.com google\\.\\w+ yahoo\\.\\w+ gmail\\.\\w+ hotmail\\.\\w Chrome pref Found: [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Web data] - search.conduit.com Chrome pref Found: [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Web data] - inbox.com Chrome pref Found: [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com Chrome pref Found: [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com Chrome pref Found: [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Web data] - trovi.search Chrome pref Found: [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Web data] - www-search.net Chrome pref Found: [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - bbjciahceamgodcoidkjpchnokgfpphh Chrome pref Found: [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - booedmolknjekdopkepjjeckmjkdpfgl Chrome pref Found: [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - fcfenmboojpjinhpgggodefccipikbpd Chrome pref Found: [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - flpcjncodpafbgdpnkljologafpionhb Chrome pref Found: [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - ndibdjnfmopecpmkdieinmbadjfpblof Chrome pref Found: [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - ojhagnahfpegocdhlopgljpaafeogmcc Chrome pref Found: [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - hxxp://www-search.net/?s=E59wlim0,e526baa3-d7d6-4508-9117-bb75c30553a2, Chrome pref Found: [C:\Users\Marbella\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com Chrome pref Found: [C:\Users\Marbella\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com ************************* C:\AdwCleaner\AdwCleaner[S0].txt - [39850 Bytes] - [24/12/2016 14:15:24] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [39924 Bytes] ########### Updated on 16/12/2016 by Malwarebytes # Database : 2016-12-23.1 [Server] # Operating System : Windows 7 Home Premium Service Pack 1 (X64) # Username : Hans - HP # Running from : C:\Users\Hans\Downloads\AdwCleaner_6.041.exe # Mode: Clean # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** [-] Service deleted: swdumon ***** [ Folders ] ***** [-] Folder deleted: C:\Users\Hans\AppData\Local\PackageAware [-] Folder deleted: C:\Users\Hans\AppData\Local\slimware utilities inc [-] Folder deleted: C:\Users\Hans\AppData\Local\WhiteListing [#] Folder deleted on reboot: C:\Users\Hans\AppData\Local\SlimWare Utilities Inc [-] Folder deleted: C:\Users\Hans\AppData\LocalLow\HPAppData [-] Folder deleted: C:\Users\Hans\AppData\LocalLow\Inbox Toolbar [-] Folder deleted: C:\Users\Hans\AppData\LocalLow\Yahoo!\Companion [-] Folder deleted: C:\Users\Marbella\AppData\LocalLow\AVG Secure Search [-] Folder deleted: C:\Program Files\Common Files\Goobzo [-] Folder deleted: C:\ProgramData\SearchModule [-] Folder deleted: C:\ProgramData\Viewpoint [#] Folder deleted on reboot: C:\ProgramData\Application Data\SearchModule [#] Folder deleted on reboot: C:\ProgramData\Application Data\Viewpoint [-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar [-] Folder deleted: C:\Users\Public\Documents\Downloaded Installers [-] Folder deleted: C:\Program Files (x86)\Conduit [-] Folder deleted: C:\Program Files (x86)\driverupdate [-] Folder deleted: C:\Program Files (x86)\I Want This [-] Folder deleted: C:\Program Files (x86)\Viewpoint [-] Folder deleted: C:\Program Files (x86)\CompuClever [#] Folder deleted on reboot: C:\Program Files (x86)\DriverUpdate [-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion [-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo!\Companion [-] Folder deleted: C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd ***** [ Files ] ***** [-] File deleted: C:\Users\Marbella\Desktop\YouTube Accelerator.lnk [-] File deleted: C:\Windows\SysNative\drivers\swdumon.sys [-] File deleted: C:\Users\Public\Desktop\eBay.lnk [-] File deleted: C:\ProgramData\uninstaller.exe [#] File deleted: C:\ProgramData\Application Data\uninstaller.exe [-] File deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk [-] File deleted: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\invalidprefs.js [-] File deleted: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\searchplugins\bingp.xml [-] File deleted: C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fcfenmboojpjinhpgggodefccipikbpd_0.localstorage [-] File deleted: C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fcfenmboojpjinhpgggodefccipikbpd_0.localstorage-journal ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** [!] Shortcut not deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Help.lnk [!] Shortcut not deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Inbox.com.lnk [!] Shortcut not deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Settings.lnk ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} [-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF [-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg [-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1 [-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2 [-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1 [-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl [-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 [-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary [-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1 [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1 [-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar [-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1 [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} [-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] [-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}] [-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] [-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{46897C77-E7A6-4C33-BFFB-E9C2E2718942}] [-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] [-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] [-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}] [-] Key deleted: HKU\.DEFAULT\Software\Yahoo\Companion [-] Key deleted: HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522216\Software\Yahoo\Companion [-] Key deleted: HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531436\Software\Yahoo\Companion [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Conduit [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\dsiteproducts [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Inbox Toolbar [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\SlimWare Utilities Inc [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\speedypc software [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\wecarereminder [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Yahoo\Companion [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Yahoo\YFriendsBar [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\YahooPartnerToolbar [#] Key deleted on reboot: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\AppDataLow\Software\Crossrider [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\AppDataLow\Software\Mp3Tube [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\AppDataLow\Software\Yahoo\Companion [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1318442368-710658752-766906897-1000\Software\Yahoo\Companion [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Conduit [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\dsiteproducts [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Inbox Toolbar [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\SlimWare Utilities Inc [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\speedypc software [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\wecarereminder [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Yahoo\Companion [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Yahoo\YFriendsBar [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\YahooPartnerToolbar [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\AppDataLow\Software\Crossrider [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\AppDataLow\Software\Mp3Tube [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\AppDataLow\Software\Yahoo\Companion [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Conduit [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\dsiteproducts [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Inbox Toolbar [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\SlimWare Utilities Inc [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\speedypc software [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\wecarereminder [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Yahoo\Companion [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Yahoo\YFriendsBar [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\YahooPartnerToolbar [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\AppDataLow\Software\Crossrider [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\AppDataLow\Software\Mp3Tube [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\AppDataLow\Software\Yahoo\Companion [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages [#] Key deleted on reboot: HKU\S-1-5-18\Software\Yahoo\Companion [#] Key deleted on reboot: HKCU\Software\Conduit [#] Key deleted on reboot: HKCU\Software\dsiteproducts [#] Key deleted on reboot: HKCU\Software\Inbox Toolbar [#] Key deleted on reboot: HKCU\Software\SlimWare Utilities Inc [#] Key deleted on reboot: HKCU\Software\speedypc software [#] Key deleted on reboot: HKCU\Software\wecarereminder [#] Key deleted on reboot: HKCU\Software\Yahoo\Companion [#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar [#] Key deleted on reboot: HKCU\Software\YahooPartnerToolbar [#] Key deleted on reboot: HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Crossrider [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Mp3Tube [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion [-] Key deleted: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC. [-] Key deleted: HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B} [-] Key deleted: HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252} [-] Key deleted: HKLM\SOFTWARE\AVG Security Toolbar [-] Key deleted: HKLM\SOFTWARE\CompeteInc [-] Key deleted: HKLM\SOFTWARE\Inbox Toolbar [-] Key deleted: HKLM\SOFTWARE\MetaStream [-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc [-] Key deleted: HKLM\SOFTWARE\speedypc software [-] Key deleted: HKLM\SOFTWARE\Viewpoint [-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion [-] Key deleted: HKLM\SOFTWARE\systweak [#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites [#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1318442368-710658752-766906897-1000\Software\Yahoo\Companion [#] Key deleted on reboot: [x64] HKCU\Software\Conduit [#] Key deleted on reboot: [x64] HKCU\Software\dsiteproducts [#] Key deleted on reboot: [x64] HKCU\Software\Inbox Toolbar [#] Key deleted on reboot: [x64] HKCU\Software\SlimWare Utilities Inc [#] Key deleted on reboot: [x64] HKCU\Software\speedypc software [#] Key deleted on reboot: [x64] HKCU\Software\wecarereminder [#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\Companion [#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\YFriendsBar [#] Key deleted on reboot: [x64] HKCU\Software\YahooPartnerToolbar [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Crossrider [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Mp3Tube [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Yahoo\Companion [-] Key deleted: [x64] HKLM\SOFTWARE\SearchModule [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages [-] Data restored: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\Main [Search Bar] [-] Data restored: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Internet Explorer\Main [Search Bar] [-] Data restored: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Internet Explorer\Main [Search Bar] [-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] [-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [SearchAssistant] [-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [CustomizeSearch] [-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\SearchScopes\{55512205-CAB4-4644-8414-D4389B1F6324} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C4B41B3B-7C64-4E54-84D8-443E039042DC} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Internet Explorer\SearchScopes\{55512205-CAB4-4644-8414-D4389B1F6324} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Internet Explorer\SearchScopes\{C4B41B3B-7C64-4E54-84D8-443E039042DC} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Internet Explorer\SearchScopes\{55512205-CAB4-4644-8414-D4389B1F6324} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Internet Explorer\SearchScopes\{C4B41B3B-7C64-4E54-84D8-443E039042DC} [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{55512205-CAB4-4644-8414-D4389B1F6324} [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C4B41B3B-7C64-4E54-84D8-443E039042DC} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{01703C75-A7B5-4A8A-BE14-65262C860195} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{55512205-CAB4-4644-8414-D4389B1F6324} [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C4B41B3B-7C64-4E54-84D8-443E039042DC} [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} [-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] C:\PROGRA~3\Fast And [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\escort.DLL [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\escortApp.DLL [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\escortEng.DLL [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL [-] Key deleted: HKLM\SOFTWARE\Classes\PROTOCOLS\handler\inbox [-] Key deleted: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh [-] Key deleted: HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} [-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin [-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC} [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\protocols\handler\inbox [-] Key deleted: HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh [-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh [#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh [-] Key deleted: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh [-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [-] Key deleted: HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd [#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd ***** [ Web browsers ] ***** [-] Chrome preferences cleaned: "avg.install.extHomepage" - "hxxp://isearch.avg.com?pid=avg&sg=0&cid=%7Be98b0444-f66e-4d5e-b1b7-288909dd5639%7D&mid=2343eed3cec047d0b83ad14acce4e9e6-0ed8f22e15968ba224004fb8ab3114a5b5cd84b2&ds=ft011&coid=&cmpid=&v=18.1.0.443&lang=en&pr=sa&d=2012-07-28%2010%3A39%3A50&sap=hp" [-] Chrome preferences cleaned: "avg.install.installDirPath" - "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\18.1.0.443" [-] Chrome preferences cleaned: "avg.userPreferences.URLBarFocus.whiteList" - "bing\\.com google\\.\\w+ yahoo\\.\\w+ gmail\\.\\w+ hotmail\\.\\w+ live\\.\\w+ isearch\\.avg\\.com mysearch\\.avg\\.com" [-] Chrome preferences cleaned: "extensions.crossrider.bic" - "1398d211988ed465331b1100ef487877" [-] Chrome preferences cleaned: "extensions.funmoods.aflt" - "axl" [-] Chrome preferences cleaned: "extensions.funmoods.autoRvrt" - false [-] Chrome preferences cleaned: "extensions.funmoods.cntry" - "DE" [-] Chrome preferences cleaned: "extensions.funmoods.cv" - "cv5" [-] Chrome preferences cleaned: "extensions.funmoods.dfltLng" - "" [-] Chrome preferences cleaned: "extensions.funmoods.dfltSrch" - false [-] Chrome preferences cleaned: "extensions.funmoods.dnsErr" - true [-] Chrome preferences cleaned: "extensions.funmoods.envrmnt" - "production" [-] Chrome preferences cleaned: "extensions.funmoods.excTlbr" - false [-] Chrome preferences cleaned: "extensions.funmoods.hdrMd5" - "89307C2ED2A19BCBB7F870A65AF1D948" [-] Chrome preferences cleaned: "extensions.funmoods.hmpg" - false [-] Chrome preferences cleaned: "extensions.funmoods.hmpgUrl" - "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0D0F0C0C0AyC0ByC0FyBtBtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=950884659" [-] Chrome preferences cleaned: "extensions.funmoods.id" - "1C659DFCCA6B6F72" [-] Chrome preferences cleaned: "extensions.funmoods.instlDay" - "15549" [-] Chrome preferences cleaned: "extensions.funmoods.instlRef" - "axl" [-] Chrome preferences cleaned: "extensions.funmoods.isdcmntcmplt" - true [-] Chrome preferences cleaned: "extensions.funmoods.lastVrsnTs" - "1.5.23.2210:34:49" [-] Chrome preferences cleaned: "extensions.funmoods.mntrvrsn" - "1.3.0" [-] Chrome preferences cleaned: "extensions.funmoods.newTab" - false [-] Chrome preferences cleaned: "extensions.funmoods.newTabUrl" - "hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0D0F0C0C0AyC0ByC0FyBtBtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=950884659" [-] Chrome preferences cleaned: "extensions.funmoods.pnu_base" - "{\"newVrsn\":\"259\",\"lastVrsn\":\"259\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0\"}" [-] Chrome preferences cleaned: "extensions.funmoods.prdct" - "funmoods" [-] Chrome preferences cleaned: "extensions.funmoods.prtnrId" - "funmoods" [-] Chrome preferences cleaned: "extensions.funmoods.sg" - "none" [-] Chrome preferences cleaned: "extensions.funmoods.smplGrp" - "none" [-] Chrome preferences cleaned: "extensions.funmoods.srchPrvdr" - "Search" [-] Chrome preferences cleaned: "extensions.funmoods.tlbrId" - "base" [-] Chrome preferences cleaned: "extensions.funmoods.tlbrSrchUrl" - "hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0D0F0C0C0AyC0ByC0FyBtBtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=950884659&q=" [-] Chrome preferences cleaned: "extensions.funmoods.vrsn" - "1.5.23.22" [-] Chrome preferences cleaned: "extensions.funmoods.vrsnTs" - "1.5.23.2210:34:49" [-] Chrome preferences cleaned: "extensions.funmoods.vrsni" - "1.5.23.22" [-] Chrome preferences cleaned: "extensions.funmoods_i.newTab" - false [-] Chrome preferences cleaned: "extensions.funmoods_i.smplGrp" - "none" [-] Chrome preferences cleaned: "extensions.funmoods_i.vrsnTs" - "1.5.23.2210:34:49" [-] Chrome preferences cleaned: [-] Chrome preferences cleaned: "avg.install.installDirPath" - "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\15.5.0.2" [-] Chrome preferences cleaned: "avg.userPreferences.URLBarFocus.whiteList" - "bing\\.com google\\.\\w+ yahoo\\.\\w+ gmail\\.\\w+ hotmail\\.\\w+ live\\.\\w+ isearch\\.avg\\.com mysearch\\.avg\\.com" [-] [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search.conduit.com [-] [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: inbox.com [-] [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com [-] [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com [-] [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: trovi.search [-] [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: www-search.net [-] [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: bbjciahceamgodcoidkjpchnokgfpphh [-] [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: booedmolknjekdopkepjjeckmjkdpfgl [-] [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: fcfenmboojpjinhpgggodefccipikbpd [-] [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: flpcjncodpafbgdpnkljologafpionhb [-] [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ndibdjnfmopecpmkdieinmbadjfpblof [-] [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ojhagnahfpegocdhlopgljpaafeogmcc [-] [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default] [homepage] Deleted: hxxp://www-search.net/?s=E59wlim0,e526baa3-d7d6-4508-9117-bb75c30553a2, [-] [C:\Users\Marbella\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com [-] [C:\Users\Marbella\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com ************************* :: "Tracing" keys deleted :: Winsock settings cleared :: Proxy settings cleared :: IE policies deleted :: Chrome policies deleted ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [38889 Bytes] - [24/12/2016 14:22:43] C:\AdwCleaner\AdwCleaner[S0].txt - [40184 Bytes] - [24/12/2016 14:15:24] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [39037 Bytes] ########## AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v6.041 - Logfile created 24/12/2016 at 15:11:44 # Updated on 16/12/2016 by Malwarebytes # Database : 2016-12-23.1 [Local] # Operating System : Windows 7 Home Premium Service Pack 1 (X64) # Username : Hans - HP # Running from : C:\Users\Hans\Downloads\AdwCleaner_6.041(1).exe # Mode: Scan # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** No infected shortcut found. ***** [ Scheduled Tasks ] ***** No malicious task found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Web browsers ] ***** No malicious Firefox based browser items found. No malicious Chromium based browser items found. ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [39297 Bytes] - [24/12/2016 14:22:43] C:\AdwCleaner\AdwCleaner[S0].txt - [40184 Bytes] - [24/12/2016 14:15:24] C:\AdwCleaner\AdwCleaner[S1].txt - [1155 Bytes] - [24/12/2016 15:11:44] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1228 Bytes] ########## Vielen Dank fuer Deine Hilfe Juergen. vielen Dank nochmals Jürgen. Ich werde eine 25 Euro Spende an den Board schicken! |
25.12.2016, 11:52 | #4 |
/// TB-Ausbilder /// Anleitungs-Guru | Adware.1Clickdownload in der Registrydatei Da wird sich der Seitenbetreiber sicher freuen. Die eigentliche Anweisung war aber, dass Du die FRST-Logs in Code-Tags posten sollst. Aber egal, schauen wir jetzt nach: Schritt 1 Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Untersuchen. Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
26.12.2016, 13:08 | #5 |
| Adware.1Clickdownload in der Registrydatei Ran by Hans (administrator) on HP (26-12-2016 12:35:24) Running from C:\Users\Hans\Desktop\FRST64CODE Loaded Profiles: Hans (Available Profiles: Hans & Marbella) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe () C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\n360.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe () C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe () C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe () C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (AMD) C:\Windows\System32\atieclxx.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\n360.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe () C:\Program Files (x86)\Private Communications\PRIVATE WiFi\PrivateWiFi.exe () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe (© 2015 Microsoft Corporation) C:\Users\Hans\AppData\Local\Microsoft\BingSvc\BingSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Hewlett-Packard Co.) C:\Program Files\hp\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1300570305\ee\aolsoftware.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] () HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-12-29] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1300570305\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.) HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-08-17] (Google Inc.) HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Run: [Google Update] => C:\Users\Hans\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-18] (Google Inc.) HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google) HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Run: [BingSvc] => C:\Users\Hans\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation) HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2016-12-18] (Siber Systems) HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Policies\Explorer: [NoInstrumentation] 1 HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\MountPoints2: E - E:\Setup.exe HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\MountPoints2: F - F:\pushinst.exe HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\MountPoints2: {bd328fcb-9d1b-11e0-a5ab-9205c8b1b65b} - L:\ptcwidget.exe HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\MountPoints2: {c95a38b6-541e-11e0-9bab-00038a000015} - L:\unlock.exe autoplay=true HKU\S-1-5-21-1318442368-710658752-766906897-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2016-11-29] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect" HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> AppInit_DLLs: C:\PROGRA~3\Fast And => No File ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-03-21] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk [2015-08-02] ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\hp\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk [2016-12-26] ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk -> C:\Program Files\hp\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{0A139030-988A-4C2A-B5FD-3F4310FE5301}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{1F0712D9-332F-4E95-B24F-B1360ECDCEC0}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{28611991-9E63-4AAC-89C9-43D22A3DF324}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{299E30CD-576C-419B-93F6-8239956DA413}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{6456FE51-6AB2-4C05-9B9E-4C2402539CAB}: [DhcpNameServer] 66.174.71.33 66.174.95.44 Tcpip\..\Interfaces\{7936B5D6-90BA-4A5C-BCC1-F1E14C260FB5}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{86A2C942-097A-4DFC-A33F-7EB736A8FF7C}: [DhcpNameServer] 75.75.76.76 75.75.75.75 192.168.1.1 Tcpip\..