pop-ups and "ad not by this site"

[mwiebe71]

Here are the files generated by dds.com - I have been following the steps from your site (showtopic=9573).  Before contacting you I have run the free version of Malwarebytes several times, as well as Trend Micro and SpyBot.  MS Security Essentials is my anti-virus software.  (OS is Win7)

 

The problem started a few days ago after I installed an update to software I have had for quite some time.  Not sure if that update carried the problem, but since then the machine is almost unusable because of popups ("Your system player is out of date" and other similar intimidating sounding warnings).

 

I look forward to hearing from you and solving this problem.

Attach.txt

DDS.txt

[Maniac]

Hello mwiebe71 and ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

• Once you've read the article and are ready to use the program you can download it directly from the link below.
• Important! - Please make sure you save combofix to your desktop and do not run it from your browser
• Direct download link for: ComboFix.exe
• Please make sure you disable your security applications before running ComboFix.
• Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
• Please copy/paste the contents or attach that log file to your next reply.
• If needed the file can be located here: C:\combofix.txt
• NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

[mwiebe71]

Thanks for the quick response, Borislav.  Since my original post I ran JRT and AdwCleaner.  After reading the serious disclaimers about ComboFix I wanted to check with you to be sure that is still what I should do.  I ran DDS again and here are the new logs.  should I proceed with CF?

attach.txt

dds.txt

[Maniac]

Do you want to work with me? If you run whatever you want I couldn't help you.

[mwiebe71]

I understand that - but I have been dealing with this problem for almost a week and have become quite frustrated so I tried the suggestions I found in other forum entries with similar problems.  I have not used any other tools since my previous post to you. I do not plan on "running wherever I want" and will patiently await your reply.

[Maniac]

Post your log files.

Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

[mwiebe71]

Log files as requested

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.8 (11.05.2013:1)

OS: Windows 7 Professional x64

Ran by mikew on Sun 12/29/2013 at 17:51:10.79

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411361128}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 12/29/2013 at 17:58:57.75

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2

Run by mikew at 18:36:25 on 2013-12-29

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.7991.5544 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe

C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\CrashPlan\CrashPlanService.exe

C:\SPLASH.SYS\config\DVMExportService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

C:\Windows\SysWOW64\vmnat.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

C:\Windows\SysWOW64\vmnetdhcp.exe

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe

C:\Users\mikew\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe

C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\CrashPlan\CrashPlanTray.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\mikew\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Windows\system32\RunDll32.exe

C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe

C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files\DigitalPersona\Bin\DPAgent.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe

C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe

C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\splwow64.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe,

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DigitalPersona Personal Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s

uRun: [Amazon Cloud Player] "C:\Users\mikew\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"

uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN394E4GFR05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1

mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"

mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

mRun: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe

mRun: [bingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

StartupFolder: C:\Users\mikew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\mikew\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\mikew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CRASHP~1.LNK - C:\Program Files\CrashPlan\CrashPlanTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

LSP: %windir%\system32\vsocklib.dll

TCP: NameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{D372F017-7AFF-4039-88F3-5E9B81CC2D45} : DHCPNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{D372F017-7AFF-4039-88F3-5E9B81CC2D45}\37B6976796075627F523 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{D372F017-7AFF-4039-88F3-5E9B81CC2D45}\742756164734F66666565605C6163656 : DHCPNameServer = 192.168.0.1 205.171.2.25

TCP: Interfaces\{F12CA606-D358-4366-B16A-2A7F3395B70A} : DHCPNameServer = 75.75.75.75 75.75.76.76

Notify: SDWinLogon - SDWinLogon.dll

SSODL: WebCheck - <orphaned>

LSA: Notification Packages =  scecli DPPWDFLT

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: weDownload Manager Pro: {11111111-1111-1111-1111-110411361128} - 

x64-BHO: DigitalPersona Personal Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>

x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update

x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]

R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);C:\Windows\System32\drivers\tdrpm258.sys [2011-5-4 1477728]

R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2012-10-2 70256]

R1 DVMIO;DVMIO;C:\SPLASH.SYS\config\dvmio.sys [2009-9-27 21624]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [2010-2-15 89600]

R2 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-5-4 2480048]

R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-6-20 173192]

R2 CrashPlanService;CrashPlan Backup Service;C:\Program Files\CrashPlan\CrashPlanService.exe [2013-4-8 222720]

R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SPLASH.SYS\config\DVMExportService.exe [2009-7-8 323584]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]

R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]

R2 RosettaStoneDaemon;RosettaStoneDaemon;C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2012-6-19 1646608]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-12-29 3921880]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-12-29 1042272]

R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-12-29 171416]

R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-8-27 93072]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-2-15 2320920]

R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-8-1 917656]

R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2011-5-4 251488]

R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-12-7 227896]

R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]

R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-10-12 151040]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2009-9-26 233984]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2010-2-15 200736]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-2-15 35104]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]

S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 134944]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-14 19456]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-2-15 232480]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-14 57856]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-5 1255736]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

.