\Interfaces\{88221D92-98E0-427C-AB1D-81121567033F}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{8DD16FC0-FFC4-4201-AE70-6240344B8421}: [DhcpNameServer] 75.75.76.76 75.75.75.75 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=N360&pvid=22.5.5.15 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=N360&pvid=22.5.5.15 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=N360&pvid=22.5.5.15 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=N360&pvid=22.5.5.15 HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=N360&pvid=22.5.5.15 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=N360&pvid=22.5.5.15 HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.com/ HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> DefaultScope value is missing SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> Comcast URL = hxxp://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> {27DEDF55-0D6D-43B1-ACE2-882D2407E616} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}&rlz=1I7ADRA_enUS445 SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> {822B8BEE-AD0F-478D-BBF2-7BE9A8C7CA4F} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation) BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-12-18] (Siber Systems Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-01] (Google Inc.) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-12-18] (Siber Systems Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-08] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-01] (Google Inc.) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-16] (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-08] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.) Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-12-18] (Siber Systems Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-01] (Google Inc.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation) Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-12-18] (Siber Systems Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-16] (Microsoft Corporation.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-01] (Google Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation) Toolbar: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-12-18] (Siber Systems Inc.) Toolbar: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-01] (Google Inc.) DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Hans\AppData\Roaming\TomTom\HOME\Profiles\0mgktzer.default [2015-08-30] FF Extension: (Emulator) - C:\Users\Hans\AppData\Roaming\TomTom\HOME\Profiles\0mgktzer.default\Extensions\Navcore.9.151.605385@tomtom.com [2011-08-20] [not signed] FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2015-08-30] [not signed] FF ProfilePath: C:\Users\Hans\AppData\Roaming\Scendix Software\Fax\Profiles\t825lh6t.default [2015-12-10] FF ProfilePath: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default [2016-12-25] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\03h04r0h.default -> Bing FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\03h04r0h.default -> Bing FF SelectedSearchEngine: Mozilla\Firefox\Profiles\03h04r0h.default -> Bing FF ProfilePath: C:\Users\Hans\AppData\Roaming\Marmiko IT-Solutions GmbH\Browser 7\Profiles\gsljnzx8.default [2015-01-25] FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-12-18] [not signed] FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-12-18] [not signed] FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-12-18] [not signed] FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-12-18] [not signed] FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2016-12-18] FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi FF Extension: (RoboForm Toolbar) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2016-12-18] FF HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-03-21] [not signed] FF HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-18] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-18] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-08] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-08] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1318442368-710658752-766906897-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Hans\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.) FF Plugin HKU\S-1-5-21-1318442368-710658752-766906897-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Hans\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.) FF Plugin HKU\S-1-5-21-1318442368-710658752-766906897-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Hans\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-24] (Unity Technologies ApS) Chrome: ======= CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908&prt=cr CHR DefaultSearchKeyword: Default -> NortonSafe CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\ppGoogleNaClPluginChrome.dll => No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\pdf.dll => No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\gcswf32.dll => No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File CHR Plugin: (RoboForm Plugin for Google Chrome/Opera/etc.) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\plugin/rf-np-plugin.dll (Siber Systems Inc.) CHR Plugin: (Skype Toolbars) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll => No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll => No File CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => No File CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Hans\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll => No File CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC) CHR Profile: C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default [2016-12-24] CHR Extension: (Google Drive) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26] CHR Extension: (Norton Home Page for Chrome) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2016-03-24] CHR Extension: (Google Docs Offline) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18] CHR Extension: (Skype) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-20] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-08-16] CHR Extension: (Norton Safe) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-09-10] CHR Extension: (Chrome Web Store Payments) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (Chrome Media Router) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-05] CHR Extension: (RoboForm Password Manager) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2016-11-13] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\Exts\Chrome.crx [2016-12-18] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-08] CHR HKU\S-1-5-21-1318442368-710658752-766906897-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Hans\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-08-15] CHR HKU\S-1-5-21-1318442368-710658752-766906897-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\Exts\Chrome.crx [2016-12-18] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-08] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-12-29] (Advanced Micro Devices, Inc.) [File not signed] R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.) R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3883544 2016-12-22] (devolo AG) R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1029648 2016-11-29] (Garmin Ltd. or its subsidiaries) R2 GsServer; C:\Program Files\Siber Systems\GoodSync\gs-server.exe [8274576 2014-10-31] () R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.) R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes) R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\N360.exe [289080 2016-11-12] (Symantec Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4369680 2016-01-22] (Symantec Corporation) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288256 2010-11-08] (WDC) [File not signed] R2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1060352 2010-11-08] () [File not signed] R2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [485376 2010-11-08] () [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WLANBelkinService; C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe [36864 2009-12-28] () [File not signed] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-04-29] (AVG Technologies) S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2013-12-17] (AVM Berlin) R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20161220.001\BHDrvx64.sys [1874136 2016-12-13] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1608010.00E\ccSetx64.sys [174328 2016-06-02] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-12-14] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-12-14] (Symantec Corporation) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] () S3 fwlanusb6; C:\Windows\System32\DRIVERS\fwlanusb6.sys [1327744 2014-03-27] (AVM GmbH) R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20161223.002\IDSvia64.sys [1038032 2016-12-13] (Symantec Corporation) R0 MBAMChameleon; C:\Windows\System32\drivers\MBAMChameleon.sys [176064 2016-12-21] (Malwarebytes) R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2016-12-26] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2016-12-26] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2016-12-26] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2016-12-26] (Malwarebytes) S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [File not signed] S3 NPF; C:\Windows\System32\drivers\NPF.sys [40464 2007-11-07] (CACE Technologies) R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [36496 2016-12-22] (Riverbed Technology, Inc.) R3 pwftap; C:\Windows\System32\DRIVERS\pwftap.sys [36736 2013-09-02] (The OpenVPN Project) S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2013-02-07] (Realtek Corporation) R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1608010.00E\SRTSP64.SYS [784624 2016-11-12] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1608010.00E\SRTSPX64.SYS [49400 2016-11-12] (Symantec Corporation) R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1608010.00E\SYMEFASI64.SYS [1628888 2016-11-12] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-12-18] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1608010.00E\Ironx64.SYS [289520 2016-11-12] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1608010.00E\SYMNETS.SYS [567512 2016-11-12] (Symantec Corporation) S3 NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\SDSDefs\20161214.002\ENG64.SYS [X] S3 NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\SDSDefs\20161214.002\EX64.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-24 17:43 - 2016-12-22 11:06 - 00295936 _____ (Riverbed Technology, Inc.) C:\Windows\SysWOW64\devolopcap.dll 2016-12-24 17:43 - 2016-12-22 11:06 - 00078336 _____ (Riverbed Technology, Inc.) C:\Windows\SysWOW64\devolopacket.dll 2016-12-24 17:43 - 2016-12-22 11:06 - 00036496 _____ (Riverbed Technology, Inc.) C:\Windows\SysWOW64\Drivers\npf_devolo.sys 2016-12-24 15:05 - 2016-12-24 15:05 - 03977168 _____ C:\Users\Hans\Downloads\AdwCleaner_6.041(1).exe 2016-12-24 14:49 - 2016-12-24 14:49 - 00017499 _____ C:\Users\Hans\Desktop\AdwCleaner_6.041(2).exe 2016-12-24 14:33 - 2016-12-24 14:33 - 00039297 _____ C:\Users\Hans\Desktop\AdwCleaner[C0].txt 2016-12-24 14:08 - 2016-12-24 15:21 - 00000000 ____D C:\AdwCleaner 2016-12-24 14:06 - 2016-12-24 14:06 - 03977168 _____ C:\Users\Hans\Downloads\AdwCleaner_6.041.exe 2016-12-24 13:58 - 2016-12-24 13:58 - 00000283 _____ C:\Users\Hans\Desktop\AdwCleaner_6.041.exe.URL 2016-12-23 15:24 - 2016-12-23 15:10 - 00091249 _____ C:\Users\Hans\Documents\FRST.txt 2016-12-23 15:24 - 2016-12-23 15:10 - 00091249 _____ C:\Users\Hans\Desktop\FRST - Copy.txt 2016-12-23 15:13 - 2016-12-26 12:35 - 00000000 ____D C:\Users\Hans\Desktop\FRST64CODE 2016-12-23 14:34 - 2016-12-26 12:35 - 00000000 ____D C:\FRST 2016-12-23 14:34 - 2016-12-23 15:10 - 00091249 _____ C:\Users\Hans\Desktop\FRST.txt 2016-12-23 14:30 - 2016-10-26 16:29 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2016-12-22 18:49 - 2016-12-22 18:57 - 00002704 _____ C:\Users\Hans\Desktop\Rkill.txt 2016-12-22 18:47 - 2016-12-22 18:48 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Hans\Downloads\rkill.exe 2016-12-21 22:53 - 2016-12-21 22:53 - 54199488 _____ (Malwarebytes ) C:\Users\Hans\Downloads\mb3-setup-cb.NT-3.0.5.1299.exe 2016-12-21 21:34 - 2016-12-21 21:35 - 00001038 _____ C:\Users\Marbella\Desktop\AOL Saved Files.lnk 2016-12-21 21:34 - 2016-12-21 21:35 - 00001038 _____ C:\Users\Hans\Desktop\AOL Saved Files.lnk 2016-12-21 21:34 - 2016-12-21 21:35 - 00000010 _____ C:\Windows\msoffice.ini 2016-12-21 21:34 - 2016-12-21 21:35 - 00000000 ____D C:\Users\Hans\Desktop\AOL Saved PFC 2016-12-21 18:10 - 2016-12-21 18:10 - 00001053 _____ C:\Users\Hans\Desktop\MALWARE REPORT 21122016.txt 2016-12-21 15:05 - 2016-12-26 12:22 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2016-12-21 15:05 - 2016-12-26 12:22 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2016-12-21 15:05 - 2016-12-26 12:22 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-12-21 15:05 - 2016-12-21 15:05 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2016-12-21 15:04 - 2016-12-26 12:21 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-12-21 15:04 - 2016-12-23 10:59 - 00001877 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2016-12-21 15:04 - 2016-12-23 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2016-12-21 15:04 - 2016-12-21 15:04 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-12-21 15:04 - 2016-12-21 15:04 - 00000000 ____D C:\Program Files\Malwarebytes 2016-12-21 15:04 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys 2016-12-21 14:59 - 2016-12-21 14:59 - 54199488 _____ (Malwarebytes ) C:\Users\Hans\Downloads\mb3-setup-consumer-3.0.5.1299.exe 2016-12-18 16:23 - 2016-12-18 16:23 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk 2016-12-18 16:23 - 2016-12-18 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2016-12-18 16:20 - 2016-12-18 16:20 - 00000000 ____D C:\Program Files\iPod 2016-12-18 15:15 - 2016-12-18 15:15 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360 2016-12-18 15:09 - 2016-12-18 15:09 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration 2016-12-18 13:11 - 2016-12-22 13:11 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForHans 2016-12-18 13:11 - 2016-12-22 13:11 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForHans.job 2016-12-18 12:13 - 2016-12-18 15:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-12-14 20:56 - 2016-12-18 15:09 - 00002108 _____ C:\Users\Public\Desktop\Norton 360.lnk 2016-12-14 20:08 - 2016-12-23 10:59 - 00572736 _____ C:\Windows\ntbtlog.txt 2016-12-14 18:58 - 2016-12-18 15:09 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 2016-12-11 18:21 - 2016-12-11 18:21 - 00033593 _____ C:\Users\Hans\Downloads\SKM_554e16120814300.pdf 2016-12-11 18:19 - 2016-12-11 18:19 - 00681846 _____ C:\Users\Hans\Downloads\Iban Mama Konto.pdf 2016-12-11 18:19 - 2016-12-11 18:19 - 00681846 _____ C:\Users\Hans\Downloads\Iban Mama Konto(1).pdf 2016-12-11 18:08 - 2016-12-11 18:08 - 00071409 _____ C:\Users\Hans\Downloads\82467005_2016_Nr.011_Kontoauszug_vom_30.11.2016_20161211060841.pdf 2016-12-11 15:14 - 2016-12-18 11:51 - 00100592 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 2016-12-11 15:14 - 2016-12-18 11:51 - 00008319 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT 2016-12-11 15:14 - 2016-12-11 15:14 - 00000000 ____D C:\Program Files (x86)\Norton 360 2016-12-10 15:43 - 2016-12-10 15:43 - 00084162 _____ C:\Users\Hans\Downloads\19.pdf 2016-12-10 15:43 - 2016-12-10 15:43 - 00084162 _____ C:\Users\Hans\Downloads\19 (1).pdf 2016-12-10 15:11 - 2016-12-26 12:25 - 00000000 ____D C:\ProgramData\boost_interprocess 2016-12-10 15:10 - 2016-12-10 15:10 - 00002099 _____ C:\Users\Public\Desktop\Norton Online Backup.lnk 2016-12-10 15:10 - 2016-12-10 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online Backup 2016-12-10 15:10 - 2016-12-10 15:10 - 00000000 ____D C:\Program Files (x86)\Symantec 2016-12-10 15:08 - 2016-12-10 15:08 - 12590864 _____ (Symantec Corporation) C:\Users\Hans\Downloads\NortonOnlineBackup.exe 2016-12-10 14:51 - 2016-12-10 14:51 - 00900344 _____ C:\Users\Hans\Desktop\Norton_Removal_Tool.exe 2016-12-10 14:49 - 2016-12-10 14:49 - 00860112 _____ (Igor Pavlov) C:\Users\Hans\Desktop\NortonMountPointRepairExtractor.exe 2016-12-05 22:39 - 2016-12-05 22:39 - 02103882 _____ C:\Users\Hans\Downloads\Instructions_on_setting_up_auto_epay.pdf 2016-12-04 18:13 - 2016-12-04 18:13 - 01615493 _____ C:\Users\Hans\Downloads\JotNot_12-03-2016.pdf 2016-12-04 14:38 - 2016-12-04 14:38 - 00361536 _____ C:\Users\Hans\Downloads\kopierer@uni.trier.de_20160825_105307(1).pdf 2016-12-02 17:45 - 2016-12-02 17:45 - 01136903 _____ C:\Users\Hans\Downloads\lika1478120034(1) (1).pdf 2016-12-02 16:05 - 2016-12-02 16:05 - 00001771 _____ C:\Users\Public\Desktop\Garmin Express.lnk 2016-11-27 16:46 - 2016-11-27 16:46 - 00543669 _____ C:\Users\Hans\Downloads\Maria Sozialversicherung - 6 Jan 2015 - 15-49.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-26 12:33 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing 2016-12-26 12:32 - 2009-07-14 05:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-12-26 12:32 - 2009-07-14 05:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-12-26 12:28 - 2009-07-14 06:13 - 00006230 _____ C:\Windows\system32\PerfStringBackup.INI 2016-12-26 12:24 - 2015-08-15 18:15 - 00000000 ___RD C:\Users\Hans\Google Drive 2016-12-26 12:21 - 2013-06-08 16:26 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job 2016-12-26 12:21 - 2013-05-31 19:22 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2016-12-26 12:20 - 2013-02-02 22:36 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2016-12-26 12:19 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-12-26 12:19 - 2009-07-14 05:45 - 00355656 _____ C:\Windows\system32\FNTCACHE.DAT 2016-12-26 03:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\Dism 2016-12-26 03:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\Dism 2016-12-26 03:17 - 2012-07-26 23:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-12-25 19:03 - 2011-02-15 03:38 - 00000000 ____D C:\ProgramData\PDFC 2016-12-25 15:37 - 2016-11-22 20:03 - 00000000 ____D C:\Users\Hans\AppData\LocalLow\Mozilla 2016-12-25 15:03 - 2011-04-17 01:02 - 00000000 ____D C:\Users\Hans\AppData\Local\CrashDumps 2016-12-24 17:46 - 2016-02-17 09:53 - 00000000 ____D C:\Program Files (x86)\devolo 2016-12-24 14:15 - 2011-04-22 16:07 - 00000000 ____D C:\Users\Hans\AppData\LocalLow\Yahoo! 2016-12-24 14:02 - 2014-03-15 23:48 - 00000000 ____D C:\Users\Hans\Documents\Snipping Tool 2016-12-24 14:00 - 2015-07-31 10:07 - 00000000 ____D C:\Windows\System32\Tasks\Remediation 2016-12-22 18:36 - 2015-03-08 09:55 - 00000000 ____D C:\Users\Hans\Downloads\PL2303_Prolific_DriverInstaller_v1_10_0_20140925 2016-12-22 18:15 - 2014-04-08 00:52 - 00000000 ____D C:\Users\Hans\AppData\Local\TB 2016-12-22 16:04 - 2014-11-06 00:43 - 00000000 ____D C:\Program Files\Wondershare 2016-12-21 21:55 - 2011-03-19 22:25 - 00000000 ____D C:\ProgramData\AOL Downloads 2016-12-21 21:36 - 2011-03-19 22:32 - 00000000 ____D C:\Users\Hans\AppData\Local\AOL 2016-12-21 21:35 - 2014-09-27 18:03 - 00000000 ____D C:\Users\Public\Documents\AOL Downloads 2016-12-21 21:35 - 2011-03-19 22:34 - 00000000 ____D C:\Users\Hans\AppData\Roaming\AOL 2016-12-21 21:35 - 2011-03-19 22:31 - 00000000 ____D C:\ProgramData\AOL 2016-12-18 16:23 - 2014-03-15 15:35 - 00000000 ____D C:\Program Files\iTunes 2016-12-18 16:20 - 2011-04-17 01:09 - 00000000 ____D C:\Program Files\Common Files\Apple 2016-12-18 15:09 - 2015-05-09 15:53 - 00000000 ____D C:\Windows\system32\Drivers\N360x64 2016-12-18 15:05 - 2016-10-15 09:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-12-18 13:18 - 2012-07-26 23:29 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-12-18 13:18 - 2012-04-09 23:04 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-12-18 13:18 - 2011-05-14 22:11 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-12-18 13:17 - 2011-10-23 02:51 - 00000000 ____D C:\Windows\system32\Macromed 2016-12-18 13:17 - 2011-02-15 03:15 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-12-18 11:59 - 2016-04-09 14:26 - 00004130 _____ C:\Windows\System32\Tasks\Open URL by RoboForm 2016-12-18 11:59 - 2012-06-15 21:37 - 00003478 _____ C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon 2016-12-18 11:59 - 2011-10-17 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm 2016-12-18 11:59 - 2011-08-23 02:47 - 00002070 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-12-18 11:59 - 2011-08-23 02:47 - 00002058 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-12-18 11:51 - 2015-08-15 18:13 - 00001929 _____ C:\Users\Public\Desktop\Google Slides.lnk 2016-12-18 11:51 - 2015-08-15 18:13 - 00001927 _____ C:\Users\Public\Desktop\Google Sheets.lnk 2016-12-18 11:51 - 2015-08-15 18:13 - 00001917 _____ C:\Users\Public\Desktop\Google Docs.lnk 2016-12-18 11:51 - 2015-08-15 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2016-12-18 11:38 - 2015-08-15 17:35 - 00003502 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1318442368-710658752-766906897-1000UA 2016-12-18 11:38 - 2015-08-15 17:35 - 00003230 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1318442368-710658752-766906897-1000Core 2016-12-18 11:38 - 2011-08-17 23:29 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-12-18 11:38 - 2011-08-17 23:29 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-12-18 11:27 - 2009-07-14 06:08 - 00032612 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-12-14 20:42 - 2011-09-04 17:52 - 00000000 ____D C:\Users\Hans\AppData\Local\NPE 2016-12-14 20:28 - 2015-12-22 13:03 - 00000000 ____D C:\NPE 2016-12-12 21:48 - 2011-02-15 03:52 - 00000000 ____D C:\ProgramData\Norton 2016-12-12 21:47 - 2015-05-09 15:55 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared 2016-12-11 17:28 - 2011-02-15 03:51 - 00000000 ____D C:\Program Files (x86)\NortonInstaller 2016-12-10 16:41 - 2011-08-17 23:29 - 00000000 ____D C:\Users\Hans\AppData\Local\Google 2016-12-10 10:40 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2016-12-04 22:57 - 2011-03-20 20:41 - 00000000 ____D C:\Users\Hans\AppData\Roaming\Skype 2016-12-04 18:14 - 2012-10-03 23:52 - 00000000 ____D C:\Users\Hans\Documents\Marbella 2016-12-02 17:17 - 2011-04-23 15:43 - 00000000 ____D C:\Users\Hans\Documents\My Scans 2016-12-02 16:07 - 2015-07-26 18:07 - 00000000 ____D C:\ProgramData\Package Cache 2016-12-02 16:06 - 2015-07-26 18:14 - 00000000 ____D C:\Program Files (x86)\Garmin 2016-12-02 16:05 - 2016-09-25 12:21 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask 2016-12-02 16:05 - 2016-04-29 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2016-11-28 19:38 - 2011-03-20 20:40 - 00000000 ____D C:\ProgramData\Skype 2016-11-28 19:37 - 2011-03-20 20:40 - 00000000 ___RD C:\Program Files (x86)\Skype ==================== Files in the root of some directories ======= 2011-06-19 20:08 - 2011-06-19 20:08 - 0001854 _____ () C:\Users\Hans\AppData\Roaming\GhostObjGAFix.xml 2014-01-12 01:44 - 2014-01-12 01:45 - 55694664 _____ (Igor Pavlov) C:\Users\Hans\AppData\Roaming\SUPRAUpdatePaket.exe 2014-01-27 00:16 - 2014-01-28 16:20 - 0000139 _____ () C:\Users\Hans\AppData\Roaming\WB.CFG 2014-01-27 00:16 - 2014-01-28 16:20 - 0000005 _____ () C:\Users\Hans\AppData\Roaming\WBPU-TTL.DAT 2011-03-25 23:20 - 2014-11-01 17:01 - 0001370 _____ () C:\Users\Hans\AppData\Roaming\wklnhst.dat 2012-01-08 18:37 - 2015-08-19 17:43 - 0007598 _____ () C:\Users\Hans\AppData\Local\Resmon.ResmonCfg 2015-03-07 15:09 - 2015-03-07 15:09 - 0000057 _____ () C:\ProgramData\Ament.ini 2011-03-20 20:42 - 2011-03-20 20:42 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2011-03-19 23:18 - 2012-09-15 20:23 - 0004971 _____ () C:\ProgramData\hpzinstall.log Some files in TEMP: ==================== C:\Users\Hans\AppData\Local\Temp\RoboForm-Setup.exe C:\Users\Hans\AppData\Local\Temp\uninst.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-09-29 03:22 Ran by Hans (administrator) on HP (26-12-2016 12:35:24) Running from C:\Users\Hans\Desktop\FRST64CODE Loaded Profiles: Hans (Available Profiles: Hans & Marbella) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe () C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\n360.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe () C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe () C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe () C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (AMD) C:\Windows\System32\atieclxx.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\n360.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe () C:\Program Files (x86)\Private Communications\PRIVATE WiFi\PrivateWiFi.exe () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe (© 2015 Microsoft Corporation) C:\Users\Hans\AppData\Local\Microsoft\BingSvc\BingSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Hewlett-Packard Co.) C:\Program Files\hp\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1300570305\ee\aolsoftware.