=============== Created Last 30 ================

.

2013-12-30 01:21:16 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{828DAC04-7831-4116-93E5-B3B34A708B62}\mpengine.dll

2013-12-30 01:12:41 -------- d-----w- C:\AdwCleaner

2013-12-30 00:51:07 -------- d-----w- C:\Windows\ERUNT

2013-12-29 21:02:09 21040 ----a-w- C:\Windows\System32\sdnclean64.exe

2013-12-29 21:02:00 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2013-12-29 21:01:50 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2

2013-12-28 09:20:13 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-12-27 16:12:02 -------- d-----w- C:\Users\mikew\AppData\Roaming\Malwarebytes

2013-12-27 16:11:49 -------- d-----w- C:\ProgramData\Malwarebytes

2013-12-27 16:11:47 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-12-27 16:11:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-12-27 15:50:35 149504 ----a-w- C:\Windows\SysWow64\UNWISE.EXE

2013-12-27 15:50:08 -------- d-----w- C:\Windows\System32\Hauppauge

2013-12-27 15:48:40 -------- d-----w- C:\MyVideos

2013-12-27 15:23:52 69632 ----a-w- C:\Windows\SysWow64\3DES.dll

2013-12-18 15:55:48 -------- d-----w- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}

2013-12-18 15:55:21 -------- d-----w- C:\Users\mikew\AppData\Roaming\hpqLog

2013-12-17 18:23:50 -------- d-----w- C:\ScanFrom8600

2013-12-16 22:46:58 741480 ------w- C:\Windows\System32\HPDiscoPM5912.dll

2013-12-16 22:43:52 -------- d-----w- C:\Program Files\HP

2013-12-12 10:03:56 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe

2013-12-12 10:03:56 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

2013-12-12 10:03:55 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2013-12-12 10:03:55 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2013-12-12 10:01:59 2334208 ----a-w- C:\Windows\System32\wininet.dll

2013-12-12 10:01:59 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-12-12 10:01:59 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-12-12 10:01:56 5769216 ----a-w- C:\Windows\System32\jscript9.dll

2013-12-12 10:01:56 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-12-10 13:08:01 -------- d-----w- C:\ProgramData\CrashPlan

2013-12-10 13:08:01 -------- d-----w- C:\Program Files\CrashPlan

2013-12-10 13:07:12 -------- d-----w- C:\Users\mikew\AppData\Roaming\CrashPlan

2013-12-09 15:56:16 -------- d-----w- C:\Users\mikew\AppData\Local\Amazon Cloud Player

2013-12-06 08:40:50 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{80C28C5F-1507-4123-B84E-19A3E8C7C807}\gapaengine.dll

.

==================== Find3M  ====================

.

2013-12-27 15:28:25 96256 ----a-w- C:\Windows\SysWow64\hcwCPem.ax

2013-12-27 15:28:25 70944 ----a-w- C:\Windows\HCWemmon.exe

2013-12-27 15:28:25 658560 ----a-w- C:\Windows\System32\drivers\emBDA64.sys

2013-12-27 15:28:25 151808 ----a-w- C:\Windows\System32\drivers\emOEM64.sys

2013-12-27 15:28:25 134144 ----a-w- C:\Windows\System32\emPRP64.ax

2013-12-27 15:28:25 126464 ----a-w- C:\Windows\SysWow64\emPRP.ax

2013-12-27 15:28:25 101376 ----a-w- C:\Windows\System32\hcwCPem64.ax

2013-12-27 15:28:24 70144 ----a-w- C:\Windows\System32\drivers\emAudio64.sys

2013-12-27 15:28:24 59392 ----a-w- C:\Windows\SysWow64\bdadll.dll

2013-12-27 15:28:24 58880 ----a-w- C:\Windows\System32\bdadll64.dll

2013-12-27 15:28:10 106552 ----a-w- C:\Windows\SysWow64\hcwi2c32.dll

2013-12-11 09:47:35 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-12-11 09:47:35 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll

2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe

2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll

2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll

2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe

2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll

2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll

2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys

2013-10-21 22:44:22 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-10-21 22:44:18 873384 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2013-10-21 22:44:17 796072 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx

2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll

2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll

2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL

2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL

2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx

2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll

2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll

2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL

2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe

2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe

2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe

2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe

2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll

2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll

2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll

2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll

2013-10-04 02:16:30 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys

2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll

2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll

2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll

2013-10-04 01:36:04 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys

2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll

2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll

.

============= FINISH: 18:36:48.62 ===============

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional 

Boot Device: \Device\HarddiskVolume1

Install Date: 5/4/2011 7:28:47 PM

System Uptime: 12/29/2013 6:17:22 PM (0 hours ago)

.

Motherboard: Hewlett-Packard |  | 140A

Processor: Intel® Core i3 CPU       M 330  @ 2.13GHz | CPU | 1983/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 280 GiB total, 122.281 GiB free.