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] () HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-12-29] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1300570305\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.) HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-08-17] (Google Inc.) HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Run: [Google Update] => C:\Users\Hans\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-18] (Google Inc.) HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google) HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Run: [BingSvc] => C:\Users\Hans\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation) HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2016-12-18] (Siber Systems) HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Policies\Explorer: [NoInstrumentation] 1 HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\MountPoints2: E - E:\Setup.exe HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\MountPoints2: F - F:\pushinst.exe HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\MountPoints2: {bd328fcb-9d1b-11e0-a5ab-9205c8b1b65b} - L:\ptcwidget.exe HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\MountPoints2: {c95a38b6-541e-11e0-9bab-00038a000015} - L:\unlock.exe autoplay=true HKU\S-1-5-21-1318442368-710658752-766906897-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2016-11-29] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect" HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> AppInit_DLLs: C:\PROGRA~3\Fast And => No File ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-03-21] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk [2015-08-02] ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\hp\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk [2016-12-26] ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk -> C:\Program Files\hp\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{0A139030-988A-4C2A-B5FD-3F4310FE5301}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{1F0712D9-332F-4E95-B24F-B1360ECDCEC0}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{28611991-9E63-4AAC-89C9-43D22A3DF324}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{299E30CD-576C-419B-93F6-8239956DA413}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{6456FE51-6AB2-4C05-9B9E-4C2402539CAB}: [DhcpNameServer] 66.174.71.33 66.174.95.44 Tcpip\..\Interfaces\{7936B5D6-90BA-4A5C-BCC1-F1E14C260FB5}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{86A2C942-097A-4DFC-A33F-7EB736A8FF7C}: [DhcpNameServer] 75.75.76.76 75.75.75.75 192.168.1.1 Tcpip\..\Interfaces\{88221D92-98E0-427C-AB1D-81121567033F}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{8DD16FC0-FFC4-4201-AE70-6240344B8421}: [DhcpNameServer] 75.75.76.76 75.75.75.75 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=N360&pvid=22.5.5.15 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=N360&pvid=22.5.5.15 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=N360&pvid=22.5.5.15 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=N360&pvid=22.5.5.15 HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=N360&pvid=22.5.5.15 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=N360&pvid=22.5.5.15 HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.com/ HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> DefaultScope value is missing SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> Comcast URL = hxxp://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> {27DEDF55-0D6D-43B1-ACE2-882D2407E616} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}&rlz=1I7ADRA_enUS445 SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> {822B8BEE-AD0F-478D-BBF2-7BE9A8C7CA4F} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation) BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-12-18] (Siber Systems Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-01] (Google Inc.) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-12-18] (Siber Systems Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-08] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-01] (Google Inc.) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-16] (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-08] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.) Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-12-18] (Siber Systems Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-01] (Google Inc.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation) Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-12-18] (Siber Systems Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-16] (Microsoft Corporation.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-01] (Google Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation) Toolbar: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-12-18] (Siber Systems Inc.) Toolbar: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-01] (Google Inc.) DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Hans\AppData\Roaming\TomTom\HOME\Profiles\0mgktzer.default [2015-08-30] FF Extension: (Emulator) - C:\Users\Hans\AppData\Roaming\TomTom\HOME\Profiles\0mgktzer.default\Extensions\Navcore.9.151.605385@tomtom.com [2011-08-20] [not signed] FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2015-08-30] [not signed] FF ProfilePath: C:\Users\Hans\AppData\Roaming\Scendix Software\Fax\Profiles\t825lh6t.default [2015-12-10] FF ProfilePath: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default [2016-12-25] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\03h04r0h.default -> Bing FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\03h04r0h.default -> Bing FF SelectedSearchEngine: Mozilla\Firefox\Profiles\03h04r0h.default -> Bing FF ProfilePath: C:\Users\Hans\AppData\Roaming\Marmiko IT-Solutions GmbH\Browser 7\Profiles\gsljnzx8.default [2015-01-25] FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-12-18] [not signed] FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-12-18] [not signed] FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-12-18] [not signed] FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-12-18] [not signed] FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2016-12-18] FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi FF Extension: (RoboForm Toolbar) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2016-12-18] FF HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-03-21] [not signed] FF HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-18] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-18] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-08] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-08] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1318442368-710658752-766906897-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Hans\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.) FF Plugin HKU\S-1-5-21-1318442368-710658752-766906897-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Hans\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.) FF Plugin HKU\S-1-5-21-1318442368-710658752-766906897-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Hans\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-24] (Unity Technologies ApS) Chrome: ======= CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908&prt=cr CHR DefaultSearchKeyword: Default -> NortonSafe CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\ppGoogleNaClPluginChrome.dll => No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\pdf.dll => No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\gcswf32.dll => No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File CHR Plugin: (RoboForm Plugin for Google Chrome/Opera/etc.) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\plugin/rf-np-plugin.dll (Siber Systems Inc.) CHR Plugin: (Skype Toolbars) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll => No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll => No File CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => No File CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Hans\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll => No File CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC) CHR Profile: C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default [2016-12-24] CHR Extension: (Google Drive) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26] CHR Extension: (Norton Home Page for Chrome) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2016-03-24] CHR Extension: (Google Docs Offline) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18] CHR Extension: (Skype) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-20] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-08-16] CHR Extension: (Norton Safe) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-09-10] CHR Extension: (Chrome Web Store Payments) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (Chrome Media Router) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-05] CHR Extension: (RoboForm Password Manager) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2016-11-13] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\Exts\Chrome.crx [2016-12-18] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-08] CHR HKU\S-1-5-21-1318442368-710658752-766906897-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Hans\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-08-15] CHR HKU\S-1-5-21-1318442368-710658752-766906897-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\Exts\Chrome.crx [2016-12-18] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-08] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-12-29] (Advanced Micro Devices, Inc.) [File not signed] R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.) R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3883544 2016-12-22] (devolo AG) R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1029648 2016-11-29] (Garmin Ltd. or its subsidiaries) R2 GsServer; C:\Program Files\Siber Systems\GoodSync\gs-server.exe [8274576 2014-10-31] () R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.) R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes) R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\N360.exe [289080 2016-11-12] (Symantec Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4369680 2016-01-22] (Symantec Corporation) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288256 2010-11-08] (WDC) [File not signed] R2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1060352 2010-11-08] () [File not signed] R2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [485376 2010-11-08] () [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WLANBelkinService; C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe [36864 2009-12-28] () [File not signed] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-04-29] (AVG Technologies) S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2013-12-17] (AVM Berlin) R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20161220.001\BHDrvx64.sys [1874136 2016-12-13] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1608010.00E\ccSetx64.sys [174328 2016-06-02] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-12-14] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-12-14] (Symantec Corporation) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] () S3 fwlanusb6; C:\Windows\System32\DRIVERS\fwlanusb6.sys [1327744 2014-03-27] (AVM GmbH) R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20161223.002\IDSvia64.sys [1038032 2016-12-13] (Symantec Corporation) R0 MBAMChameleon; C:\Windows\System32\drivers\MBAMChameleon.sys [176064 2016-12-21] (Malwarebytes) R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2016-12-26] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2016-12-26] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2016-12-26] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2016-12-26] (Malwarebytes) S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [File not signed] S3 NPF; C:\Windows\System32\drivers\NPF.sys [40464 2007-11-07] (CACE Technologies) R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [36496 2016-12-22] (Riverbed Technology, Inc.) R3 pwftap; C:\Windows\System32\DRIVERS\pwftap.sys [36736 2013-09-02] (The OpenVPN Project) S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2013-02-07] (Realtek Corporation) R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1608010.00E\SRTSP64.SYS [784624 2016-11-12] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1608010.00E\SRTSPX64.SYS [49400 2016-11-12] (Symantec Corporation) R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1608010.00E\SYMEFASI64.SYS [1628888 2016-11-12] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-12-18] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1608010.00E\Ironx64.SYS [289520 2016-11-12] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1608010.00E\SYMNETS.SYS [567512 2016-11-12] (Symantec Corporation) S3 NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\SDSDefs\20161214.002\ENG64.SYS [X] S3 NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\SDSDefs\20161214.002\EX64.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-24 17:43 - 2016-12-22 11:06 - 00295936 _____ (Riverbed Technology, Inc.) C:\Windows\SysWOW64\devolopcap.dll 2016-12-24 17:43 - 2016-12-22 11:06 - 00078336 _____ (Riverbed Technology, Inc.) C:\Windows\SysWOW64\devolopacket.dll 2016-12-24 17:43 - 2016-12-22 11:06 - 00036496 _____ (Riverbed Technology, Inc.) C:\Windows\SysWOW64\Drivers\npf_devolo.sys 2016-12-24 15:05 - 2016-12-24 15:05 - 03977168 _____ C:\Users\Hans\Downloads\AdwCleaner_6.041(1).exe 2016-12-24 14:49 - 2016-12-24 14:49 - 00017499 _____ C:\Users\Hans\Desktop\AdwCleaner_6.041(2).exe 2016-12-24 14:33 - 2016-12-24 14:33 - 00039297 _____ C:\Users\Hans\Desktop\AdwCleaner[C0].txt 2016-12-24 14:08 - 2016-12-24 15:21 - 00000000 ____D C:\AdwCleaner 2016-12-24 14:06 - 2016-12-24 14:06 - 03977168 _____ C:\Users\Hans\Downloads\AdwCleaner_6.041.exe 2016-12-24 13:58 - 2016-12-24 13:58 - 00000283 _____ C:\Users\Hans\Desktop\AdwCleaner_6.041.exe.URL 2016-12-23 15:24 - 2016-12-23 15:10 - 00091249 _____ C:\Users\Hans\Documents\FRST.txt 2016-12-23 15:24 - 2016-12-23 15:10 - 00091249 _____ C:\Users\Hans\Desktop\FRST - Copy.txt 2016-12-23 15:13 - 2016-12-26 12:35 - 00000000 ____D C:\Users\Hans\Desktop\FRST64CODE 2016-12-23 14:34 - 2016-12-26 12:35 - 00000000 ____D C:\FRST 2016-12-23 14:34 - 2016-12-23 15:10 - 00091249 _____ C:\Users\Hans\Desktop\FRST.txt 2016-12-23 14:30 - 2016-10-26 16:29 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2016-12-22 18:49 - 2016-12-22 18:57 - 00002704 _____ C:\Users\Hans\Desktop\Rkill.txt 2016-12-22 18:47 - 2016-12-22 18:48 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Hans\Downloads\rkill.exe 2016-12-21 22:53 - 2016-12-21 22:53 - 54199488 _____ (Malwarebytes ) C:\Users\Hans\Downloads\mb3-setup-cb.NT-3.0.5.1299.exe 2016-12-21 21:34 - 2016-12-21 21:35 - 00001038 _____ C:\Users\Marbella\Desktop\AOL Saved Files.lnk 2016-12-21 21:34 - 2016-12-21 21:35 - 00001038 _____ C:\Users\Hans\Desktop\AOL Saved Files.lnk 2016-12-21 21:34 - 2016-12-21 21:35 - 00000010 _____ C:\Windows\msoffice.ini 2016-12-21 21:34 - 2016-12-21 21:35 - 00000000 ____D C:\Users\Hans\Desktop\AOL Saved PFC 2016-12-21 18:10 - 2016-12-21 18:10 - 00001053 _____ C:\Users\Hans\Desktop\MALWARE REPORT 21122016.txt 2016-12-21 15:05 - 2016-12-26 12:22 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2016-12-21 15:05 - 2016-12-26 12:22 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2016-12-21 15:05 - 2016-12-26 12:22 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-12-21 15:05 - 2016-12-21 15:05 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2016-12-21 15:04 - 2016-12-26 12:21 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-12-21 15:04 - 2016-12-23 10:59 - 00001877 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2016-12-21 15:04 - 2016-12-23 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2016-12-21 15:04 - 2016-12-21 15:04 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-12-21 15:04 - 2016-12-21 15:04 - 00000000 ____D C:\Program Files\Malwarebytes 2016-12-21 15:04 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys 2016-12-21 14:59 - 2016-12-21 14:59 - 54199488 _____ (Malwarebytes ) C:\Users\Hans\Downloads\mb3-setup-consumer-3.0.5.1299.exe 2016-12-18 16:23 - 2016-12-18 16:23 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk 2016-12-18 16:23 - 2016-12-18 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2016-12-18 16:20 - 2016-12-18 16:20 - 00000000 ____D C:\Program Files\iPod 2016-12-18 15:15 - 2016-12-18 15:15 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360 2016-12-18 15:09 - 2016-12-18 15:09 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration 2016-12-18 13:11 - 2016-12-22 13:11 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForHans 2016-12-18 13:11 - 2016-12-22 13:11 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForHans.job 2016-12-18 12:13 - 2016-12-18 15:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-12-14 20:56 - 2016-12-18 15:09 - 00002108 _____ C:\Users\Public\Desktop\Norton 360.lnk 2016-12-14 20:08 - 2016-12-23 10:59 - 00572736 _____ C:\Windows\ntbtlog.txt 2016-12-14 18:58 - 2016-12-18 15:09 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 2016-12-11 18:21 - 2016-12-11 18:21 - 00033593 _____ C:\Users\Hans\Downloads\SKM_554e16120814300.pdf 2016-12-11 18:19 - 2016-12-11 18:19 - 00681846 _____ C:\Users\Hans\Downloads\Iban Mama Konto.pdf 2016-12-11 18:19 - 2016-12-11 18:19 - 00681846 _____ C:\Users\Hans\Downloads\Iban Mama Konto(1).pdf 2016-12-11 18:08 - 2016-12-11 18:08 - 00071409 _____ C:\Users\Hans\Downloads\82467005_2016_Nr.011_Kontoauszug_vom_30.11.2016_20161211060841.pdf 2016-12-11 15:14 - 2016-12-18 11:51 - 00100592 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 2016-12-11 15:14 - 2016-12-18 11:51 - 00008319 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT 2016-12-11 15:14 - 2016-12-11 15:14 - 00000000 ____D C:\Program Files (x86)\Norton 360 2016-12-10 15:43 - 2016-12-10 15:43 - 00084162 _____ C:\Users\Hans\Downloads\19.pdf 2016-12-10 15:43 - 2016-12-10 15:43 - 00084162 _____ C:\Users\Hans\Downloads\19 (1).pdf 2016-12-10 15:11 - 2016-12-26 12:25 - 00000000 ____D C:\ProgramData\boost_interprocess 2016-12-10 15:10 - 2016-12-10 15:10 - 00002099 _____ C:\Users\Public\Desktop\Norton Online Backup.lnk 2016-12-10 15:10 - 2016-12-10 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online Backup 2016-12-10 15:10 - 2016-12-10 15:10 - 00000000 ____D C:\Program Files (x86)\Symantec 2016-12-10 15:08 - 2016-12-10 15:08 - 12590864 _____ (Symantec Corporation) C:\Users\Hans\Downloads\NortonOnlineBackup.exe 2016-12-10 14:51 - 2016-12-10 14:51 - 00900344 _____ C:\Users\Hans\Desktop\Norton_Removal_Tool.exe 2016-12-10 14:49 - 2016-12-10 14:49 - 00860112 _____ (Igor Pavlov) C:\Users\Hans\Desktop\NortonMountPointRepairExtractor.exe 2016-12-05 22:39 - 2016-12-05 22:39 - 02103882 _____ C:\Users\Hans\Downloads\Instructions_on_setting_up_auto_epay.pdf 2016-12-04 18:13 - 2016-12-04 18:13 - 01615493 _____ C:\Users\Hans\Downloads\JotNot_12-03-2016.pdf 2016-12-04 14:38 - 2016-12-04 14:38 - 00361536 _____ C:\Users\Hans\Downloads\kopierer@uni.trier.de_20160825_105307(1).pdf 2016-12-02 17:45 - 2016-12-02 17:45 - 01136903 _____ C:\Users\Hans\Downloads\lika1478120034(1) (1).pdf 2016-12-02 16:05 - 2016-12-02 16:05 - 00001771 _____ C:\Users\Public\Desktop\Garmin Express.lnk 2016-11-27 16:46 - 2016-11-27 16:46 - 00543669 _____ C:\Users\Hans\Downloads\Maria Sozialversicherung - 6 Jan 2015 - 15-49.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-26 12:33 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing 2016-12-26 12:32 - 2009-07-14 05:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-12-26 12:32 - 2009-07-14 05:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-12-26 12:28 - 2009-07-14 06:13 - 00006230 _____ C:\Windows\system32\PerfStringBackup.INI 2016-12-26 12:24 - 2015-08-15 18:15 - 00000000 ___RD C:\Users\Hans\Google Drive 2016-12-26 12:21 - 2013-06-08 16:26 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job 2016-12-26 12:21 - 2013-05-31 19:22 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2016-12-26 12:20 - 2013-02-02 22:36 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2016-12-26 12:19 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-12-26 12:19 - 2009-07-14 05:45 - 00355656 _____ C:\Windows\system32\FNTCACHE.DAT 2016-12-26 03:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\Dism 2016-12-26 03:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\Dism 2016-12-26 03:17 - 2012-07-26 23:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-12-25 19:03 - 2011-02-15 03:38 - 00000000 ____D C:\ProgramData\PDFC 2016-12-25 15:37 - 2016-11-22 20:03 - 00000000 ____D C:\Users\Hans\AppData\LocalLow\Mozilla 2016-12-25 15:03 - 2011-04-17 01:02 - 00000000 ____D C:\Users\Hans\AppData\Local\CrashDumps 2016-12-24 17:46 - 2016-02-17 09:53 - 00000000 ____D C:\Program Files (x86)\devolo 2016-12-24 14:15 - 2011-04-22 16:07 - 00000000 ____D C:\Users\Hans\AppData\LocalLow\Yahoo! 2016-12-24 14:02 - 2014-03-15 23:48 - 00000000 ____D C:\Users\Hans\Documents\Snipping Tool 2016-12-24 14:00 - 2015-07-31 10:07 - 00000000 ____D C:\Windows\System32\Tasks\Remediation 2016-12-22 18:36 - 2015-03-08 09:55 - 00000000 ____D C:\Users\Hans\Downloads\PL2303_Prolific_DriverInstaller_v1_10_0_20140925 2016-12-22 18:15 - 2014-04-08 00:52 - 00000000 ____D C:\Users\Hans\AppData\Local\TB 2016-12-22 16:04 - 2014-11-06 00:43 - 00000000 ____D C:\Program Files\Wondershare 2016-12-21 21:55 - 2011-03-19 22:25 - 00000000 ____D C:\ProgramData\AOL Downloads 2016-12-21 21:36 - 2011-03-19 22:32 - 00000000 ____D C:\Users\Hans\AppData\Local\AOL 2016-12-21 21:35 - 2014-09-27 18:03 - 00000000 ____D C:\Users\Public\Documents\AOL Downloads 2016-12-21 21:35 - 2011-03-19 22:34 - 00000000 ____D C:\Users\Hans\AppData\Roaming\AOL 2016-12-21 21:35 - 2011-03-19 22:31 - 00000000 ____D C:\ProgramData\AOL 2016-12-18 16:23 - 2014-03-15 15:35 - 00000000 ____D C:\Program Files\iTunes 2016-12-18 16:20 - 2011-04-17 01:09 - 00000000 ____D C:\Program Files\Common Files\Apple 2016-12-18 15:09 - 2015-05-09 15:53 - 00000000 ____D C:\Windows\system32\Drivers\N360x64 2016-12-18 15:05 - 2016-10-15 09:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-12-18 13:18 - 2012-07-26 23:29 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-12-18 13:18 - 2012-04-09 23:04 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-12-18 13:18 - 2011-05-14 22:11 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-12-18 13:17 - 2011-10-23 02:51 - 00000000 ____D C:\Windows\system32\Macromed 2016-12-18 13:17 - 2011-02-15 03:15 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-12-18 11:59 - 2016-04-09 14:26 - 00004130 _____ C:\Windows\System32\Tasks\Open URL by RoboForm 2016-12-18 11:59 - 2012-06-15 21:37 - 00003478 _____ C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon 2016-12-18 11:59 - 2011-10-17 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm 2016-12-18 11:59 - 2011-08-23 02:47 - 00002070 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-12-18 11:59 - 2011-08-23 02:47 - 00002058 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-12-18 11:51 - 2015-08-15 18:13 - 00001929 _____ C:\Users\Public\Desktop\Google Slides.lnk 2016-12-18 11:51 - 2015-08-15 18:13 - 00001927 _____ C:\Users\Public\Desktop\Google Sheets.lnk 2016-12-18 11:51 - 2015-08-15 18:13 - 00001917 _____ C:\Users\Public\Desktop\Google Docs.lnk 2016-12-18 11:51 - 2015-08-15 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2016-12-18 11:38 - 2015-08-15 17:35 - 00003502 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1318442368-710658752-766906897-1000UA 2016-12-18 11:38 - 2015-08-15 17:35 - 00003230 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1318442368-710658752-766906897-1000Core 2016-12-18 11:38 - 2011-08-17 23:29 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-12-18 11:38 - 2011-08-17 23:29 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-12-18 11:27 - 2009-07-14 06:08 - 00032612 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-12-14 20:42 - 2011-09-04 17:52 - 00000000 ____D C:\Users\Hans\AppData\Local\NPE 2016-12-14 20:28 - 2015-12-22 13:03 - 00000000 ____D C:\NPE 2016-12-12 21:48 - 2011-02-15 03:52 - 00000000 ____D C:\ProgramData\Norton 2016-12-12 21:47 - 2015-05-09 15:55 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared 2016-12-11 17:28 - 2011-02-15 03:51 - 00000000 ____D C:\Program Files (x86)\NortonInstaller 2016-12-10 16:41 - 2011-08-17 23:29 - 00000000 ____D C:\Users\Hans\AppData\Local\Google 2016-12-10 10:40 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2016-12-04 22:57 - 2011-03-20 20:41 - 00000000 ____D C:\Users\Hans\AppData\Roaming\Skype 2016-12-04 18:14 - 2012-10-03 23:52 - 00000000 ____D C:\Users\Hans\Documents\Marbella 2016-12-02 17:17 - 2011-04-23 15:43 - 00000000 ____D C:\Users\Hans\Documents\My Scans 2016-12-02 16:07 - 2015-07-26 18:07 - 00000000 ____D C:\ProgramData\Package Cache 2016-12-02 16:06 - 2015-07-26 18:14 - 00000000 ____D C:\Program Files (x86)\Garmin 2016-12-02 16:05 - 2016-09-25 12:21 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask 2016-12-02 16:05 - 2016-04-29 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2016-11-28 19:38 - 2011-03-20 20:40 - 00000000 ____D C:\ProgramData\Skype 2016-11-28 19:37 - 2011-03-20 20:40 - 00000000 ___RD C:\Program Files (x86)\Skype ==================== Files in the root of some directories ======= 2011-06-19 20:08 - 2011-06-19 20:08 - 0001854 _____ () C:\Users\Hans\AppData\Roaming\GhostObjGAFix.xml 2014-01-12 01:44 - 2014-01-12 01:45 - 55694664 _____ (Igor Pavlov) C:\Users\Hans\AppData\Roaming\SUPRAUpdatePaket.exe 2014-01-27 00:16 - 2014-01-28 16:20 - 0000139 _____ () C:\Users\Hans\AppData\Roaming\WB.CFG 2014-01-27 00:16 - 2014-01-28 16:20 - 0000005 _____ () C:\Users\Hans\AppData\Roaming\WBPU-TTL.DAT 2011-03-25 23:20 - 2014-11-01 17:01 - 0001370 _____ () C:\Users\Hans\AppData\Roaming\wklnhst.dat 2012-01-08 18:37 - 2015-08-19 17:43 - 0007598 _____ () C:\Users\Hans\AppData\Local\Resmon.ResmonCfg 2015-03-07 15:09 - 2015-03-07 15:09 - 0000057 _____ () C:\ProgramData\Ament.ini 2011-03-20 20:42 - 2011-03-20 20:42 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2011-03-19 23:18 - 2012-09-15 20:23 - 0004971 _____ () C:\ProgramData\hpzinstall.log Some files in TEMP: ==================== C:\Users\Hans\AppData\Local\Temp\RoboForm-Setup.exe C:\Users\Hans\AppData\Local\Temp\uninst.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-09-29 03:22 |
26.12.2016, 13:43 | #6 |
/// TB-Ausbilder /// Anleitungs-Guru | Adware.1Clickdownload in der Registrydatei Ist es so schwer die Anweisungen zu lesen? Addition.txt fehlt noch und bitte in Code-Tags.
__________________ --> Adware.1Clickdownload in der Registrydatei |
26.12.2016, 14:14 | #7 |
| Adware.1Clickdownload in der RegistrydateiCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016 Ran by Hans (26-12-2016 14:01:45) Running from C:\Users\Hans\Desktop\FRST64CODE Windows 7 Home Premium Service Pack 1 (X64) (2011-03-17 02:01:40) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1318442368-710658752-766906897-500 - Administrator - Disabled) Guest (S-1-5-21-1318442368-710658752-766906897-501 - Administrator - Disabled) Hans (S-1-5-21-1318442368-710658752-766906897-1000 - Administrator - Enabled) => C:\Users\Hans HomeGroupUser$ (S-1-5-21-1318442368-710658752-766906897-1002 - Administrator - Enabled) Marbella (S-1-5-21-1318442368-710658752-766906897-1004 - Administrator - Enabled) => C:\Users\Marbella ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton 360 Online (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton 360 Online (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} FW: Norton 360 Online (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Acronis Universal Boot Media Builder (HKLM-x32\...\{8FAB072E-6028-4BCD-A6CD-D179E4860073}) (Version: 11.5.38938 - Acronis) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated) Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated) Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) ATI Catalyst Install Manager (HKLM\...\{3A477F94-D551-17B2-26A5-7AD895F6C8BA}) (Version: 3.0.804.0 - ATI Technologies, Inc.) ATI Problem Report Wizard (Version: 3.0.804.0 - ATI Technologies) Hidden ATI Stream SDK v2 Developer (HKLM\...\{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}) (Version: 2.2.0.0 - ATI Technologies Inc.) AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin) AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version: - AVM Berlin) AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: 1.2.0.0 - AVM Berlin) Bing Bar (HKLM-x32\...\{6F6D8BC6-CE36-493B-996F-04CD8CCC35A8}) (Version: 7.0.614.0 - Microsoft Corporation) Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden C309a (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden calibre (HKLM-x32\...\{B5BF7B43-E13D-4A76-9F8F-E933817131EC}) (Version: 0.8.63 - Kovid Goyal) ccc-core-static (x32 Version: 2010.1228.2239.40637 - ATI) Hidden Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.3.11006.1 - Cisco Consumer Products LLC) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden devolo Cockpit (HKLM-x32\...\dlancockpit) (Version: 4.3.2.0 - devolo AG) DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard) DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden Elevated Installer (x32 Version: 4.5.0.0 - Garmin Ltd or its subsidiaries) Hidden Fax (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Garmin City Navigator Europe NTU 2017.10 (HKLM-x32\...\{081E9129-B930-41D5-832A-AD01B4B7B164}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM-x32\...\{00bf033c-5ade-400f-a174-be74932eebc6}) (Version: 4.5.0.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 4.5.0.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 4.5.0.0 - Garmin Ltd or its subsidiaries) Hidden GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 9.9.10.5 - Siber Systems) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.) Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.) Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google) Google Photos Backup (HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4725 - Hewlett-Packard) HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard) HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard) HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard) HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard) HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}) (Version: 1.0.4.0 - Hewlett-Packard) HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP Photosmart 7520 series Basic Device Software (HKLM\...\{27ABA988-D480-4F44-B0FD-45E5656D2CFE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Photosmart 7520 series Help (HKLM-x32\...\{08295D09-E002-48F8-905D-34E4B08509BA}) (Version: 28.0.0 - Hewlett Packard) HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 5 (HKLM\...\{71C4F928-136A-4222-A191-310E081FB96B}) (Version: 14.0 - HP) HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company) HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.3.34.7 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard) HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.5.32.37 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden HydraVision (x32 Version: 4.2.184.0 - ATI Technologies Inc.) Hidden iCloud (HKLM\...\{CE29BC77-C5AE-49D8-A8C0-FDAF6ACF74DF}) (Version: 6.0.1.41 - Apple Inc.) iMazing 1.2.3.0 (HKLM\...\iMazing_is1) (Version: 1.2.3.0 - DigiDNA) iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.) Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.3130 - CyberLink Corp.) Hidden LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe) Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes) MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Streets & Trips 2010 (HKLM-x32\...\{C82185E8-C27B-4EF4-2010-4444BC2C2B6D}) (Version: 17.0.18.2200 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard) Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden Norton 360 Online (HKLM-x32\...\N360) (Version: 22.8.1.14 - Symantec Corporation) Norton Online Backup (HKLM-x32\...\{652C1CDF-C61D-4525-9348-8C272CC2DB24}) (Version: 2.10.3.20 - Symantec Corporation) OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP) OneTouch(R) Software v2.3.3 (HKLM-x32\...\{82FEBE5D-61EC-4365-A213-2B278780945E}) (Version: - ) Open eCard App (HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Open eCard App) (Version: - ecsec GmbH) PamFax (HKLM-x32\...\{6432B21C-CA95-46CA-87D4-178CC2E58F84}_is1) (Version: 3.4.6.11 - Scendix Software GmbH) PamFax Office Integration (x32 Version: 1.0.2 - Scendix Software GmbH) Hidden PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.9 - PDF Complete, Inc) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 0.9.9 - Frank Heindörfer, Philip Chinery) Photo Transfer App (HKLM-x32\...\com.erclab.air.phototransferapp) (Version: 2.1.0 - UNKNOWN) PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.) PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.) PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company) PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.10.0 - Prolific Technology INC) Play Wireless USB Adapter (HKLM-x32\...\InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}) (Version: 1.0.0.03 - Belkin) Play Wireless USB Adapter (x32 Version: 1.0.0.03 - Belkin) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975E}) (Version: 5.10.1102.0 - NewspaperDirect Inc.) PRIVATE WiFi (HKLM-x32\...\PRIVATE WiFi) (Version: 4.0 - Private Communications) PRIVATE WiFi (x32 Version: 4.0 - Private Communications) Hidden PS_AIO_05_C309_Software_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden Quicken WillMaker Plus 2013 (HKLM-x32\...\{8065044B-2AF3-434E-A6E2-B7C60CDB978B}) (Version: 1.0.0.0 - Nolo) QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.) QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: - Ralink) Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 2.0.2.3 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.) Realtek PCI Fast Ethernet Controller Driver For Vista and Win7 (HKLM-x32\...\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}) (Version: 1.00.0005 - Realtek) Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden Renee Undeleter 2014.10.22.00 (HKLM-x32\...\{EE1F41BE-6DBD-44AE-9F97-4D7F9227329D}_is1) (Version: 2014.10.22.00 - Rene.E Laboratory) RoboForm 7-9-25-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-25-5 - Siber Systems) Rosetta Stone Ltd Services (HKLM-x32\...\{FFF186B6-4D02-4D8D-A776-C43E062E01A9}) (Version: 3.2.18 - Rosetta Stone Ltd.) RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow) Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.) SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden supra IPCam (HKLM-x32\...\{0F951D9B-4239-4667-9DAF-EECC086EDCC4}) (Version: 1.5.1.0 - SUPRA Foto-Elektronik-Vertriebs-GmbH) TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - TomTom) TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Unity Web Player (HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\UnityWebPlayer) (Version: 5.0.0f4 - Unity Technologies ApS) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.) WD SmartWare (HKLM\...\{B6FD23F0-1047-4088-94BF-B137D4D17CD8}) (Version: 1.4.3.4 - Western Digital) WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden WePrint (HKLM-x32\...\WePrint) (Version: - EuroSmartz Ltd) Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1318442368-710658752-766906897-1000_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {184EEF5E-9468-D082-087F-3FE985889A47} => No File CustomCLSID: HKU\S-1-5-21-1318442368-710658752-766906897-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File CustomCLSID: HKU\S-1-5-21-1318442368-710658752-766906897-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Hans\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1318442368-710658752-766906897-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Hans\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1318442368-710658752-766906897-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Hans\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1318442368-710658752-766906897-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Hans\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1318442368-710658752-766906897-1000_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {1F615683-9468-D082-D5C6-10EE85889A47} => No File CustomCLSID: HKU\S-1-5-21-1318442368-710658752-766906897-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Hans\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1318442368-710658752-766906897-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Hans\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1318442368-710658752-766906897-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Hans\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1318442368-710658752-766906897-1000_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {4193C6FE-9468-D082-A856-E2B085889A47} => No File CustomCLSID: HKU\S-1-5-21-1318442368-710658752-766906897-1000_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {43941B6A-9468-D082-3C8B-E5B285889A47} => No File CustomCLSID: HKU\S-1-5-21-1318442368-710658752-766906897-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Hans\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {10796713-0063-4B32-8A78-B873BE77DBA6} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {1D64FB75-D943-431B-8835-52AF96666BF1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-18] (Adobe Systems Incorporated) Task: {33FB46C3-E657-4A0C-A4EA-076217270422} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{7CEE726A-56A1-490D-8C84-55315C9435CB}.exe <==== ATTENTION Task: {36B3B5A3-A9FB-427C-9B05-5B42A39326A0} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft) Task: {37488BD0-A007-4EA2-881F-566B0926B979} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{2EB2CF9B-E7A1-4062-8C97-868377C31D43}.exe <==== ATTENTION Task: {3EF96DF7-9ACB-4F67-95CD-D967ADB86C1E} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\SymErr.exe [2016-11-12] (Symantec Corporation) Task: {4692F4C2-9431-44A6-AD2B-44AC430CD24D} - System32\Tasks\{48B7BDFC-4CCB-4967-83DA-356ED166156E} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.0.106/en/go/help.faq.installer?LastError=1618 Task: {52892579-15E1-46BF-A782-D9F7321A4D49} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\WSCStub.exe [2016-11-12] (Symantec Corporation) Task: {5552584A-E003-444A-8C81-6ADEC538FFA5} - System32\Tasks\HP Photosmart 7520 series.exe_{75631CDB-012B-4DDA-B018-BB4C139E8D2F} => C:\Program Files\hp\HP Photosmart 7520 series\Bin\HP Photosmart 7520 series.exe [2012-10-17] (Hewlett-Packard Co.) Task: {578D6C45-32CD-4CAB-ABC3-8C34897D9E3C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated) Task: {594D6F95-94C2-478E-8109-DB0C8136B92E} - System32\Tasks\VpnClientLaunch => C:\Program Files (x86)\Private Communications\PRIVATE WiFi\PrivateWiFi.exe [2014-01-20] () Task: {601A49B6-54FD-4C59-B918-D153D2915839} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.) Task: {616F185A-B7F2-4AD0-8418-CEFF822D3BB8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {6F1B8354-29CA-4F27-8B95-8C5CE7B30CD9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {71C7F787-9A42-4DB7-ACFC-59F94CD02061} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-11-29] () Task: {76231766-30CB-4577-BECF-DAC5BC0C37B7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1318442368-710658752-766906897-1000Core => C:\Users\Hans\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {76B2B6C3-D7EC-48E9-B271-056732D9F7D1} - System32\Tasks\{7795B30C-C068-4F9C-8BC4-4CEE68A47344} => pcalua.exe -a E:\Setup.exe -d E:\ Task: {7AD87218-9570-491B-BA68-A6D97A15E288} - System32\Tasks\{FBAB3ECF-D9EC-40EF-8224-753AD38A84DC} => pcalua.exe -a E:\setup.exe -d E:\ Task: {7B151E5C-BD82-46CD-9804-DE7F66875ED7} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\SymErr.exe [2016-11-12] (Symantec Corporation) Task: {81D9A4BD-8188-4555-8A57-44DD59A356BA} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {8DF7292E-F875-4FD7-BAF7-8694BB7B57EF} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2016-12-18] (Siber Systems) Task: {8F01EF67-BA83-4338-ABDB-F3143D3B32C4} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {8F9103A3-46B4-422D-8E1A-9DE1213E59D1} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMKJJJKJOJMMKJHMGMCNJJOMKMNMCNLMJJLMLJCNGMMMJMJJCNMJPMKJGMPMIMOMNMMJKMLMPMJNJICMIMCNNMCNHMFMHMCNPMCNIMJMPMOMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMEKMICNJJCKFMNMOMJNHICMEKMICNJJCKJNBJCMHLOJBJMIJNKJCMJNNICMJNDJCMKJBJ" Task: {92534D16-4566-4109-B0BF-42E6854A5877} - System32\Tasks\ScanToPCActivationApp.exe_{4BA910AC-329C-447C-9265-D8D3D53A007A} => C:\Program Files\hp\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2012-10-17] (Hewlett-Packard Co.) Task: {95275872-6AE6-457D-9C69-AED33FD28FF7} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {A06DBFEF-4C35-4C3D-9CDF-D06F24E262B6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PendingActionAlert => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\PendingActionAlert.exe [2016-07-26] (HP Inc.) Task: {A7B9BEFE-AAE8-4123-8E9D-697D5D7F8E12} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1318442368-710658752-766906897-1000UA => C:\Users\Hans\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {B0E58F43-5085-450C-B1DB-18E1A581A93A} - System32\Tasks\{A0B13255-1DE7-4900-BFDE-653A9A60E784} => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe Task: {B6028358-8582-4B28-9071-0A5AB67A9F64} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe Task: {BDA060FD-B377-4E5E-AE68-325E00F011FB} - System32\Tasks\VpnClientStartOnLogon => C:\Program Files (x86)\Private Communications\PRIVATE WiFi\PrivateWiFi.exe [2014-01-20] () Task: {BF20C3DC-72F5-4FB2-B5D3-457B81B7E804} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.) Task: {C12EA1EF-DEDB-4241-8A86-DA39962AB73A} - System32\Tasks\{DF630C77-236D-4DF0-9676-E27EC49CCEEE} => pcalua.exe -a "C:\Program Files (x86)\YouTube Accelerator\YTAUninstall.exe" Task: {C6213C5C-987B-44E5-9392-0FC86DDE1600} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.) Task: {C9E872E2-9128-46E4-A055-04435B211672} - System32\Tasks\HPCeeScheduleForHans => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard) Task: {D092708F-5013-44A1-B89B-EADF301BFDD7} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360 Online\Upgrade.exe [2016-11-12] (Symantec Corporation) Task: {D3A2B05D-CD71-435A-BC9E-6E410B8FDBFC} - System32\Tasks\{4F7D4B18-7E66-4B2A-B698-17038513F71D} => pcalua.exe -a "C:\Users\Hans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G51NILFA\XvidSetup[1].exe" -d C:\Users\Hans\Desktop Task: {DF7002FE-D642-4CA8-AE97-FD83082107B3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-10-31] (HP Inc.) Task: {ECE71B23-7990-473B-97D5-6787418482D5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard) Task: {EDDC7943-918B-43C8-A542-5EA25A8F12AD} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.) Task: {F015E1A3-CF4B-4D60-89F2-925385605106} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {F0F8B06E-E38B-475C-B919-9A33937A6804} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMKJJJKJOJMMKJHMGMCNJJOMKMNMCNLMJJLMLJCNGMMMJMJJCNMJPMKJGMPMIMOMNMMJKMLMPMJNJICMIMCNGMCNNMKMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMNMPMGMMMJNHICMMJBJKJLIMJJNBJCMHLOJBJMIPNNKKJGJLIKJNIJNKJCMJNNICMJNDJCM (the data entry has 61 more characters). Task: {FB3E8DB3-828A-457E-A888-162E9154651D} - System32\Tasks\Run RoboForm Process => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2016-12-18] (Siber Systems) Task: {FB5D686E-1980-4C7E-805A-0F8D6051895A} - System32\Tasks\ScanToPCActivationApp.exe_{023EC9AC-55C9-4501-9299-EE3D85F55D67} => C:\Program Files\hp\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2012-10-17] (Hewlett-Packard Co.) Task: {FC7F25CE-B4A2-4A88-9254-DD1633BC1A60} - System32\Tasks\{5662C7CD-9A6D-468B-B1DE-D2EF1D703F6C} => Chrome.exe hxxp://ui.skype.com/ui/0/5.5.0.124/en/go/help.faq.installer?LastError=1603 Task: {FFD0B41E-20EC-44F7-922C-9D95BA90C03F} - System32\Tasks\{8611CA82-0EBD-4FF1-84EF-EA5C3E8377E3} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2016-11-15] (Skype Technologies S.A.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{2EB2CF9B-E7A1-4062-8C97-868377C31D43}.exe <==== ATTENTION Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{7CEE726A-56A1-490D-8C84-55315C9435CB}.exe <==== ATTENTION Task: C:\Windows\Tasks\HPCeeScheduleForHans.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open eCard\Open eCard App.lnk -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\javaws.exe (Oracle Corporation) -> -localfile -offline -J-Djnlp.application.href=hxxp://jnlp.openecard.org/openecard.jnlp "C:\Users\Hans\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\40b8c089-2c4aa136" ==================== Loaded Modules (Whitelisted) ============== 2012-07-28 15:35 - 2005-03-12 05:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll 2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-11-17 01:28 - 2016-11-17 01:28 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-10-31 16:29 - 2014-10-31 16:29 - 08274576 _____ () C:\Program Files\Siber Systems\GoodSync\gs-server.exe 2010-11-08 16:43 - 2010-11-08 16:43 - 01060352 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe 2010-11-08 16:43 - 2010-11-08 16:43 - 00485376 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe 2009-12-28 23:25 - 2009-12-28 23:25 - 00036864 ____N () C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe 2010-12-29 03:49 - 2010-12-29 03:49 - 00079872 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Services.dll 2016-12-21 15:04 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2016-12-21 15:04 - 2016-12-14 12:55 - 02247632 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2016-12-21 15:04 - 2016-12-14 12:55 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll 2014-01-20 12:39 - 2014-01-20 12:39 - 01776104 _____ () C:\Program Files (x86)\Private Communications\PRIVATE WiFi\PrivateWiFi.exe 2010-09-15 19:31 - 2010-09-15 19:31 - 00611896 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe 2010-12-29 03:50 - 2010-12-29 03:50 - 00101888 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2010-04-12 21:59 - 2010-04-12 21:59 - 00098304 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2016-11-29 13:41 - 2016-11-29 13:41 - 00073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll 2010-03-05 14:24 - 2010-03-05 14:24 - 00886272 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll 2016-12-26 12:23 - 2016-12-26 12:23 - 00098816 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\win32api.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00110080 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\pywintypes27.dll 2016-12-26 12:23 - 2016-12-26 12:23 - 00364544 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\pythoncom27.dll 2016-12-26 12:23 - 2016-12-26 12:23 - 00320512 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\win32com.shell.shell.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00914432 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\_hashlib.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 01176576 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\wx._core_.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00806400 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\wx._gdi_.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00816128 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\wx._windows_.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 01067008 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\wx._controls_.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00733184 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\wx._misc_.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00682496 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\pysqlite2._sqlite.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00088064 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\_ctypes.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00686080 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\unicodedata.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00119808 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\win32file.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00108544 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\win32security.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00007168 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\hashobjs_ext.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00017920 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\thumbnails_ext.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00088064 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\usb_ext.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00012800 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\common.time34.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00018432 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\win32event.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00167936 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\win32gui.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00046080 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\_socket.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 01303552 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\_ssl.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00128512 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\_elementtree.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00127488 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\pyexpat.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00038912 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\win32inet.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00036864 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\_psutil_windows.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00524248 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\windows._lib_cacheinvalidation.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00011264 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\win32crypt.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00123392 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\wx._wizard.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00077312 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\wx._html2.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00027648 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\_multiprocessing.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00020480 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\_yappi.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00035840 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\win32process.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00078848 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\wx._animate.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00024064 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\win32pipe.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00010240 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\select.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00025600 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\win32pdh.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00017408 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\win32profile.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00022528 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\win32ts.pyd ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:1CE11B51 [110] AlternateDataStreams: C:\ProgramData\Temp:56E2E879 [146] AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1 [226] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2015-10-21 16:30 - 00000828 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1318442368-710658752-766906897-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk => C:\Windows\pss\WDDMStatus.lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: HP Photosmart 7520 series (NET) => "C:\Program Files\hp\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe" -deviceID "TH47U711DG05YY:NW" -scfn "HP Photosmart 7520 series (NET)" -AutoStart 1 MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{9B927DAF-DFCE-4F2C-BD25-F68977B0C822}] => c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE FirewallRules: [{A1C28D32-01CF-4D65-9F0A-135CC66414EE}] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe FirewallRules: [{5F211B78-4806-4520-BEC0-94C68FF4296E}] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe FirewallRules: [{F3396345-4776-4A31-87A3-67160454DAC7}] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe FirewallRules: [{502E4A0D-1381-4735-97B3-498D2844A38C}] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe FirewallRules: [{9E74DF6D-1E1C-4F93-9741-20C444581E7C}] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe FirewallRules: [{17E76C50-54F8-453E-85AE-B80FEFBBD089}] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe FirewallRules: [{6B3404CE-10EB-45B0-8E83-E16E1280C44D}] => C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe FirewallRules: [{8CE814F9-EF98-456B-AB51-EAB0287DF2E8}] => C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe FirewallRules: [{24852412-F02A-46FF-8D07-D37526D6F59B}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe FirewallRules: [{68D7AF91-8E5D-46CC-8A0C-73E1A7BAEF23}] => C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe FirewallRules: [{F9B15431-9A4D-46B2-A3C1-5176F5D6F4E6}] => C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe FirewallRules: [{34EFA4DF-1952-485C-A0B7-D89BD62132A6}] => C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe FirewallRules: [{FAD4DB23-C1BD-494D-9D6C-95BC498CBEE3}] => C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe FirewallRules: [{00E46BAC-0243-427D-A2D3-DF73F8F5370A}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{9F2AC7B9-E970-45B8-A69F-ECC21372A14C}] => LPort=2869 FirewallRules: [{6113AAF1-7812-42B7-8DAB-B8D78AC6C2AC}] => LPort=1900 FirewallRules: [{DA867B80-D4C3-43DE-AF06-FAA4C156D4BA}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{CF9C63C2-8ACD-478A-9DB5-13BA17762A74}] => C:\Windows\System32\migwiz\migwiz.exe FirewallRules: [{6B033669-6A0D-4F87-9B12-62850DF1C768}] => C:\Windows\System32\migwiz\migwiz.exe FirewallRules: [{B154CBD0-CA22-4DD2-A41C-C07BEC55A8CE}] => LPort=7000 FirewallRules: [{E2C0C286-949C-4053-ABF1-CE8D16F4D884}] => LPort=7000 FirewallRules: [{22FBEA7F-DF03-455F-8DD8-4EC2F9C21CF0}] => C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe FirewallRules: [{88AF6575-EA88-441D-9B86-A6682F20596A}] => C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe FirewallRules: [{93A13917-26B2-4AC5-B9E5-AA86F55299D5}] => C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe FirewallRules: [{BFAEF415-2E1D-4550-A5DA-1643937C7500}] => C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe FirewallRules: [{759F96A9-71D8-47ED-813C-1D71740025B4}] => C:\Program Files (x86)\Common Files\AOL\1300570305\ee\aolsoftware.exe FirewallRules: [{D520EA39-6045-4281-AC80-03BBE80574E1}] => C:\Program Files (x86)\Common Files\AOL\1300570305\ee\aolsoftware.exe FirewallRules: [{CC2EC28A-6496-40B2-B612-07E0583AE75C}] => C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe FirewallRules: [{61FDF4D2-BB4F-45A4-A13B-223BFDC79C38}] => C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe FirewallRules: [{D395B590-70EC-4F83-97DB-F8E282445BBF}] => E:\setup\hpznui40.exe FirewallRules: [{EB5E634D-ED2B-4EC9-95A7-7B5679121951}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{180AD2E0-4620-4054-BD81-9DCE13FB1EA2}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{C7A4FB00-5AF1-4F87-8F61-82F01F0D9436}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe FirewallRules: [{B478AF90-08E6-4CD9-A706-0F0DBDD51BD3}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe FirewallRules: [{4A4D1778-634F-47FF-932C-20A33C53E2DA}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{30A2D92D-C852-4FC0-85E7-74AA54A4C5F6}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{B3139F3A-462C-447D-B24F-B3006F74EE74}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{8CC1D82A-E6D2-4082-8CDB-174D4019F181}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe FirewallRules: [{BF470B00-1657-452D-AAF2-B99104335B0D}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{BC267491-14E8-4811-A29B-FDF0F61ABD06}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{EDE520CA-923E-4680-BD9F-D107092D2784}] => C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe FirewallRules: [{4CE243B7-53F9-451A-8D6C-5FD8EF13C754}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe FirewallRules: [{09479FCE-6A39-4B8C-99F8-425DF1C8D6C4}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe FirewallRules: [{F02A23BE-14BA-4764-B50C-39FEBF4E9017}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe FirewallRules: [{9599CC0D-B86A-4FC9-BBF2-FD7CC9FAE43B}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe FirewallRules: [{AB65FD74-974F-49C9-9001-14F8B87136C5}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe FirewallRules: [{9337B610-9BEE-4AA9-862C-C7D78E8B8C65}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{4281D062-9C27-4853-9EAE-EF3C87E3749E}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{1E1FA6BC-1717-4573-AC2A-5336FB2712A5}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{3797AB00-53F9-4472-B799-41804B0FF9D7}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{4F37005B-0006-4E57-A487-4BCA1D9C8B24}] => C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{453FA267-AF96-4831-B6FD-582138F83602}] => C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe FirewallRules: [{41EF8723-B17E-4487-8B2F-EA9F0181C440}] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{D1A2738B-8429-40F5-9439-94AC23209D2C}] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{6BFD34FF-8F02-439D-9DC2-429EAD435CD8}] => C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{59784776-35F7-420B-8D6B-763EE93C369E}] => C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{6444BA93-958D-495E-AD2F-F9234D8B8C94}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{2DB624DF-3689-4222-8F0E-652F30D7919D}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{611D522F-1CF6-4B27-9321-4BBA6DBCE56E}] => LPort=33333 FirewallRules: [{ADBB3635-95CF-41B4-B841-7E70046A5066}] => LPort=33338 FirewallRules: [{78BE71AE-2DD9-4D58-BAB7-6BE02F4CE1AC}] => C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe FirewallRules: [{DDBD963B-E0B5-4ADA-89D2-2EA2AD6A62DF}] => C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe FirewallRules: [{C5D4757A-4B13-4FB5-8F53-B81AEDE555AE}] => C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe FirewallRules: [{4B78EE78-7812-4CA5-8E46-5ADC4E116161}] => C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe FirewallRules: [{AEC539C9-429D-4ED5-91B5-31A87F05676C}] => C:\Program Files\Siber Systems\GoodSync\GoodSync.exe FirewallRules: [{F3E7BDEB-17C8-4063-8480-0434CC97051A}] => C:\Program Files\Siber Systems\GoodSync\GoodSync.exe FirewallRules: [{8ACE0C8A-7173-4888-A6F5-2BD371FCF320}] => C:\Program Files\Siber Systems\GoodSync\GsExplorer.exe FirewallRules: [{74F787BC-13A3-4F55-879E-E7AD3AA5CD4C}] => C:\Program Files\Siber Systems\GoodSync\GsExplorer.exe FirewallRules: [{63ADB218-1C1A-4D12-8151-41F9FA2915B1}] => C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe FirewallRules: [{8EB3FCB6-D35A-4821-94D9-4D1CEA1322C5}] => C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe FirewallRules: [{1D9F55C6-A5E9-4CC3-BE22-B05CC91F7621}] => LPort=33333 FirewallRules: [{7C1614EB-E823-47CB-8177-F1DA7CFE00B5}] => LPort=33338 FirewallRules: [{C0C57ED3-8143-46E0-91BF-7C08B755CA3F}] => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe FirewallRules: [TCP Query User{FF517BA2-073C-4D3E-A510-5D8F0177E182}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [UDP Query User{019AD8FF-62E7-4795-B173-92950F318D9C}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [{A17B629F-604E-48AD-97EB-451D1B8BDE4E}] => C:\Program Files (x86)\AOL Desktop 9.7\waol.exe FirewallRules: [{DBE84E9C-20E0-4CB9-AFF1-88A45F1ACE8A}] => C:\Program Files (x86)\AOL Desktop 9.7\waol.exe FirewallRules: [{350A5AF2-15DD-4FA6-B072-A333775D6210}] => C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe FirewallRules: [{4873896C-8678-4963-B6CF-D08B084FB3EA}] => C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe FirewallRules: [{065976BC-ABB8-4912-B08C-F43867B250EC}] => C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe FirewallRules: [{533B12ED-34C6-4F59-B26D-EA6B4D8A8EC5}] => C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe FirewallRules: [{E2599F82-5CA8-418D-98F2-A47FCE9ADA79}] => C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe FirewallRules: [{F81183B9-13DB-4A73-8068-9AE47618CBAB}] => C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe FirewallRules: [TCP Query User{DF165520-B0F3-437C-9D09-54E3A69CBA69}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [UDP Query User{353F0AFC-9400-445E-AEE5-9DCAEB2FA406}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [{5DBE31DB-528F-4443-9CCA-B2B7565227F3}] => C:\Users\Hans\AppData\Local\Temp\n4271\pcspeedmaxZS_1104-25a46bad.exe FirewallRules: [{42023997-578B-487D-BABB-B6D5DF92C39D}] => C:\Users\Hans\AppData\Local\Temp\file_3867818096.exe FirewallRules: [{75C32C37-89C6-4936-930D-C867E8AAB6D3}] => C:\Users\Hans\AppData\Local\Temp\file_145719.exe FirewallRules: [{8728D82D-0B89-452C-BADA-61022DEE29A6}] => c:\program files\pcreg\pcreg.exe FirewallRules: [{9D1D88CB-DDA2-4EA0-B1FB-E9CD71D4FC3B}] => c:\program files\pcreg\pcreg.exe FirewallRules: [{BE0E1BB8-C84B-4AF6-95AE-C86DB501B2A7}] => C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe FirewallRules: [{5AB3BF2B-5759-4C0E-AD6D-03A62B2D0386}] => C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe FirewallRules: [{DADCA7A5-1B65-40F1-8D63-C1CAEF50EAC8}] => C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe FirewallRules: [{DBA436D7-5BE2-444F-BD3B-21FBF480B708}] => C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe FirewallRules: [{F0B9A282-1EAA-47C6-84FD-0DBC58A155E3}] => C:\Program Files (x86)\Common Files\AOL\1300570305\ee\aolsoftware.exe FirewallRules: [{3E7643BC-E28E-4569-BFAF-26A418151768}] => C:\Program Files (x86)\Common Files\AOL\1300570305\ee\aolsoftware.exe FirewallRules: [{C1576596-1E82-464E-8F75-5A9A02B1F73B}] => C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe FirewallRules: [{2424075F-9A5B-424D-8629-776FA11EB4D5}] => C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe FirewallRules: [{653D3B0A-256A-4F7E-8A4F-8D6E90EBE3EC}] => C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe FirewallRules: [{A52EA545-EB3E-49D5-AB1E-F86E199F241B}] => C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe FirewallRules: [{F9F8C7DA-5B4E-407E-AAEB-412593207866}] => C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe FirewallRules: [{DCB64971-6192-4642-B944-A1ED9F336E17}] => C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe FirewallRules: [{F2EDD4FC-E773-4EF8-9010-4115B2322A12}] => C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe FirewallRules: [{5B87472F-BE20-46DF-B1FF-3CBC6AD19305}] => C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe FirewallRules: [{1B5E254E-6B36-4DCC-ABF4-D4875D4BF482}] => C:\Program Files (x86)\AOL Desktop 9.7a\aolbrowser.exe FirewallRules: [{F7E8D3B3-4EB4-4789-8000-2CFF3E30BD5A}] => C:\Program Files (x86)\AOL Desktop 9.7a\aolbrowser.exe FirewallRules: [{6CC2633E-516F-4AD3-AB1A-76B1CC4E541B}] => C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{6C5D4FA8-A3C6-4525-8F55-8333992ED456}] => C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{F30EE7F7-EA01-4B5C-A713-FD5D5578ADED}] => C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{A5CFBA9F-63EB-400D-A9B5-367B8005F3EE}] => C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{F7EE638A-14BF-4E33-B89D-BB982C5BC7C4}] => C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{38AFCB99-E320-4D38-BF28-92A393CCBB09}] => C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{08086B1B-AED1-4102-BF99-FCE35900652B}] => C:\Program Files\Siber Systems\GoodSync\GoodSync.exe FirewallRules: [{BBAB1D2C-00F7-43F8-A3DB-E13D04DA9693}] => C:\Program Files\Siber Systems\GoodSync\GoodSync.exe FirewallRules: [{8F32E41D-4FC0-4235-A879-6F90CBFB7866}] => C:\Program Files\Siber Systems\GoodSync\GsExplorer.exe FirewallRules: [{7C17EDD8-F860-4C81-8F73-AC8EB89150D4}] => C:\Program Files\Siber Systems\GoodSync\GsExplorer.exe FirewallRules: [{E7DAFA31-0BAA-44C4-A368-B262CEE8DBF2}] => C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe FirewallRules: [{C62EF99B-7F02-408C-938A-FECB5F4E417B}] => C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe FirewallRules: [{21A373FA-6487-43F0-84FF-32191392391C}] => C:\Program Files\HP\HP Photosmart 7520 series\bin\FaxApplications.exe FirewallRules: [{17D34BE7-F121-4C87-8AF3-BAB6CCADDE60}] => C:\Program Files\HP\HP Photosmart 7520 series\bin\DigitalWizards.exe FirewallRules: [{DA3FCCA5-4A8A-484A-837D-CFCB8E4B05CE}] => C:\Program Files\HP\HP Photosmart 7520 series\bin\SendAFax.exe FirewallRules: [{E3AAD905-50F9-4BE4-B677-D467B898C5CF}] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\DeviceSetup.exe FirewallRules: [{A3F837D4-38C0-462F-86CC-836B338F6B36}] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe FirewallRules: [{3D933E17-4B25-4EAC-B501-96EF3D106CF9}] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{B7EE5104-2E69-4338-87AB-F306C820ED87}] => C:\Users\Hans\AppData\Local\Temp\7zS1508\HPDiagnosticCoreUI.exe FirewallRules: [{906CC24D-2060-48F7-BF12-F34D1924858F}] => C:\Users\Hans\AppData\Local\Temp\7zS1508\HPDiagnosticCoreUI.exe FirewallRules: [{6693F6F2-7439-4C3B-B9E4-AF1B3DC3CAF5}] => C:\Users\Hans\AppData\Local\Temp\7zS1FA1\HPDiagnosticCoreUI.exe FirewallRules: [{29128CDC-C1C1-4234-AC9C-181A52596E8B}] => C:\Users\Hans\AppData\Local\Temp\7zS1FA1\HPDiagnosticCoreUI.exe FirewallRules: [{D441C43E-9E8C-4860-B0DD-E876FF7B8948}] => C:\Program Files (x86)\AOL Desktop 9.7b\waol.exe FirewallRules: [{824827C4-F80F-498D-8714-95D678727452}] => C:\Program Files (x86)\AOL Desktop 9.7b\waol.exe FirewallRules: [{039DD50C-8630-49CD-B8B7-CAEAB5F908C2}] => E:\fsetup.exe FirewallRules: [{2C51A707-78B8-4BAC-AF35-BB34848AEC29}] => E:\fsetup.exe FirewallRules: [{13F5404A-0B96-4B91-B713-34177D4F23B8}] => E:\fsetup.exe FirewallRules: [{E272059B-562E-47C0-A0FB-0E9A662661E7}] => E:\fsetup.exe FirewallRules: [{FE2C5FB1-4A6A-4088-BDC1-D19698D753BA}] => C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{BE8BBA40-1A6A-4996-AA31-7AD8D94EA09A}] => C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{FACC4394-83FE-4355-9B8B-461115B6DCEA}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{3FD66863-FBAB-4693-80E4-E00E4D8C4FD4}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{EE6E888E-4EE1-422B-96E7-204A330C7CF5}] => C:\Program Files (x86)\AOL Desktop 9.8.0\waol.exe FirewallRules: [{92DB00E6-983E-4E86-A058-410627D7C878}] => C:\Program Files (x86)\AOL Desktop 9.8.0\waol.exe FirewallRules: [{C116874D-5C0F-47A3-A4B6-94278AAAE96E}] => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe FirewallRules: [{4EFBBAD5-ED29-4CC0-90BB-5E36B49A0AD4}] => C:\Users\Hans\AppData\Local\Temp\7zS31BA\HPDiagnosticCoreUI.exe FirewallRules: [{97E0B121-C82E-4BC2-928E-55DAEE110AE3}] => C:\Users\Hans\AppData\Local\Temp\7zS31BA\HPDiagnosticCoreUI.exe FirewallRules: [{79280998-C664-4387-823A-32BB99E5A6E6}] => C:\Users\Hans\AppData\Local\Temp\7zS32AF\HPDiagnosticCoreUI.exe FirewallRules: [{A5045754-BD6B-41D4-B938-FDFDE3B871E6}] => C:\Users\Hans\AppData\Local\Temp\7zS32AF\HPDiagnosticCoreUI.exe FirewallRules: [{6D2F1F15-3C0E-42D6-AE20-D6008A8E6208}] => C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{D9274A63-63A2-4CA9-B019-EE4F3E7AB58D}] => C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe FirewallRules: [{68258B38-E401-4D62-819C-8000BF851CC0}] => C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe FirewallRules: [{D2096ED2-4405-44FC-9DCA-4E370646906F}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{2FA767D1-A16C-4813-9274-1D5FB6C8E6DA}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{EBBD37CA-B722-4AA4-99C6-E97345C41C82}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => C:\program files (x86)\symantec\norton online backup\nobuclient.exe FirewallRules: [UDP Query User{72675C7A-CE4F-4BD4-8DCF-A847DE466E8E}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => C:\program files (x86)\symantec\norton online backup\nobuclient.exe FirewallRules: [{01EC4E16-8031-4670-884E-C83464B31F47}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{70E98B7A-CBEF-4916-8B0A-FC8319453B4D}] => C:\Program Files\iTunes\iTunes.exe FirewallRules: [{50195A85-C599-4A74-9458-6CED8D812CAB}] => C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe FirewallRules: [{416A99C8-70BF-431A-8026-609D5BD37052}] => C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe ==================== Restore Points ========================= 14-09-2015 22:13:03 Windows Update 19-09-2015 09:32:29 Garmin Express 19-09-2015 09:39:46 Garmin Express 26-09-2015 23:00:00 Scheduled Checkpoint 11-10-2015 16:27:19 Scheduled Checkpoint 14-10-2015 02:00:42 Windows Update 22-10-2015 09:42:08 Scheduled Checkpoint 30-10-2015 00:00:03 Scheduled Checkpoint 06-11-2015 01:43:24 Garmin Express 11-11-2015 03:00:55 Windows Update 13-11-2015 03:00:10 Windows Update 20-11-2015 15:15:14 Installed HP Support Assistant 20-11-2015 15:22:40 Windows Modules Installer 20-11-2015 15:24:17 Windows Modules Installer 23-11-2015 18:12:30 Device Driver Package Install: Private Communications Network adapters 23-11-2015 18:19:33 Removed Skype™ 7.13 23-11-2015 18:23:14 Removed Skype Click to Call 23-11-2015 19:04:11 Removed Skype™ 7.15 01-12-2015 00:00:14 Scheduled Checkpoint 08-12-2015 18:11:17 Scheduled Checkpoint 10-12-2015 03:00:33 Windows Update 17-12-2015 18:45:34 Scheduled Checkpoint 22-12-2015 13:24:47 Norton_Power_Eraser_20151222131733815 08-01-2016 12:55:48 Scheduled Checkpoint 13-01-2016 03:00:45 Windows Update 20-01-2016 23:10:32 Scheduled Checkpoint 29-01-2016 19:02:44 Scheduled Checkpoint 01-02-2016 19:49:26 Garmin Express 10-02-2016 03:01:09 Windows Update 15-02-2016 03:01:10 Windows Update 06-03-2016 17:24:45 Scheduled Checkpoint 13-03-2016 18:10:20 Scheduled Checkpoint 14-03-2016 03:00:37 Windows Update 22-03-2016 00:58:07 Scheduled Checkpoint 06-04-2016 17:58:27 Installed OneTouch(R) Software v2.3.3 09-04-2016 14:18:54 Removed Comcast Desktop Software (v1.2.1) 15-04-2016 17:48:22 Windows Modules Installer 22-04-2016 18:35:23 Scheduled Checkpoint 29-04-2016 16:44:02 Garmin Express 16-05-2016 05:14:23 Scheduled Checkpoint 17-05-2016 02:01:27 Windows Update 02-06-2016 22:12:41 Scheduled Checkpoint 06-06-2016 18:12:00 Chrome Cleanup Tool 26-06-2016 02:02:21 Windows Update 27-06-2016 02:00:16 Windows Update 20-07-2016 02:01:02 Windows Update 28-07-2016 19:19:33 Scheduled Checkpoint 07-08-2016 10:43:41 Garmin Express 18-08-2016 21:15:42 Scheduled Checkpoint 22-08-2016 02:03:17 Windows Update 23-08-2016 02:01:26 Windows Update 10-09-2016 12:33:16 Scheduled Checkpoint 25-09-2016 12:16:45 Garmin Express 29-09-2016 02:02:41 Windows Update 06-11-2016 03:29:26 Garmin Express 07-11-2016 03:00:16 Windows Update 08-11-2016 03:01:04 Windows Update 02-12-2016 16:01:46 Garmin Express 10-12-2016 15:09:32 Installed Norton Online Backup 12-12-2016 22:14:21 Norton 360 Registry Clean 21-12-2016 22:21:50 Removed DriverUpdate 21-12-2016 22:23:00 Removed DriverUpdate 26-12-2016 03:01:16 Windows Update ==================== Faulty Device Manager Devices ============= Name: J:\ Description: SM/xD-Picture Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. Name: G:\ Description: Photosmart 7520 Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: HP Service: WUDFRd Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. Name: I:\ Description: Compact Flash Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. Name: K:\ Description: MS/MS-Pro Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. Name: H:\ Description: SD/MMC Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. ==================== Event log errors: ========================= Application errors: ================== Error: (12/26/2016 12:28:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (12/26/2016 12:28:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (12/25/2016 11:21:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace4e7 Exception code: 0xc0000005 Fault offset: 0x000000000001e1ac Faulting process id: 0x890 Faulting application start time: 0x01d25e075704dbb0 Faulting application path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\MSVCR90.dll Report Id: 8b83c989-caf0-11e6-890b-00038a000015 Error: (12/25/2016 11:21:57 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Explorer.EXE Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: exception code c0000005, exception address 0000000073ADE1AC Error: (12/25/2016 07:00:02 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: The backup did not complete because of an error writing to the backup location M:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). Error: (12/25/2016 03:03:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MusicCLMLSvc.exe, version: 4.3.4503.0, time stamp: 0x4c806a39 Faulting module name: MSVCR80.dll, version: 8.0.50727.6195, time stamp: 0x4dcddbf3 Exception code: 0x40000015 Fault offset: 0x000046b4 Faulting process id: 0xb40 Faulting application start time: 0x01d25eb799437516 Faulting application path: C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\Kernel\CLML\MusicCLMLSvc.exe Faulting module path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll Report Id: db15fb1c-caaa-11e6-890b-00038a000015 Error: (12/25/2016 03:02:54 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MusicCLMLSvc.exe, version: 4.3.4503.0, time stamp: 0x4c806a39 Faulting module name: MSVCR80.dll, version: 8.0.50727.6195, time stamp: 0x4dcddbf3 Exception code: 0x40000015 Fault offset: 0x000046b4 Faulting process id: 0x18c4 Faulting application start time: 0x01d25eb793571ad2 Faulting application path: C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\Kernel\CLML\MusicCLMLSvc.exe Faulting module path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll Report Id: d40ae635-caaa-11e6-890b-00038a000015 Error: (12/25/2016 03:02:46 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MusicCLMLSvc.exe, version: 4.3.4503.0, time stamp: 0x4c806a39 Faulting module name: MSVCR80.dll, version: 8.0.50727.6195, time stamp: 0x4dcddbf3 Exception code: 0x40000015 Fault offset: 0x000046b4 Faulting process id: 0xe50 Faulting application start time: 0x01d25eb78dc11f32 Faulting application path: C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\Kernel\CLML\MusicCLMLSvc.exe Faulting module path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll Report Id: cf5a9302-caaa-11e6-890b-00038a000015 Error: (12/25/2016 03:02:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MusicCLMLSvc.exe, version: 4.3.4503.0, time stamp: 0x4c806a39 Faulting module name: MSVCR80.dll, version: 8.0.50727.6195, time stamp: 0x4dcddbf3 Exception code: 0x40000015 Fault offset: 0x000046b4 Faulting process id: 0x1750 Faulting application start time: 0x01d25eb7829c53fd Faulting application path: C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\Kernel\CLML\MusicCLMLSvc.exe Faulting module path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll Report Id: c9deaf73-caaa-11e6-890b-00038a000015 Error: (12/25/2016 03:02:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MusicCLMLSvc.exe, version: 4.3.4503.0, time stamp: 0x4c806a39 Faulting module name: MSVCR80.dll, version: 8.0.50727.6195, time stamp: 0x4dcddbf3 Exception code: 0x40000015 Fault offset: 0x000046b4 Faulting process id: 0x13a8 Faulting application start time: 0x01d25e9069014b58 Faulting application path: C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\Kernel\CLML\MusicCLMLSvc.exe Faulting module path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll Report Id: ba7bb576-caaa-11e6-890b-00038a000015 System errors: ============= Error: (12/26/2016 01:25:51 PM) (Source: BROWSER) (EventID: 8032) (User: ) Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{28611991-9E63-4AAC-89C9-43D22A3DF324}. The backup browser is stopping. Error: (12/26/2016 12:24:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The HP Support Solutions Framework Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (12/26/2016 12:24:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect. Error: (12/26/2016 12:21:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (12/26/2016 12:21:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (12/26/2016 03:19:38 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout. Error: (12/25/2016 03:42:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Malwarebytes Service service terminated unexpectedly. It has done this 1 time(s). Error: (12/24/2016 08:22:01 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk5\DR5. Error: (12/24/2016 08:22:00 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk5\DR5. Error: (12/24/2016 08:22:00 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk5\DR5. ==================== Memory info =========================== Processor: AMD Phenom(tm) II X6 1045T Processor Percentage of memory in use: 35% Total physical RAM: 10239.29 MB Available physical RAM: 6576.66 MB Total Virtual: 20476.75 MB Available Virtual: 16412.14 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:1384.2 GB) (Free:636.99 GB) NTFS Drive d: (HP_RECOVERY) (Fixed) (Total:12.97 GB) (Free:1.56 GB) NTFS ==>[system with boot components (obtained from drive)] Drive g: () (Removable) (Total:1.84 GB) (Free:1.49 GB) FAT Drive z: (OS) (Network) (Total:1384.2 GB) (Free:636.99 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 1397.3 GB) (Disk ID: D6C1A187) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1384.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS) ======================================================== Disk: 5 (Size: 1.8 GB) (Disk ID: 83E09778) Partition 1: (Not Active) - (Size=1.8 GB) - (Type=06) ==================== End of Addition.txt ============================ |
26.12.2016, 14:18 | #8 |
/// TB-Ausbilder /// Anleitungs-Guru | Adware.1Clickdownload in der Registrydatei Jetzt bitte Suchscan durchführen: Schritt 1 ESET Online Scanner
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
26.12.2016, 14:22 | #9 |
| Adware.1Clickdownload in der RegistrydateiFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016 Ran by Hans (administrator) on HP (26-12-2016 14:20:09) Running from C:\Users\Hans\Desktop\FRST64CODE Loaded Profiles: Hans (Available Profiles: Hans & Marbella) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe () C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\n360.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe () C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe () C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe () C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (AMD) C:\Windows\System32\atieclxx.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\n360.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe () C:\Program Files (x86)\Private Communications\PRIVATE WiFi\PrivateWiFi.exe () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe (© 2015 Microsoft Corporation) C:\Users\Hans\AppData\Local\Microsoft\BingSvc\BingSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Hewlett-Packard Co.) C:\Program Files\hp\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1300570305\ee\aolsoftware.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] () HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-12-29] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1300570305\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.) HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-08-17] (Google Inc.) HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Run: [Google Update] => C:\Users\Hans\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-18] (Google Inc.) HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google) HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Run: [BingSvc] => C:\Users\Hans\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation) HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2016-12-18] (Siber Systems) HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Policies\Explorer: [NoInstrumentation] 1 HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\MountPoints2: E - E:\Setup.exe HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\MountPoints2: F - F:\pushinst.exe HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\MountPoints2: {bd328fcb-9d1b-11e0-a5ab-9205c8b1b65b} - L:\ptcwidget.exe HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\MountPoints2: {c95a38b6-541e-11e0-9bab-00038a000015} - L:\unlock.exe autoplay=true HKU\S-1-5-21-1318442368-710658752-766906897-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2016-11-29] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect" HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> AppInit_DLLs: C:\PROGRA~3\Fast And => No File ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-03-21] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk [2015-08-02] ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\hp\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk [2016-12-26] ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk -> C:\Program Files\hp\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{0A139030-988A-4C2A-B5FD-3F4310FE5301}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{1F0712D9-332F-4E95-B24F-B1360ECDCEC0}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{28611991-9E63-4AAC-89C9-43D22A3DF324}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{299E30CD-576C-419B-93F6-8239956DA413}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{6456FE51-6AB2-4C05-9B9E-4C2402539CAB}: [DhcpNameServer] 66.174.71.33 66.174.95.44 Tcpip\..\Interfaces\{7936B5D6-90BA-4A5C-BCC1-F1E14C260FB5}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{86A2C942-097A-4DFC-A33F-7EB736A8FF7C}: [DhcpNameServer] 75.75.76.76 75.75.75.75 192.168.1.1 Tcpip\..\Interfaces\{88221D92-98E0-427C-AB1D-81121567033F}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{8DD16FC0-FFC4-4201-AE70-6240344B8421}: [DhcpNameServer] 75.75.76.76 75.75.75.75 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=N360&pvid=22.5.5.15 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=N360&pvid=22.5.5.15 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=N360&pvid=22.5.5.15 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=N360&pvid=22.5.5.15 HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=N360&pvid=22.5.5.15 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=N360&pvid=22.5.5.15 HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.com/ HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> DefaultScope value is missing SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> Comcast URL = hxxp://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> {27DEDF55-0D6D-43B1-ACE2-882D2407E616} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}&rlz=1I7ADRA_enUS445 SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> {822B8BEE-AD0F-478D-BBF2-7BE9A8C7CA4F} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation) BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-12-18] (Siber Systems Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-01] (Google Inc.) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-12-18] (Siber Systems Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-08] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-01] (Google Inc.) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-16] (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-08] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.) Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-12-18] (Siber Systems Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-01] (Google Inc.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation) Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-12-18] (Siber Systems Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-16] (Microsoft Corporation.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-01] (Google Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation) Toolbar: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-12-18] (Siber Systems Inc.) Toolbar: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-01] (Google Inc.) DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Hans\AppData\Roaming\TomTom\HOME\Profiles\0mgktzer.default [2015-08-30] FF Extension: (Emulator) - C:\Users\Hans\AppData\Roaming\TomTom\HOME\Profiles\0mgktzer.default\Extensions\Navcore.9.151.605385@tomtom.com [2011-08-20] [not signed] FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2015-08-30] [not signed] FF ProfilePath: C:\Users\Hans\AppData\Roaming\Scendix Software\Fax\Profiles\t825lh6t.default [2015-12-10] FF ProfilePath: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default [2016-12-26] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\03h04r0h.default -> Bing FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\03h04r0h.default -> Bing FF SelectedSearchEngine: Mozilla\Firefox\Profiles\03h04r0h.default -> Bing FF ProfilePath: C:\Users\Hans\AppData\Roaming\Marmiko IT-Solutions GmbH\Browser 7\Profiles\gsljnzx8.default [2015-01-25] FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-12-18] [not signed] FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-12-18] [not signed] FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-12-18] [not signed] FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-12-18] [not signed] FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2016-12-18] FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi FF Extension: (RoboForm Toolbar) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2016-12-18] FF HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-03-21] [not signed] FF HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-18] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-18] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-08] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-08] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1318442368-710658752-766906897-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Hans\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.) FF Plugin HKU\S-1-5-21-1318442368-710658752-766906897-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Hans\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.) FF Plugin HKU\S-1-5-21-1318442368-710658752-766906897-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Hans\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-24] (Unity Technologies ApS) Chrome: ======= CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908&prt=cr CHR DefaultSearchKeyword: Default -> NortonSafe CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\ppGoogleNaClPluginChrome.dll => No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\pdf.dll => No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\gcswf32.dll => No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File CHR Plugin: (RoboForm Plugin for Google Chrome/Opera/etc.) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\plugin/rf-np-plugin.dll (Siber Systems Inc.) CHR Plugin: (Skype Toolbars) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll => No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll => No File CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => No File CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Hans\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll => No File CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC) CHR Profile: C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default [2016-12-24] CHR Extension: (Google Drive) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26] CHR Extension: (Norton Home Page for Chrome) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2016-03-24] CHR Extension: (Google Docs Offline) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18] CHR Extension: (Skype) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-20] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-08-16] CHR Extension: (Norton Safe) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-09-10] CHR Extension: (Chrome Web Store Payments) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (Chrome Media Router) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-05] CHR Extension: (RoboForm Password Manager) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2016-11-13] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\Exts\Chrome.crx [2016-12-18] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-08] CHR HKU\S-1-5-21-1318442368-710658752-766906897-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Hans\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-08-15] CHR HKU\S-1-5-21-1318442368-710658752-766906897-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\Exts\Chrome.crx [2016-12-18] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-08] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-12-29] (Advanced Micro Devices, Inc.) [File not signed] R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.) R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3883544 2016-12-22] (devolo AG) R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1029648 2016-11-29] (Garmin Ltd. or its subsidiaries) R2 GsServer; C:\Program Files\Siber Systems\GoodSync\gs-server.exe [8274576 2014-10-31] () R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.) R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes) R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\N360.exe [289080 2016-11-12] (Symantec Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4369680 2016-01-22] (Symantec Corporation) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288256 2010-11-08] (WDC) [File not signed] R2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1060352 2010-11-08] () [File not signed] R2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [485376 2010-11-08] () [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WLANBelkinService; C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe [36864 2009-12-28] () [File not signed] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-04-29] (AVG Technologies) S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2013-12-17] (AVM Berlin) R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20161220.001\BHDrvx64.sys [1874136 2016-12-13] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1608010.00E\ccSetx64.sys [174328 2016-06-02] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-12-14] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-12-14] (Symantec Corporation) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] () S3 fwlanusb6; C:\Windows\System32\DRIVERS\fwlanusb6.sys [1327744 2014-03-27] (AVM GmbH) R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20161223.002\IDSvia64.sys [1038032 2016-12-13] (Symantec Corporation) R0 MBAMChameleon; C:\Windows\System32\drivers\MBAMChameleon.sys [176064 2016-12-21] (Malwarebytes) R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2016-12-26] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2016-12-26] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2016-12-26] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2016-12-26] (Malwarebytes) S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [File not signed] S3 NPF; C:\Windows\System32\drivers\NPF.sys [40464 2007-11-07] (CACE Technologies) R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [36496 2016-12-22] (Riverbed Technology, Inc.) R3 pwftap; C:\Windows\System32\DRIVERS\pwftap.sys [36736 2013-09-02] (The OpenVPN Project) S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2013-02-07] (Realtek Corporation) R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1608010.00E\SRTSP64.SYS [784624 2016-11-12] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1608010.00E\SRTSPX64.SYS [49400 2016-11-12] (Symantec Corporation) R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1608010.00E\SYMEFASI64.SYS [1628888 2016-11-12] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-12-18] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1608010.00E\Ironx64.SYS [289520 2016-11-12] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1608010.00E\SYMNETS.SYS [567512 2016-11-12] (Symantec Corporation) S3 NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\SDSDefs\20161214.002\ENG64.SYS [X] S3 NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\SDSDefs\20161214.002\EX64.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-26 14:13 - 2016-12-26 14:13 - 00080960 _____ C:\Users\Hans\Desktop\Addition.txt 2016-12-26 13:55 - 2016-12-26 13:55 - 00160759 _____ C:\Users\Hans\Downloads\WEB Complications5-1-09(1).pdf 2016-12-24 17:43 - 2016-12-22 11:06 - 00295936 _____ (Riverbed Technology, Inc.) C:\Windows\SysWOW64\devolopcap.dll 2016-12-24 17:43 - 2016-12-22 11:06 - 00078336 _____ (Riverbed Technology, Inc.) C:\Windows\SysWOW64\devolopacket.dll 2016-12-24 17:43 - 2016-12-22 11:06 - 00036496 _____ (Riverbed Technology, Inc.) C:\Windows\SysWOW64\Drivers\npf_devolo.sys 2016-12-24 15:05 - 2016-12-24 15:05 - 03977168 _____ C:\Users\Hans\Downloads\AdwCleaner_6.041(1).exe 2016-12-24 14:49 - 2016-12-24 14:49 - 00017499 _____ C:\Users\Hans\Desktop\AdwCleaner_6.041(2).exe 2016-12-24 14:33 - 2016-12-24 14:33 - 00039297 _____ C:\Users\Hans\Desktop\AdwCleaner[C0].txt 2016-12-24 14:08 - 2016-12-24 15:21 - 00000000 ____D C:\AdwCleaner 2016-12-24 14:06 - 2016-12-24 14:06 - 03977168 _____ C:\Users\Hans\Downloads\AdwCleaner_6.041.exe 2016-12-24 13:58 - 2016-12-24 13:58 - 00000283 _____ C:\Users\Hans\Desktop\AdwCleaner_6.041.exe.URL 2016-12-23 15:24 - 2016-12-23 15:10 - 00091249 _____ C:\Users\Hans\Documents\FRST.txt 2016-12-23 15:24 - 2016-12-23 15:10 - 00091249 _____ C:\Users\Hans\Desktop\FRST - Copy.txt 2016-12-23 15:13 - 2016-12-26 12:35 - 00000000 ____D C:\Users\Hans\Desktop\FRST64CODE 2016-12-23 14:34 - 2016-12-26 14:20 - 00000000 ____D C:\FRST 2016-12-23 14:34 - 2016-12-23 15:10 - 00091249 _____ C:\Users\Hans\Desktop\FRST.txt 2016-12-23 14:30 - 2016-10-26 16:29 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2016-12-22 18:49 - 2016-12-22 18:57 - 00002704 _____ C:\Users\Hans\Desktop\Rkill.txt 2016-12-22 18:47 - 2016-12-22 18:48 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Hans\Downloads\rkill.exe 2016-12-21 22:53 - 2016-12-21 22:53 - 54199488 _____ (Malwarebytes ) C:\Users\Hans\Downloads\mb3-setup-cb.NT-3.0.5.1299.exe 2016-12-21 21:34 - 2016-12-21 21:35 - 00001038 _____ C:\Users\Marbella\Desktop\AOL Saved Files.lnk 2016-12-21 21:34 - 2016-12-21 21:35 - 00001038 _____ C:\Users\Hans\Desktop\AOL Saved Files.lnk 2016-12-21 21:34 - 2016-12-21 21:35 - 00000010 _____ C:\Windows\msoffice.ini 2016-12-21 21:34 - 2016-12-21 21:35 - 00000000 ____D C:\Users\Hans\Desktop\AOL Saved PFC 2016-12-21 18:10 - 2016-12-21 18:10 - 00001053 _____ C:\Users\Hans\Desktop\MALWARE REPORT 21122016.txt 2016-12-21 15:05 - 2016-12-26 12:22 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2016-12-21 15:05 - 2016-12-26 12:22 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2016-12-21 15:05 - 2016-12-26 12:22 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-12-21 15:05 - 2016-12-21 15:05 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2016-12-21 15:04 - 2016-12-26 12:21 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-12-21 15:04 - 2016-12-23 10:59 - 00001877 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2016-12-21 15:04 - 2016-12-23 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2016-12-21 15:04 - 2016-12-21 15:04 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-12-21 15:04 - 2016-12-21 15:04 - 00000000 ____D C:\Program Files\Malwarebytes 2016-12-21 15:04 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys 2016-12-21 14:59 - 2016-12-21 14:59 - 54199488 _____ (Malwarebytes ) C:\Users\Hans\Downloads\mb3-setup-consumer-3.0.5.1299.exe 2016-12-18 16:23 - 2016-12-18 16:23 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk 2016-12-18 16:23 - 2016-12-18 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2016-12-18 16:20 - 2016-12-18 16:20 - 00000000 ____D C:\Program Files\iPod 2016-12-18 15:15 - 2016-12-18 15:15 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360 2016-12-18 15:09 - 2016-12-18 15:09 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration 2016-12-18 13:11 - 2016-12-26 13:11 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForHans 2016-12-18 13:11 - 2016-12-26 13:11 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForHans.job 2016-12-18 12:13 - 2016-12-18 15:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-12-14 20:56 - 2016-12-18 15:09 - 00002108 _____ C:\Users\Public\Desktop\Norton 360.lnk 2016-12-14 20:08 - 2016-12-23 10:59 - 00572736 _____ C:\Windows\ntbtlog.txt 2016-12-14 18:58 - 2016-12-18 15:09 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 2016-12-11 18:21 - 2016-12-11 18:21 - 00033593 _____ C:\Users\Hans\Downloads\SKM_554e16120814300.pdf 2016-12-11 18:19 - 2016-12-11 18:19 - 00681846 _____ C:\Users\Hans\Downloads\Iban Mama Konto.pdf 2016-12-11 18:19 - 2016-12-11 18:19 - 00681846 _____ C:\Users\Hans\Downloads\Iban Mama Konto(1).pdf 2016-12-11 18:08 - 2016-12-11 18:08 - 00071409 _____ C:\Users\Hans\Downloads\82467005_2016_Nr.011_Kontoauszug_vom_30.11.2016_20161211060841.pdf 2016-12-11 15:14 - 2016-12-18 11:51 - 00100592 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 2016-12-11 15:14 - 2016-12-18 11:51 - 00008319 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT 2016-12-11 15:14 - 2016-12-11 15:14 - 00000000 ____D C:\Program Files (x86)\Norton 360 2016-12-10 15:43 - 2016-12-10 15:43 - 00084162 _____ C:\Users\Hans\Downloads\19.pdf 2016-12-10 15:43 - 2016-12-10 15:43 - 00084162 _____ C:\Users\Hans\Downloads\19 (1).pdf 2016-12-10 15:11 - 2016-12-26 12:25 - 00000000 ____D C:\ProgramData\boost_interprocess 2016-12-10 15:10 - 2016-12-10 15:10 - 00002099 _____ C:\Users\Public\Desktop\Norton Online Backup.lnk 2016-12-10 15:10 - 2016-12-10 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online Backup 2016-12-10 15:10 - 2016-12-10 15:10 - 00000000 ____D C:\Program Files (x86)\Symantec 2016-12-10 15:08 - 2016-12-10 15:08 - 12590864 _____ (Symantec Corporation) C:\Users\Hans\Downloads\NortonOnlineBackup.exe 2016-12-10 14:51 - 2016-12-10 14:51 - 00900344 _____ C:\Users\Hans\Desktop\Norton_Removal_Tool.exe 2016-12-10 14:49 - 2016-12-10 14:49 - 00860112 _____ (Igor Pavlov) C:\Users\Hans\Desktop\NortonMountPointRepairExtractor.exe 2016-12-05 22:39 - 2016-12-05 22:39 - 02103882 _____ C:\Users\Hans\Downloads\Instructions_on_setting_up_auto_epay.pdf 2016-12-04 18:13 - 2016-12-04 18:13 - 01615493 _____ C:\Users\Hans\Downloads\JotNot_12-03-2016.pdf 2016-12-04 14:38 - 2016-12-04 14:38 - 00361536 _____ C:\Users\Hans\Downloads\kopierer@uni.trier.de_20160825_105307(1).pdf 2016-12-02 17:45 - 2016-12-02 17:45 - 01136903 _____ C:\Users\Hans\Downloads\lika1478120034(1) (1).pdf 2016-12-02 16:05 - 2016-12-02 16:05 - 00001771 _____ C:\Users\Public\Desktop\Garmin Express.lnk 2016-11-27 16:46 - 2016-11-27 16:46 - 00543669 _____ C:\Users\Hans\Downloads\Maria Sozialversicherung - 6 Jan 2015 - 15-49.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-26 14:17 - 2012-07-26 23:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-12-26 14:01 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing 2016-12-26 12:42 - 2016-11-22 20:03 - 00000000 ____D C:\Users\Hans\AppData\LocalLow\Mozilla 2016-12-26 12:32 - 2009-07-14 05:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-12-26 12:32 - 2009-07-14 05:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-12-26 12:28 - 2009-07-14 06:13 - 00006230 _____ C:\Windows\system32\PerfStringBackup.INI 2016-12-26 12:24 - 2015-08-15 18:15 - 00000000 ___RD C:\Users\Hans\Google Drive 2016-12-26 12:21 - 2013-06-08 16:26 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job 2016-12-26 12:21 - 2013-05-31 19:22 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2016-12-26 12:20 - 2013-02-02 22:36 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2016-12-26 12:19 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-12-26 12:19 - 2009-07-14 05:45 - 00355656 _____ C:\Windows\system32\FNTCACHE.DAT 2016-12-26 03:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\Dism 2016-12-26 03:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\Dism 2016-12-25 19:03 - 2011-02-15 03:38 - 00000000 ____D C:\ProgramData\PDFC 2016-12-25 15:03 - 2011-04-17 01:02 - 00000000 ____D C:\Users\Hans\AppData\Local\CrashDumps 2016-12-24 17:46 - 2016-02-17 09:53 - 00000000 ____D C:\Program Files (x86)\devolo 2016-12-24 14:15 - 2011-04-22 16:07 - 00000000 ____D C:\Users\Hans\AppData\LocalLow\Yahoo! 2016-12-24 14:02 - 2014-03-15 23:48 - 00000000 ____D C:\Users\Hans\Documents\Snipping Tool 2016-12-24 14:00 - 2015-07-31 10:07 - 00000000 ____D C:\Windows\System32\Tasks\Remediation 2016-12-22 18:36 - 2015-03-08 09:55 - 00000000 ____D C:\Users\Hans\Downloads\PL2303_Prolific_DriverInstaller_v1_10_0_20140925 2016-12-22 18:15 - 2014-04-08 00:52 - 00000000 ____D C:\Users\Hans\AppData\Local\TB 2016-12-22 16:04 - 2014-11-06 00:43 - 00000000 ____D C:\Program Files\Wondershare 2016-12-21 21:55 - 2011-03-19 22:25 - 00000000 ____D C:\ProgramData\AOL Downloads 2016-12-21 21:36 - 2011-03-19 22:32 - 00000000 ____D C:\Users\Hans\AppData\Local\AOL 2016-12-21 21:35 - 2014-09-27 18:03 - 00000000 ____D C:\Users\Public\Documents\AOL Downloads 2016-12-21 21:35 - 2011-03-19 22:34 - 00000000 ____D C:\Users\Hans\AppData\Roaming\AOL 2016-12-21 21:35 - 2011-03-19 22:31 - 00000000 ____D C:\ProgramData\AOL 2016-12-18 16:23 - 2014-03-15 15:35 - 00000000 ____D C:\Program Files\iTunes 2016-12-18 16:20 - 2011-04-17 01:09 - 00000000 ____D C:\Program Files\Common Files\Apple 2016-12-18 15:09 - 2015-05-09 15:53 - 00000000 ____D C:\Windows\system32\Drivers\N360x64 2016-12-18 15:05 - 2016-10-15 09:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-12-18 13:18 - 2012-07-26 23:29 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-12-18 13:18 - 2012-04-09 23:04 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-12-18 13:18 - 2011-05-14 22:11 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-12-18 13:17 - 2011-10-23 02:51 - 00000000 ____D C:\Windows\system32\Macromed 2016-12-18 13:17 - 2011-02-15 03:15 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-12-18 11:59 - 2016-04-09 14:26 - 00004130 _____ C:\Windows\System32\Tasks\Open URL by RoboForm 2016-12-18 11:59 - 2012-06-15 21:37 - 00003478 _____ C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon 2016-12-18 11:59 - 2011-10-17 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm 2016-12-18 11:59 - 2011-08-23 02:47 - 00002070 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-12-18 11:59 - 2011-08-23 02:47 - 00002058 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-12-18 11:51 - 2015-08-15 18:13 - 00001929 _____ C:\Users\Public\Desktop\Google Slides.lnk 2016-12-18 11:51 - 2015-08-15 18:13 - 00001927 _____ C:\Users\Public\Desktop\Google Sheets.lnk 2016-12-18 11:51 - 2015-08-15 18:13 - 00001917 _____ C:\Users\Public\Desktop\Google Docs.lnk 2016-12-18 11:51 - 2015-08-15 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2016-12-18 11:38 - 2015-08-15 17:35 - 00003502 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1318442368-710658752-766906897-1000UA 2016-12-18 11:38 - 2015-08-15 17:35 - 00003230 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1318442368-710658752-766906897-1000Core 2016-12-18 11:38 - 2011-08-17 23:29 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-12-18 11:38 - 2011-08-17 23:29 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-12-18 11:27 - 2009-07-14 06:08 - 00032612 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-12-14 20:42 - 2011-09-04 17:52 - 00000000 ____D C:\Users\Hans\AppData\Local\NPE 2016-12-14 20:28 - 2015-12-22 13:03 - 00000000 ____D C:\NPE 2016-12-12 21:48 - 2011-02-15 03:52 - 00000000 ____D C:\ProgramData\Norton 2016-12-12 21:47 - 2015-05-09 15:55 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared 2016-12-11 17:28 - 2011-02-15 03:51 - 00000000 ____D C:\Program Files (x86)\NortonInstaller 2016-12-10 16:41 - 2011-08-17 23:29 - 00000000 ____D C:\Users\Hans\AppData\Local\Google 2016-12-10 10:40 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2016-12-04 22:57 - 2011-03-20 20:41 - 00000000 ____D C:\Users\Hans\AppData\Roaming\Skype 2016-12-04 18:14 - 2012-10-03 23:52 - 00000000 ____D C:\Users\Hans\Documents\Marbella 2016-12-02 17:17 - 2011-04-23 15:43 - 00000000 ____D C:\Users\Hans\Documents\My Scans 2016-12-02 16:07 - 2015-07-26 18:07 - 00000000 ____D C:\ProgramData\Package Cache 2016-12-02 16:06 - 2015-07-26 18:14 - 00000000 ____D C:\Program Files (x86)\Garmin 2016-12-02 16:05 - 2016-09-25 12:21 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask 2016-12-02 16:05 - 2016-04-29 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2016-11-28 19:38 - 2011-03-20 20:40 - 00000000 ____D C:\ProgramData\Skype 2016-11-28 19:37 - 2011-03-20 20:40 - 00000000 ___RD C:\Program Files (x86)\Skype ==================== Files in the root of some directories ======= 2011-06-19 20:08 - 2011-06-19 20:08 - 0001854 _____ () C:\Users\Hans\AppData\Roaming\GhostObjGAFix.xml 2014-01-12 01:44 - 2014-01-12 01:45 - 55694664 _____ (Igor Pavlov) C:\Users\Hans\AppData\Roaming\SUPRAUpdatePaket.exe 2014-01-27 00:16 - 2014-01-28 16:20 - 0000139 _____ () C:\Users\Hans\AppData\Roaming\WB.CFG 2014-01-27 00:16 - 2014-01-28 16:20 - 0000005 _____ () C:\Users\Hans\AppData\Roaming\WBPU-TTL.DAT 2011-03-25 23:20 - 2014-11-01 17:01 - 0001370 _____ () C:\Users\Hans\AppData\Roaming\wklnhst.dat 2012-01-08 18:37 - 2015-08-19 17:43 - 0007598 _____ () C:\Users\Hans\AppData\Local\Resmon.ResmonCfg 2015-03-07 15:09 - 2015-03-07 15:09 - 0000057 _____ () C:\ProgramData\Ament.ini 2011-03-20 20:42 - 2011-03-20 20:42 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2011-03-19 23:18 - 2012-09-15 20:23 - 0004971 _____ () C:\ProgramData\hpzinstall.log Some files in TEMP: ==================== C:\Users\Hans\AppData\Local\Temp\RoboForm-Setup.exe C:\Users\Hans\AppData\Local\Temp\uninst.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-09-29 03:22 ==================== End of FRST.txt ============================ |
26.12.2016, 14:23 | #10 |
| Adware.1Clickdownload in der RegistrydateiCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016 Ran by Hans (26-12-2016 14:20:43) Running from C:\Users\Hans\Desktop\FRST64CODE Windows 7 Home Premium Service Pack 1 (X64) (2011-03-17 02:01:40) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1318442368-710658752-766906897-500 - Administrator - Disabled) Guest (S-1-5-21-1318442368-710658752-766906897-501 - Administrator - Disabled) Hans (S-1-5-21-1318442368-710658752-766906897-1000 - Administrator - Enabled) => C:\Users\Hans HomeGroupUser$ (S-1-5-21-1318442368-710658752-766906897-1002 - Administrator - Enabled) Marbella (S-1-5-21-1318442368-710658752-766906897-1004 - Administrator - Enabled) => C:\Users\Marbella ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton 360 Online (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton 360 Online (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} FW: Norton 360 Online (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Acronis Universal Boot Media Builder (HKLM-x32\...\{8FAB072E-6028-4BCD-A6CD-D179E4860073}) (Version: 11.5.38938 - Acronis) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated) Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated) Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) ATI Catalyst Install Manager (HKLM\...\{3A477F94-D551-17B2-26A5-7AD895F6C8BA}) (Version: 3.0.804.0 - ATI Technologies, Inc.) ATI Problem Report Wizard (Version: 3.0.804.0 - ATI Technologies) Hidden ATI Stream SDK v2 Developer (HKLM\...\{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}) (Version: 2.2.0.0 - ATI Technologies Inc.) AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin) AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version: - AVM Berlin) AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: 1.2.0.0 - AVM Berlin) Bing Bar (HKLM-x32\...\{6F6D8BC6-CE36-493B-996F-04CD8CCC35A8}) (Version: 7.0.614.0 - Microsoft Corporation) Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden C309a (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden calibre (HKLM-x32\...\{B5BF7B43-E13D-4A76-9F8F-E933817131EC}) (Version: 0.8.63 - Kovid Goyal) ccc-core-static (x32 Version: 2010.1228.2239.40637 - ATI) Hidden Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.3.11006.1 - Cisco Consumer Products LLC) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden devolo Cockpit (HKLM-x32\...\dlancockpit) (Version: 4.3.2.0 - devolo AG) DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard) DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden Elevated Installer (x32 Version: 4.5.0.0 - Garmin Ltd or its subsidiaries) Hidden Fax (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Garmin City Navigator Europe NTU 2017.10 (HKLM-x32\...\{081E9129-B930-41D5-832A-AD01B4B7B164}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM-x32\...\{00bf033c-5ade-400f-a174-be74932eebc6}) (Version: 4.5.0.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 4.5.0.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 4.5.0.0 - Garmin Ltd or its subsidiaries) Hidden GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 9.9.10.5 - Siber Systems) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.) Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.) Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google) Google Photos Backup (HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4725 - Hewlett-Packard) HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard) HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard) HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard) HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard) HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}) (Version: 1.0.4.0 - Hewlett-Packard) HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP Photosmart 7520 series Basic Device Software (HKLM\...\{27ABA988-D480-4F44-B0FD-45E5656D2CFE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Photosmart 7520 series Help (HKLM-x32\...\{08295D09-E002-48F8-905D-34E4B08509BA}) (Version: 28.0.0 - Hewlett Packard) HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 5 (HKLM\...\{71C4F928-136A-4222-A191-310E081FB96B}) (Version: 14.0 - HP) HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company) HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.3.34.7 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard) HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.5.32.37 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden HydraVision (x32 Version: 4.2.184.0 - ATI Technologies Inc.) Hidden iCloud (HKLM\...\{CE29BC77-C5AE-49D8-A8C0-FDAF6ACF74DF}) (Version: 6.0.1.41 - Apple Inc.) iMazing 1.2.3.0 (HKLM\...\iMazing_is1) (Version: 1.2.3.0 - DigiDNA) iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.) Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.3130 - CyberLink Corp.) Hidden LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe) Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes) MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Streets & Trips 2010 (HKLM-x32\...\{C82185E8-C27B-4EF4-2010-4444BC2C2B6D}) (Version: 17.0.18.2200 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard) Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden Norton 360 Online (HKLM-x32\...\N360) (Version: 22.8.1.14 - Symantec Corporation) Norton Online Backup (HKLM-x32\...\{652C1CDF-C61D-4525-9348-8C272CC2DB24}) (Version: 2.10.3.20 - Symantec Corporation) OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP) OneTouch(R) Software v2.3.3 (HKLM-x32\...\{82FEBE5D-61EC-4365-A213-2B278780945E}) (Version: - ) Open eCard App (HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Open eCard App) (Version: - ecsec GmbH) PamFax (HKLM-x32\...\{6432B21C-CA95-46CA-87D4-178CC2E58F84}_is1) (Version: 3.4.6.11 - Scendix Software GmbH) PamFax Office Integration (x32 Version: 1.0.2 - Scendix Software GmbH) Hidden PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.9 - PDF Complete, Inc) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 0.9.9 - Frank Heindörfer, Philip Chinery) Photo Transfer App (HKLM-x32\...\com.erclab.air.phototransferapp) (Version: 2.1.0 - UNKNOWN) PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.) PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.) PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company) PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.10.0 - Prolific Technology INC) Play Wireless USB Adapter (HKLM-x32\...\InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}) (Version: 1.0.0.03 - Belkin) Play Wireless USB Adapter (x32 Version: 1.0.0.03 - Belkin) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975E}) (Version: 5.10.1102.0 - NewspaperDirect Inc.) PRIVATE WiFi (HKLM-x32\...\PRIVATE WiFi) (Version: 4.0 - Private Communications) PRIVATE WiFi (x32 Version: 4.0 - Private Communications) Hidden PS_AIO_05_C309_Software_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden Quicken WillMaker Plus 2013 (HKLM-x32\...\{8065044B-2AF3-434E-A6E2-B7C60CDB978B}) (Version: 1.0.0.0 - Nolo) QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.) QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: - Ralink) Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 2.0.2.3 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.) Realtek PCI Fast Ethernet Controller Driver For Vista and Win7 (HKLM-x32\...\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}) (Version: 1.00.0005 - Realtek) Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden Renee Undeleter 2014.10.22.00 (HKLM-x32\...\{EE1F41BE-6DBD-44AE-9F97-4D7F9227329D}_is1) (Version: 2014.10.22.00 - Rene.E Laboratory) RoboForm 7-9-25-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-25-5 - Siber Systems) Rosetta Stone Ltd Services (HKLM-x32\...\{FFF186B6-4D02-4D8D-A776-C43E062E01A9}) (Version: 3.2.18 - Rosetta Stone Ltd.) RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow) Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.) SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden supra IPCam (HKLM-x32\...\{0F951D9B-4239-4667-9DAF-EECC086EDCC4}) (Version: 1.5.1.0 - SUPRA Foto-Elektronik-Vertriebs-GmbH) TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - TomTom) TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Unity Web Player (HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\UnityWebPlayer) (Version: 5.0.0f4 - Unity Technologies ApS) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.) WD SmartWare (HKLM\...\{B6FD23F0-1047-4088-94BF-B137D4D17CD8}) (Version: 1.4.3.4 - Western Digital) WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden WePrint (HKLM-x32\...\WePrint) (Version: - EuroSmartz Ltd) Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1318442368-710658752-766906897-1000_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {184EEF5E-9468-D082-087F-3FE985889A47} => No File CustomCLSID: HKU\S-1-5-21-1318442368-710658752-766906897-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File CustomCLSID: HKU\S-1-5-21-1318442368-710658752-766906897-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Hans\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1318442368-710658752-766906897-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Hans\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1318442368-710658752-766906897-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Hans\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1318442368-710658752-766906897-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Hans\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1318442368-710658752-766906897-1000_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {1F615683-9468-D082-D5C6-10EE85889A47} => No File CustomCLSID: HKU\S-1-5-21-1318442368-710658752-766906897-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Hans\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1318442368-710658752-766906897-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Hans\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1318442368-710658752-766906897-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Hans\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1318442368-710658752-766906897-1000_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {4193C6FE-9468-D082-A856-E2B085889A47} => No File CustomCLSID: HKU\S-1-5-21-1318442368-710658752-766906897-1000_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {43941B6A-9468-D082-3C8B-E5B285889A47} => No File CustomCLSID: HKU\S-1-5-21-1318442368-710658752-766906897-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Hans\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {10796713-0063-4B32-8A78-B873BE77DBA6} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {1D64FB75-D943-431B-8835-52AF96666BF1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-18] (Adobe Systems Incorporated) Task: {33FB46C3-E657-4A0C-A4EA-076217270422} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{7CEE726A-56A1-490D-8C84-55315C9435CB}.exe <==== ATTENTION Task: {36B3B5A3-A9FB-427C-9B05-5B42A39326A0} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft) Task: {37488BD0-A007-4EA2-881F-566B0926B979} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{2EB2CF9B-E7A1-4062-8C97-868377C31D43}.exe <==== ATTENTION Task: {3EF96DF7-9ACB-4F67-95CD-D967ADB86C1E} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\SymErr.exe [2016-11-12] (Symantec Corporation) Task: {4692F4C2-9431-44A6-AD2B-44AC430CD24D} - System32\Tasks\{48B7BDFC-4CCB-4967-83DA-356ED166156E} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.0.106/en/go/help.faq.installer?LastError=1618 Task: {52892579-15E1-46BF-A782-D9F7321A4D49} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\WSCStub.exe [2016-11-12] (Symantec Corporation) Task: {5552584A-E003-444A-8C81-6ADEC538FFA5} - System32\Tasks\HP Photosmart 7520 series.exe_{75631CDB-012B-4DDA-B018-BB4C139E8D2F} => C:\Program Files\hp\HP Photosmart 7520 series\Bin\HP Photosmart 7520 series.exe [2012-10-17] (Hewlett-Packard Co.) Task: {578D6C45-32CD-4CAB-ABC3-8C34897D9E3C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated) Task: {594D6F95-94C2-478E-8109-DB0C8136B92E} - System32\Tasks\VpnClientLaunch => C:\Program Files (x86)\Private Communications\PRIVATE WiFi\PrivateWiFi.exe [2014-01-20] () Task: {601A49B6-54FD-4C59-B918-D153D2915839} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.) Task: {616F185A-B7F2-4AD0-8418-CEFF822D3BB8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {6F1B8354-29CA-4F27-8B95-8C5CE7B30CD9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {71C7F787-9A42-4DB7-ACFC-59F94CD02061} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-11-29] () Task: {76231766-30CB-4577-BECF-DAC5BC0C37B7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1318442368-710658752-766906897-1000Core => C:\Users\Hans\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {76B2B6C3-D7EC-48E9-B271-056732D9F7D1} - System32\Tasks\{7795B30C-C068-4F9C-8BC4-4CEE68A47344} => pcalua.exe -a E:\Setup.exe -d E:\ Task: {7AD87218-9570-491B-BA68-A6D97A15E288} - System32\Tasks\{FBAB3ECF-D9EC-40EF-8224-753AD38A84DC} => pcalua.exe -a E:\setup.exe -d E:\ Task: {7B151E5C-BD82-46CD-9804-DE7F66875ED7} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\SymErr.exe [2016-11-12] (Symantec Corporation) Task: {81D9A4BD-8188-4555-8A57-44DD59A356BA} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {8DF7292E-F875-4FD7-BAF7-8694BB7B57EF} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2016-12-18] (Siber Systems) Task: {8F01EF67-BA83-4338-ABDB-F3143D3B32C4} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {8F9103A3-46B4-422D-8E1A-9DE1213E59D1} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMKJJJKJOJMMKJHMGMCNJJOMKMNMCNLMJJLMLJCNGMMMJMJJCNMJPMKJGMPMIMOMNMMJKMLMPMJNJICMIMCNNMCNHMFMHMCNPMCNIMJMPMOMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMEKMICNJJCKFMNMOMJNHICMEKMICNJJCKJNBJCMHLOJBJMIJNKJCMJNNICMJNDJCMKJBJ" Task: {92534D16-4566-4109-B0BF-42E6854A5877} - System32\Tasks\ScanToPCActivationApp.exe_{4BA910AC-329C-447C-9265-D8D3D53A007A} => C:\Program Files\hp\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2012-10-17] (Hewlett-Packard Co.) Task: {95275872-6AE6-457D-9C69-AED33FD28FF7} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {A06DBFEF-4C35-4C3D-9CDF-D06F24E262B6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PendingActionAlert => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\PendingActionAlert.exe [2016-07-26] (HP Inc.) Task: {A7B9BEFE-AAE8-4123-8E9D-697D5D7F8E12} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1318442368-710658752-766906897-1000UA => C:\Users\Hans\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {B0E58F43-5085-450C-B1DB-18E1A581A93A} - System32\Tasks\{A0B13255-1DE7-4900-BFDE-653A9A60E784} => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe Task: {B6028358-8582-4B28-9071-0A5AB67A9F64} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe Task: {BDA060FD-B377-4E5E-AE68-325E00F011FB} - System32\Tasks\VpnClientStartOnLogon => C:\Program Files (x86)\Private Communications\PRIVATE WiFi\PrivateWiFi.exe [2014-01-20] () Task: {BF20C3DC-72F5-4FB2-B5D3-457B81B7E804} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.) Task: {C12EA1EF-DEDB-4241-8A86-DA39962AB73A} - System32\Tasks\{DF630C77-236D-4DF0-9676-E27EC49CCEEE} => pcalua.exe -a "C:\Program Files (x86)\YouTube Accelerator\YTAUninstall.exe" Task: {C6213C5C-987B-44E5-9392-0FC86DDE1600} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.) Task: {C9E872E2-9128-46E4-A055-04435B211672} - System32\Tasks\HPCeeScheduleForHans => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard) Task: {D092708F-5013-44A1-B89B-EADF301BFDD7} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360 Online\Upgrade.exe [2016-11-12] (Symantec Corporation) Task: {D3A2B05D-CD71-435A-BC9E-6E410B8FDBFC} - System32\Tasks\{4F7D4B18-7E66-4B2A-B698-17038513F71D} => pcalua.exe -a "C:\Users\Hans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G51NILFA\XvidSetup[1].exe" -d C:\Users\Hans\Desktop Task: {DF7002FE-D642-4CA8-AE97-FD83082107B3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-10-31] (HP Inc.) Task: {ECE71B23-7990-473B-97D5-6787418482D5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard) Task: {EDDC7943-918B-43C8-A542-5EA25A8F12AD} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.) Task: {F015E1A3-CF4B-4D60-89F2-925385605106} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {F0F8B06E-E38B-475C-B919-9A33937A6804} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMKJJJKJOJMMKJHMGMCNJJOMKMNMCNLMJJLMLJCNGMMMJMJJCNMJPMKJGMPMIMOMNMMJKMLMPMJNJICMIMCNGMCNNMKMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMNMPMGMMMJNHICMMJBJKJLIMJJNBJCMHLOJBJMIPNNKKJGJLIKJNIJNKJCMJNNICMJNDJCM (the data entry has 61 more characters). Task: {FB3E8DB3-828A-457E-A888-162E9154651D} - System32\Tasks\Run RoboForm Process => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2016-12-18] (Siber Systems) Task: {FB5D686E-1980-4C7E-805A-0F8D6051895A} - System32\Tasks\ScanToPCActivationApp.exe_{023EC9AC-55C9-4501-9299-EE3D85F55D67} => C:\Program Files\hp\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2012-10-17] (Hewlett-Packard Co.) Task: {FC7F25CE-B4A2-4A88-9254-DD1633BC1A60} - System32\Tasks\{5662C7CD-9A6D-468B-B1DE-D2EF1D703F6C} => Chrome.exe hxxp://ui.skype.com/ui/0/5.5.0.124/en/go/help.faq.installer?LastError=1603 Task: {FFD0B41E-20EC-44F7-922C-9D95BA90C03F} - System32\Tasks\{8611CA82-0EBD-4FF1-84EF-EA5C3E8377E3} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2016-11-15] (Skype Technologies S.A.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{2EB2CF9B-E7A1-4062-8C97-868377C31D43}.exe <==== ATTENTION Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{7CEE726A-56A1-490D-8C84-55315C9435CB}.exe <==== ATTENTION Task: C:\Windows\Tasks\HPCeeScheduleForHans.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open eCard\Open eCard App.lnk -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\javaws.exe (Oracle Corporation) -> -localfile -offline -J-Djnlp.application.href=hxxp://jnlp.openecard.org/openecard.jnlp "C:\Users\Hans\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\40b8c089-2c4aa136" ==================== Loaded Modules (Whitelisted) ============== 2012-07-28 15:35 - 2005-03-12 05:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll 2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-11-17 01:28 - 2016-11-17 01:28 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-10-31 16:29 - 2014-10-31 16:29 - 08274576 _____ () C:\Program Files\Siber Systems\GoodSync\gs-server.exe 2010-11-08 16:43 - 2010-11-08 16:43 - 01060352 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe 2010-11-08 16:43 - 2010-11-08 16:43 - 00485376 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe 2009-12-28 23:25 - 2009-12-28 23:25 - 00036864 ____N () C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe 2010-12-29 03:49 - 2010-12-29 03:49 - 00079872 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Services.dll 2016-12-21 15:04 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2016-12-21 15:04 - 2016-12-14 12:55 - 02247632 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2016-12-21 15:04 - 2016-12-14 12:55 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll 2014-01-20 12:39 - 2014-01-20 12:39 - 01776104 _____ () C:\Program Files (x86)\Private Communications\PRIVATE WiFi\PrivateWiFi.exe 2010-09-15 19:31 - 2010-09-15 19:31 - 00611896 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe 2010-12-29 03:50 - 2010-12-29 03:50 - 00101888 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2010-04-12 21:59 - 2010-04-12 21:59 - 00098304 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2016-11-29 13:41 - 2016-11-29 13:41 - 00073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll 2010-03-05 14:24 - 2010-03-05 14:24 - 00886272 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll 2016-12-26 12:23 - 2016-12-26 12:23 - 00098816 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\win32api.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00110080 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\pywintypes27.dll 2016-12-26 12:23 - 2016-12-26 12:23 - 00364544 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\pythoncom27.dll 2016-12-26 12:23 - 2016-12-26 12:23 - 00320512 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\win32com.shell.shell.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00914432 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\_hashlib.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 01176576 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\wx._core_.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00806400 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\wx._gdi_.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00816128 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\wx._windows_.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 01067008 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\wx._controls_.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00733184 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\wx._misc_.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00682496 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\pysqlite2._sqlite.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00088064 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\_ctypes.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00686080 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\unicodedata.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00119808 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\win32file.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00108544 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\win32security.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00007168 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\hashobjs_ext.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00017920 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\thumbnails_ext.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00088064 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\usb_ext.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00012800 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\common.time34.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00018432 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\win32event.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00167936 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\win32gui.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00046080 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\_socket.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 01303552 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\_ssl.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00128512 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\_elementtree.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00127488 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\pyexpat.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00038912 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\win32inet.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00036864 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\_psutil_windows.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00524248 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\windows._lib_cacheinvalidation.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00011264 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\win32crypt.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00123392 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\wx._wizard.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00077312 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\wx._html2.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00027648 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\_multiprocessing.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00020480 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\_yappi.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00035840 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\win32process.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00078848 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\wx._animate.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00024064 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\win32pipe.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00010240 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\select.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00025600 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\win32pdh.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00017408 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\win32profile.pyd 2016-12-26 12:23 - 2016-12-26 12:23 - 00022528 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI45842\win32ts.pyd ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:1CE11B51 [110] AlternateDataStreams: C:\ProgramData\Temp:56E2E879 [146] AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1 [226] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2015-10-21 16:30 - 00000828 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1318442368-710658752-766906897-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk => C:\Windows\pss\WDDMStatus.lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: HP Photosmart 7520 series (NET) => "C:\Program Files\hp\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe" -deviceID "TH47U711DG05YY:NW" -scfn "HP Photosmart 7520 series (NET)" -AutoStart 1 MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{9B927DAF-DFCE-4F2C-BD25-F68977B0C822}] => c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE FirewallRules: [{A1C28D32-01CF-4D65-9F0A-135CC66414EE}] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe FirewallRules: [{5F211B78-4806-4520-BEC0-94C68FF4296E}] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe FirewallRules: [{F3396345-4776-4A31-87A3-67160454DAC7}] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe FirewallRules: [{502E4A0D-1381-4735-97B3-498D2844A38C}] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe FirewallRules: [{9E74DF6D-1E1C-4F93-9741-20C444581E7C}] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe FirewallRules: [{17E76C50-54F8-453E-85AE-B80FEFBBD089}] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe FirewallRules: [{6B3404CE-10EB-45B0-8E83-E16E1280C44D}] => C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe FirewallRules: [{8CE814F9-EF98-456B-AB51-EAB0287DF2E8}] => C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe FirewallRules: [{24852412-F02A-46FF-8D07-D37526D6F59B}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe FirewallRules: [{68D7AF91-8E5D-46CC-8A0C-73E1A7BAEF23}] => C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe FirewallRules: [{F9B15431-9A4D-46B2-A3C1-5176F5D6F4E6}] => C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe FirewallRules: [{34EFA4DF-1952-485C-A0B7-D89BD62132A6}] => C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe FirewallRules: [{FAD4DB23-C1BD-494D-9D6C-95BC498CBEE3}] => C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe FirewallRules: [{00E46BAC-0243-427D-A2D3-DF73F8F5370A}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{9F2AC7B9-E970-45B8-A69F-ECC21372A14C}] => LPort=2869 FirewallRules: [{6113AAF1-7812-42B7-8DAB-B8D78AC6C2AC}] => LPort=1900 FirewallRules: [{DA867B80-D4C3-43DE-AF06-FAA4C156D4BA}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{CF9C63C2-8ACD-478A-9DB5-13BA17762A74}] => C:\Windows\System32\migwiz\migwiz.exe FirewallRules: [{6B033669-6A0D-4F87-9B12-62850DF1C768}] => C:\Windows\System32\migwiz\migwiz.exe FirewallRules: [{B154CBD0-CA22-4DD2-A41C-C07BEC55A8CE}] => LPort=7000 FirewallRules: [{E2C0C286-949C-4053-ABF1-CE8D16F4D884}] => LPort=7000 FirewallRules: [{22FBEA7F-DF03-455F-8DD8-4EC2F9C21CF0}] => C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe FirewallRules: [{88AF6575-EA88-441D-9B86-A6682F20596A}] => C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe FirewallRules: [{93A13917-26B2-4AC5-B9E5-AA86F55299D5}] => C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe FirewallRules: [{BFAEF415-2E1D-4550-A5DA-1643937C7500}] => C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe FirewallRules: [{759F96A9-71D8-47ED-813C-1D71740025B4}] => C:\Program Files (x86)\Common Files\AOL\1300570305\ee\aolsoftware.exe FirewallRules: [{D520EA39-6045-4281-AC80-03BBE80574E1}] => C:\Program Files (x86)\Common Files\AOL\1300570305\ee\aolsoftware.exe FirewallRules: [{CC2EC28A-6496-40B2-B612-07E0583AE75C}] => C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe FirewallRules: [{61FDF4D2-BB4F-45A4-A13B-223BFDC79C38}] => C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe FirewallRules: [{D395B590-70EC-4F83-97DB-F8E282445BBF}] => E:\setup\hpznui40.exe FirewallRules: [{EB5E634D-ED2B-4EC9-95A7-7B5679121951}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{180AD2E0-4620-4054-BD81-9DCE13FB1EA2}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{C7A4FB00-5AF1-4F87-8F61-82F01F0D9436}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe FirewallRules: [{B478AF90-08E6-4CD9-A706-0F0DBDD51BD3}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe FirewallRules: [{4A4D1778-634F-47FF-932C-20A33C53E2DA}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{30A2D92D-C852-4FC0-85E7-74AA54A4C5F6}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{B3139F3A-462C-447D-B24F-B3006F74EE74}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{8CC1D82A-E6D2-4082-8CDB-174D4019F181}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe FirewallRules: [{BF470B00-1657-452D-AAF2-B99104335B0D}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{BC267491-14E8-4811-A29B-FDF0F61ABD06}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{EDE520CA-923E-4680-BD9F-D107092D2784}] => C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe FirewallRules: [{4CE243B7-53F9-451A-8D6C-5FD8EF13C754}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe FirewallRules: [{09479FCE-6A39-4B8C-99F8-425DF1C8D6C4}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe FirewallRules: [{F02A23BE-14BA-4764-B50C-39FEBF4E9017}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe FirewallRules: [{9599CC0D-B86A-4FC9-BBF2-FD7CC9FAE43B}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe FirewallRules: [{AB65FD74-974F-49C9-9001-14F8B87136C5}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe FirewallRules: [{9337B610-9BEE-4AA9-862C-C7D78E8B8C65}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{4281D062-9C27-4853-9EAE-EF3C87E3749E}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{1E1FA6BC-1717-4573-AC2A-5336FB2712A5}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{3797AB00-53F9-4472-B799-41804B0FF9D7}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{4F37005B-0006-4E57-A487-4BCA1D9C8B24}] => C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{453FA267-AF96-4831-B6FD-582138F83602}] => C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe FirewallRules: [{41EF8723-B17E-4487-8B2F-EA9F0181C440}] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{D1A2738B-8429-40F5-9439-94AC23209D2C}] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{6BFD34FF-8F02-439D-9DC2-429EAD435CD8}] => C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{59784776-35F7-420B-8D6B-763EE93C369E}] => C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{6444BA93-958D-495E-AD2F-F9234D8B8C94}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{2DB624DF-3689-4222-8F0E-652F30D7919D}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{611D522F-1CF6-4B27-9321-4BBA6DBCE56E}] => LPort=33333 FirewallRules: [{ADBB3635-95CF-41B4-B841-7E70046A5066}] => LPort=33338 FirewallRules: [{78BE71AE-2DD9-4D58-BAB7-6BE02F4CE1AC}] => C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe FirewallRules: [{DDBD963B-E0B5-4ADA-89D2-2EA2AD6A62DF}] => C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe FirewallRules: [{C5D4757A-4B13-4FB5-8F53-B81AEDE555AE}] => C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe FirewallRules: [{4B78EE78-7812-4CA5-8E46-5ADC4E116161}] => C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe FirewallRules: [{AEC539C9-429D-4ED5-91B5-31A87F05676C}] => C:\Program Files\Siber Systems\GoodSync\GoodSync.exe FirewallRules: [{F3E7BDEB-17C8-4063-8480-0434CC97051A}] => C:\Program Files\Siber Systems\GoodSync\GoodSync.exe FirewallRules: [{8ACE0C8A-7173-4888-A6F5-2BD371FCF320}] => C:\Program Files\Siber Systems\GoodSync\GsExplorer.exe FirewallRules: [{74F787BC-13A3-4F55-879E-E7AD3AA5CD4C}] => C:\Program Files\Siber Systems\GoodSync\GsExplorer.exe FirewallRules: [{63ADB218-1C1A-4D12-8151-41F9FA2915B1}] => C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe FirewallRules: [{8EB3FCB6-D35A-4821-94D9-4D1CEA1322C5}] => C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe FirewallRules: [{1D9F55C6-A5E9-4CC3-BE22-B05CC91F7621}] => LPort=33333 FirewallRules: [{7C1614EB-E823-47CB-8177-F1DA7CFE00B5}] => LPort=33338 FirewallRules: [{C0C57ED3-8143-46E0-91BF-7C08B755CA3F}] => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe FirewallRules: [TCP Query User{FF517BA2-073C-4D3E-A510-5D8F0177E182}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [UDP Query User{019AD8FF-62E7-4795-B173-92950F318D9C}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [{A17B629F-604E-48AD-97EB-451D1B8BDE4E}] => C:\Program Files (x86)\AOL Desktop 9.7\waol.exe FirewallRules: [{DBE84E9C-20E0-4CB9-AFF1-88A45F1ACE8A}] => C:\Program Files (x86)\AOL Desktop 9.7\waol.exe FirewallRules: [{350A5AF2-15DD-4FA6-B072-A333775D6210}] => C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe FirewallRules: [{4873896C-8678-4963-B6CF-D08B084FB3EA}] => C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe FirewallRules: [{065976BC-ABB8-4912-B08C-F43867B250EC}] => C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe FirewallRules: [{533B12ED-34C6-4F59-B26D-EA6B4D8A8EC5}] => C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe FirewallRules: [{E2599F82-5CA8-418D-98F2-A47FCE9ADA79}] => C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe FirewallRules: [{F81183B9-13DB-4A73-8068-9AE47618CBAB}] => C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe FirewallRules: [TCP Query User{DF165520-B0F3-437C-9D09-54E3A69CBA69}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [UDP Query User{353F0AFC-9400-445E-AEE5-9DCAEB2FA406}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [{5DBE31DB-528F-4443-9CCA-B2B7565227F3}] => C:\Users\Hans\AppData\Local\Temp\n4271\pcspeedmaxZS_1104-25a46bad.exe FirewallRules: [{42023997-578B-487D-BABB-B6D5DF92C39D}] => C:\Users\Hans\AppData\Local\Temp\file_3867818096.exe FirewallRules: [{75C32C37-89C6-4936-930D-C867E8AAB6D3}] => C:\Users\Hans\AppData\Local\Temp\file_145719.exe FirewallRules: [{8728D82D-0B89-452C-BADA-61022DEE29A6}] => c:\program files\pcreg\pcreg.exe FirewallRules: [{9D1D88CB-DDA2-4EA0-B1FB-E9CD71D4FC3B}] => c:\program files\pcreg\pcreg.exe FirewallRules: [{BE0E1BB8-C84B-4AF6-95AE-C86DB501B2A7}] => C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe FirewallRules: [{5AB3BF2B-5759-4C0E-AD6D-03A62B2D0386}] => C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe FirewallRules: [{DADCA7A5-1B65-40F1-8D63-C1CAEF50EAC8}] => C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe FirewallRules: [{DBA436D7-5BE2-444F-BD3B-21FBF480B708}] => C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe FirewallRules: [{F0B9A282-1EAA-47C6-84FD-0DBC58A155E3}] => C:\Program Files (x86)\Common Files\AOL\1300570305\ee\aolsoftware.exe FirewallRules: [{3E7643BC-E28E-4569-BFAF-26A418151768}] => C:\Program Files (x86)\Common Files\AOL\1300570305\ee\aolsoftware.exe FirewallRules: [{C1576596-1E82-464E-8F75-5A9A02B1F73B}] => C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe FirewallRules: [{2424075F-9A5B-424D-8629-776FA11EB4D5}] => C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe FirewallRules: [{653D3B0A-256A-4F7E-8A4F-8D6E90EBE3EC}] => C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe FirewallRules: [{A52EA545-EB3E-49D5-AB1E-F86E199F241B}] => C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe FirewallRules: [{F9F8C7DA-5B4E-407E-AAEB-412593207866}] => C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe FirewallRules: [{DCB64971-6192-4642-B944-A1ED9F336E17}] => C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe FirewallRules: [{F2EDD4FC-E773-4EF8-9010-4115B2322A12}] => C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe FirewallRules: [{5B87472F-BE20-46DF-B1FF-3CBC6AD19305}] => C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe FirewallRules: [{1B5E254E-6B36-4DCC-ABF4-D4875D4BF482}] => C:\Program Files (x86)\AOL Desktop 9.7a\aolbrowser.exe FirewallRules: [{F7E8D3B3-4EB4-4789-8000-2CFF3E30BD5A}] => C:\Program Files (x86)\AOL Desktop 9.7a\aolbrowser.exe FirewallRules: [{6CC2633E-516F-4AD3-AB1A-76B1CC4E541B}] => C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{6C5D4FA8-A3C6-4525-8F55-8333992ED456}] => C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{F30EE7F7-EA01-4B5C-A713-FD5D5578ADED}] => C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{A5CFBA9F-63EB-400D-A9B5-367B8005F3EE}] => C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{F7EE638A-14BF-4E33-B89D-BB982C5BC7C4}] => C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{38AFCB99-E320-4D38-BF28-92A393CCBB09}] => C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{08086B1B-AED1-4102-BF99-FCE35900652B}] => C:\Program Files\Siber Systems\GoodSync\GoodSync.exe FirewallRules: [{BBAB1D2C-00F7-43F8-A3DB-E13D04DA9693}] => C:\Program Files\Siber Systems\GoodSync\GoodSync.exe FirewallRules: [{8F32E41D-4FC0-4235-A879-6F90CBFB7866}] => C:\Program Files\Siber Systems\GoodSync\GsExplorer.exe FirewallRules: [{7C17EDD8-F860-4C81-8F73-AC8EB89150D4}] => C:\Program Files\Siber Systems\GoodSync\GsExplorer.exe FirewallRules: [{E7DAFA31-0BAA-44C4-A368-B262CEE8DBF2}] => C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe FirewallRules: [{C62EF99B-7F02-408C-938A-FECB5F4E417B}] => C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe FirewallRules: [{21A373FA-6487-43F0-84FF-32191392391C}] => C:\Program Files\HP\HP Photosmart 7520 series\bin\FaxApplications.exe FirewallRules: [{17D34BE7-F121-4C87-8AF3-BAB6CCADDE60}] => C:\Program Files\HP\HP Photosmart 7520 series\bin\DigitalWizards.exe FirewallRules: [{DA3FCCA5-4A8A-484A-837D-CFCB8E4B05CE}] => C:\Program Files\HP\HP Photosmart 7520 series\bin\SendAFax.exe FirewallRules: [{E3AAD905-50F9-4BE4-B677-D467B898C5CF}] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\DeviceSetup.exe FirewallRules: [{A3F837D4-38C0-462F-86CC-836B338F6B36}] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe FirewallRules: [{3D933E17-4B25-4EAC-B501-96EF3D106CF9}] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{B7EE5104-2E69-4338-87AB-F306C820ED87}] => C:\Users\Hans\AppData\Local\Temp\7zS1508\HPDiagnosticCoreUI.exe FirewallRules: [{906CC24D-2060-48F7-BF12-F34D1924858F}] => C:\Users\Hans\AppData\Local\Temp\7zS1508\HPDiagnosticCoreUI.exe FirewallRules: [{6693F6F2-7439-4C3B-B9E4-AF1B3DC3CAF5}] => C:\Users\Hans\AppData\Local\Temp\7zS1FA1\HPDiagnosticCoreUI.exe FirewallRules: [{29128CDC-C1C1-4234-AC9C-181A52596E8B}] => C:\Users\Hans\AppData\Local\Temp\7zS1FA1\HPDiagnosticCoreUI.exe FirewallRules: [{D441C43E-9E8C-4860-B0DD-E876FF7B8948}] => C:\Program Files (x86)\AOL Desktop 9.7b\waol.exe FirewallRules: [{824827C4-F80F-498D-8714-95D678727452}] => C:\Program Files (x86)\AOL Desktop 9.7b\waol.exe FirewallRules: [{039DD50C-8630-49CD-B8B7-CAEAB5F908C2}] => E:\fsetup.exe FirewallRules: [{2C51A707-78B8-4BAC-AF35-BB34848AEC29}] => E:\fsetup.exe FirewallRules: [{13F5404A-0B96-4B91-B713-34177D4F23B8}] => E:\fsetup.exe FirewallRules: [{E272059B-562E-47C0-A0FB-0E9A662661E7}] => E:\fsetup.exe FirewallRules: [{FE2C5FB1-4A6A-4088-BDC1-D19698D753BA}] => C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{BE8BBA40-1A6A-4996-AA31-7AD8D94EA09A}] => C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{FACC4394-83FE-4355-9B8B-461115B6DCEA}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{3FD66863-FBAB-4693-80E4-E00E4D8C4FD4}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{EE6E888E-4EE1-422B-96E7-204A330C7CF5}] => C:\Program Files (x86)\AOL Desktop 9.8.0\waol.exe FirewallRules: [{92DB00E6-983E-4E86-A058-410627D7C878}] => C:\Program Files (x86)\AOL Desktop 9.8.0\waol.exe FirewallRules: [{C116874D-5C0F-47A3-A4B6-94278AAAE96E}] => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe FirewallRules: [{4EFBBAD5-ED29-4CC0-90BB-5E36B49A0AD4}] => C:\Users\Hans\AppData\Local\Temp\7zS31BA\HPDiagnosticCoreUI.exe FirewallRules: [{97E0B121-C82E-4BC2-928E-55DAEE110AE3}] => C:\Users\Hans\AppData\Local\Temp\7zS31BA\HPDiagnosticCoreUI.exe FirewallRules: [{79280998-C664-4387-823A-32BB99E5A6E6}] => C:\Users\Hans\AppData\Local\Temp\7zS32AF\HPDiagnosticCoreUI.exe FirewallRules: [{A5045754-BD6B-41D4-B938-FDFDE3B871E6}] => C:\Users\Hans\AppData\Local\Temp\7zS32AF\HPDiagnosticCoreUI.exe FirewallRules: [{6D2F1F15-3C0E-42D6-AE20-D6008A8E6208}] => C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{D9274A63-63A2-4CA9-B019-EE4F3E7AB58D}] => C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe FirewallRules: [{68258B38-E401-4D62-819C-8000BF851CC0}] => C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe FirewallRules: [{D2096ED2-4405-44FC-9DCA-4E370646906F}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{2FA767D1-A16C-4813-9274-1D5FB6C8E6DA}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{EBBD37CA-B722-4AA4-99C6-E97345C41C82}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => C:\program files (x86)\symantec\norton online backup\nobuclient.exe FirewallRules: [UDP Query User{72675C7A-CE4F-4BD4-8DCF-A847DE466E8E}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => C:\program files (x86)\symantec\norton online backup\nobuclient.exe FirewallRules: [{01EC4E16-8031-4670-884E-C83464B31F47}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{70E98B7A-CBEF-4916-8B0A-FC8319453B4D}] => C:\Program Files\iTunes\iTunes.exe FirewallRules: [{50195A85-C599-4A74-9458-6CED8D812CAB}] => C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe FirewallRules: [{416A99C8-70BF-431A-8026-609D5BD37052}] => C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe ==================== Restore Points ========================= 14-09-2015 22:13:03 Windows Update 19-09-2015 09:32:29 Garmin Express 19-09-2015 09:39:46 Garmin Express 26-09-2015 23:00:00 Scheduled Checkpoint 11-10-2015 16:27:19 Scheduled Checkpoint 14-10-2015 02:00:42 Windows Update 22-10-2015 09:42:08 Scheduled Checkpoint 30-10-2015 00:00:03 Scheduled Checkpoint 06-11-2015 01:43:24 Garmin Express 11-11-2015 03:00:55 Windows Update 13-11-2015 03:00:10 Windows Update 20-11-2015 15:15:14 Installed HP Support Assistant 20-11-2015 15:22:40 Windows Modules Installer 20-11-2015 15:24:17 Windows Modules Installer 23-11-2015 18:12:30 Device Driver Package Install: Private Communications Network adapters 23-11-2015 18:19:33 Removed Skype™ 7.13 23-11-2015 18:23:14 Removed Skype Click to Call 23-11-2015 19:04:11 Removed Skype™ 7.15 01-12-2015 00:00:14 Scheduled Checkpoint 08-12-2015 18:11:17 Scheduled Checkpoint 10-12-2015 03:00:33 Windows Update 17-12-2015 18:45:34 Scheduled Checkpoint 22-12-2015 13:24:47 Norton_Power_Eraser_20151222131733815 08-01-2016 12:55:48 Scheduled Checkpoint 13-01-2016 03:00:45 Windows Update 20-01-2016 23:10:32 Scheduled Checkpoint 29-01-2016 19:02:44 Scheduled Checkpoint 01-02-2016 19:49:26 Garmin Express 10-02-2016 03:01:09 Windows Update 15-02-2016 03:01:10 Windows Update 06-03-2016 17:24:45 Scheduled Checkpoint 13-03-2016 18:10:20 Scheduled Checkpoint 14-03-2016 03:00:37 Windows Update 22-03-2016 00:58:07 Scheduled Checkpoint 06-04-2016 17:58:27 Installed OneTouch(R) Software v2.3.3 09-04-2016 14:18:54 Removed Comcast Desktop Software (v1.2.1) 15-04-2016 17:48:22 Windows Modules Installer 22-04-2016 18:35:23 Scheduled Checkpoint 29-04-2016 16:44:02 Garmin Express 16-05-2016 05:14:23 Scheduled Checkpoint 17-05-2016 02:01:27 Windows Update 02-06-2016 22:12:41 Scheduled Checkpoint 06-06-2016 18:12:00 Chrome Cleanup Tool 26-06-2016 02:02:21 Windows Update 27-06-2016 02:00:16 Windows Update 20-07-2016 02:01:02 Windows Update 28-07-2016 19:19:33 Scheduled Checkpoint 07-08-2016 10:43:41 Garmin Express 18-08-2016 21:15:42 Scheduled Checkpoint 22-08-2016 02:03:17 Windows Update 23-08-2016 02:01:26 Windows Update 10-09-2016 12:33:16 Scheduled Checkpoint 25-09-2016 12:16:45 Garmin Express 29-09-2016 02:02:41 Windows Update 06-11-2016 03:29:26 Garmin Express 07-11-2016 03:00:16 Windows Update 08-11-2016 03:01:04 Windows Update 02-12-2016 16:01:46 Garmin Express 10-12-2016 15:09:32 Installed Norton Online Backup 12-12-2016 22:14:21 Norton 360 Registry Clean 21-12-2016 22:21:50 Removed DriverUpdate 21-12-2016 22:23:00 Removed DriverUpdate 26-12-2016 03:01:16 Windows Update ==================== Faulty Device Manager Devices ============= Name: J:\ Description: SM/xD-Picture Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. Name: G:\ Description: Photosmart 7520 Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: HP Service: WUDFRd Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. Name: I:\ Description: Compact Flash Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. Name: K:\ Description: MS/MS-Pro Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. Name: H:\ Description: SD/MMC Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. ==================== Event log errors: ========================= Application errors: ================== Error: (12/26/2016 12:28:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (12/26/2016 12:28:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (12/25/2016 11:21:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace4e7 Exception code: 0xc0000005 Fault offset: 0x000000000001e1ac Faulting process id: 0x890 Faulting application start time: 0x01d25e075704dbb0 Faulting application path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\MSVCR90.dll Report Id: 8b83c989-caf0-11e6-890b-00038a000015 Error: (12/25/2016 11:21:57 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Explorer.EXE Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: exception code c0000005, exception address 0000000073ADE1AC Error: (12/25/2016 07:00:02 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: The backup did not complete because of an error writing to the backup location M:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). Error: (12/25/2016 03:03:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MusicCLMLSvc.exe, version: 4.3.4503.0, time stamp: 0x4c806a39 Faulting module name: MSVCR80.dll, version: 8.0.50727.6195, time stamp: 0x4dcddbf3 Exception code: 0x40000015 Fault offset: 0x000046b4 Faulting process id: 0xb40 Faulting application start time: 0x01d25eb799437516 Faulting application path: C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\Kernel\CLML\MusicCLMLSvc.exe Faulting module path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll Report Id: db15fb1c-caaa-11e6-890b-00038a000015 Error: (12/25/2016 03:02:54 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MusicCLMLSvc.exe, version: 4.3.4503.0, time stamp: 0x4c806a39 Faulting module name: MSVCR80.dll, version: 8.0.50727.6195, time stamp: 0x4dcddbf3 Exception code: 0x40000015 Fault offset: 0x000046b4 Faulting process id: 0x18c4 Faulting application start time: 0x01d25eb793571ad2 Faulting application path: C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\Kernel\CLML\MusicCLMLSvc.exe Faulting module path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll Report Id: d40ae635-caaa-11e6-890b-00038a000015 Error: (12/25/2016 03:02:46 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MusicCLMLSvc.exe, version: 4.3.4503.0, time stamp: 0x4c806a39 Faulting module name: MSVCR80.dll, version: 8.0.50727.6195, time stamp: 0x4dcddbf3 Exception code: 0x40000015 Fault offset: 0x000046b4 Faulting process id: 0xe50 Faulting application start time: 0x01d25eb78dc11f32 Faulting application path: C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\Kernel\CLML\MusicCLMLSvc.exe Faulting module path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll Report Id: cf5a9302-caaa-11e6-890b-00038a000015 Error: (12/25/2016 03:02:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MusicCLMLSvc.exe, version: 4.3.4503.0, time stamp: 0x4c806a39 Faulting module name: MSVCR80.dll, version: 8.0.50727.6195, time stamp: 0x4dcddbf3 Exception code: 0x40000015 Fault offset: 0x000046b4 Faulting process id: 0x1750 Faulting application start time: 0x01d25eb7829c53fd Faulting application path: C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\Kernel\CLML\MusicCLMLSvc.exe Faulting module path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll Report Id: c9deaf73-caaa-11e6-890b-00038a000015 Error: (12/25/2016 03:02:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MusicCLMLSvc.exe, version: 4.3.4503.0, time stamp: 0x4c806a39 Faulting module name: MSVCR80.dll, version: 8.0.50727.6195, time stamp: 0x4dcddbf3 Exception code: 0x40000015 Fault offset: 0x000046b4 Faulting process id: 0x13a8 Faulting application start time: 0x01d25e9069014b58 Faulting application path: C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\Kernel\CLML\MusicCLMLSvc.exe Faulting module path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll Report Id: ba7bb576-caaa-11e6-890b-00038a000015 System errors: ============= Error: (12/26/2016 01:25:51 PM) (Source: BROWSER) (EventID: 8032) (User: ) Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{28611991-9E63-4AAC-89C9-43D22A3DF324}. The backup browser is stopping. Error: (12/26/2016 12:24:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The HP Support Solutions Framework Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (12/26/2016 12:24:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect. Error: (12/26/2016 12:21:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (12/26/2016 12:21:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (12/26/2016 03:19:38 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout. Error: (12/25/2016 03:42:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Malwarebytes Service service terminated unexpectedly. It has done this 1 time(s). Error: (12/24/2016 08:22:01 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk5\DR5. Error: (12/24/2016 08:22:00 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk5\DR5. Error: (12/24/2016 08:22:00 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk5\DR5. ==================== Memory info =========================== Processor: AMD Phenom(tm) II X6 1045T Processor Percentage of memory in use: 36% Total physical RAM: 10239.29 MB Available physical RAM: 6520.74 MB Total Virtual: 20476.75 MB Available Virtual: 16372.29 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:1384.2 GB) (Free:636.99 GB) NTFS Drive d: (HP_RECOVERY) (Fixed) (Total:12.97 GB) (Free:1.56 GB) NTFS ==>[system with boot components (obtained from drive)] Drive g: () (Removable) (Total:1.84 GB) (Free:1.49 GB) FAT Drive z: (OS) (Network) (Total:1384.2 GB) (Free:636.99 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 1397.3 GB) (Disk ID: D6C1A187) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1384.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS) ======================================================== Disk: 5 (Size: 1.8 GB) (Disk ID: 83E09778) Partition 1: (Not Active) - (Size=1.8 GB) - (Type=06) ==================== End of Addition.txt ============================ |
26.12.2016, 14:23 | #11 |
/// TB-Ausbilder /// Anleitungs-Guru | Adware.1Clickdownload in der Registrydatei Jetzt bitte Suchscan durchführen: Schritt 1 ESET Online Scanner
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
26.12.2016, 15:59 | #12 |
| Adware.1Clickdownload in der RegistrydateiCode:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=93fe904f40ce464f83dee32fd69a6a6f # end=init # utc_time=2016-12-26 01:28:15 # local_time=2016-12-26 02:28:15 (+0100, W. Europe Standard Time) # country="United States" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 31860 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=93fe904f40ce464f83dee32fd69a6a6f # end=updated # utc_time=2016-12-26 01:33:26 # local_time=2016-12-26 02:33:26 (+0100, W. Europe Standard Time) # country="United States" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=93fe904f40ce464f83dee32fd69a6a6f # engine=31860 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2016-12-26 02:47:24 # local_time=2016-12-26 03:47:24 (+0100, W. Europe Standard Time) # country="United States" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=3589 16777213 100 57 635964 17925173 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 164922 234393494 0 0 # scanned=117762 # found=1 # cleaned=0 # scan_time=4437 sh=0CC9B32A52DA5E9F18E67A31803AFBF524EF9F42 ft=1 fh=646f9eb894d935d0 vn="Variante von Win32/Toolbar.Conduit.AR evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Adware Zwischenablage\quarantine\files\vrtmjpealnxmcznvhudicyhrzeglvjkj\PluginsWhiteListing.dll" Hans Reiter |
26.12.2016, 16:11 | #13 |
/// TB-Ausbilder /// Anleitungs-Guru | Adware.1Clickdownload in der Registrydatei Hallo Hans, der Scan war aber noch nicht fertig?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
26.12.2016, 16:49 | #14 |
| Adware.1Clickdownload in der Registrydatei Ich dachte er war fertig, von dem bildschrirm feedback. Ich werde es nochmal machen. |
26.12.2016, 16:51 | #15 | |
/// TB-Ausbilder /// Anleitungs-Guru | Adware.1Clickdownload in der RegistrydateiZitat:
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
Themen zu Adware.1Clickdownload in der Registrydatei |
adware.1clickdownload, hangup waehrend der durchsuchung, registry |