D: is FIXED (NTFS) - 17 GiB total, 2.798 GiB free.

E: is FIXED (FAT32) - 0 GiB total, 0.093 GiB free.

F: is CDROM ()

G: is FIXED (NTFS) - 932 GiB total, 431.915 GiB free.

H: is FIXED (NTFS) - 699 GiB total, 7.713 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet Pro 8500 A909g

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Officejet Pro 8500 A909g

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service: 

.

==== System Restore Points ===================

.

RP122: 12/18/2013 8:48:50 AM - Windows Update

RP123: 12/18/2013 8:53:34 AM - HPSF Applying updates

RP124: 12/18/2013 8:55:58 AM - Installed HP Support Assistant

RP125: 12/18/2013 8:59:23 AM - Windows Modules Installer

RP126: 12/18/2013 9:00:14 AM - Windows Modules Installer

RP127: 12/20/2013 7:56:04 AM - HPSF Applying updates

RP128: 12/20/2013 7:56:05 AM - HPSF Applying updates

RP129: 12/20/2013 7:58:58 AM - Installed HP Quick Launch Buttons

RP130: 12/22/2013 2:00:18 AM - Windows Update

RP131: 12/23/2013 8:31:11 AM - Installed Google Earth.

RP132: 12/25/2013 8:48:56 AM - Windows Update

RP134: 12/28/2013 2:12:47 PM - Microsoft Antimalware Checkpoint

RP135: 12/29/2013 8:18:02 AM - Windows Update

.

==== Installed Programs ======================

.

64 Bit HP CIO Components Installer

8500A909_eDocs

8500A909_Help

8500A909g

Acrobat.com

Acronis True Image Home

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader 9.1 MUI

Adobe Shockwave Player

Agent Ransack 2010 (64-bit)

Alps Touch Pad Driver

Amazon Cloud Player

Amazon Kindle

Atheros Driver Installation Program

Avery Wizard 4.0

Bing Desktop

BPD_DSWizards

bpd_scan

BPDSoftware

BPDSoftware_Ini

BufferChm

CCleaner

CrashPlan

CyberLink DVD Suite

Destinations

DeviceDiscovery

DigitalPersona Personal 4.11

DocMgr

DocProc

Dropbox

DVD Menu Pack for HP MediaSmart Video

ENE CIR Receiver Driver

ESU for Microsoft Windows 7

Fax

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

GoToMeeting 5.1.0.880

GPBaseService2

Hauppauge English Help Files and Resources

Hauppauge MCE XP/Vista Software Encoder (2.0.27022)

Hauppauge WinTV

Hauppauge WinTV Location Manager

Hauppauge WinTV Radio

Hauppauge WinTV Scheduler

Hauppauge WinTV Soft PVR

Hauppauge WinTV2000

Hewlett-Packard ACLM.NET v1.2.1.1

HP 3D DriveGuard

HP Advisor

HP Customer Experience Enhancements

HP Customer Participation Program 14.0

HP Document Manager 2.0

HP IDF Software

HP Imaging Device Functions 14.0

HP Integrated Module with Bluetooth wireless technology

HP MediaSmart DVD

HP MediaSmart Internet TV

HP MediaSmart Live TV

HP MediaSmart Music/Photo/Video

HP MediaSmart SlingPlayer

HP MediaSmart SmartMenu

HP MediaSmart Software Notebook Demo

HP MediaSmart Webcam

HP MediaSmart/TouchSmart Netflix

HP Officejet Pro 8500 A909 Series

HP Officejet Pro 8600 Basic Device Software

HP Officejet Pro 8600 Help

HP Officejet Pro 8600 Product Improvement Study

HP Quick Launch Buttons

HP QuickWeb

HP Setup

HP Smart Web Printing 4.60

HP Solution Center 14.0

HP Support Assistant

HP Update

HP User Guides 0186

HP Wireless Assistant

HPDiagnosticAlert

HPProductAssistant

HPSSupply

Hulu Desktop

I.R.I.S. OCR

IDT Audio

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® Matrix Storage Manager

InterVideo FilterSDK for Hauppauge

Java 7 Update 45

Java Auto Updater

Java SE Development Kit 6 Update 15 (64-bit)

Junk Mail filter update

LabelPrint

LightScribe System Software

Malwarebytes Anti-Malware version 1.75.0.1300

MarketResearch

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Live Search Toolbar

Microsoft Mouse and Keyboard Center

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Standard Edition 2003

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Movie Theme Pack for HP MediaSmart Video

MPM

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Network64

Norton Online Backup

OCR Software by I.R.I.S. 14.0

Power2Go

PowerDirector

ProductContext

QLBCASL

Realtek Ethernet Controller Driver For Windows Vista and Later

Realtek USB2.0&PCIE Card Reader

Recovery Manager

Rosetta Stone Ltd Services

Rosetta Stone TOTALe

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 

Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition 

Shop for HP Supplies

SmartWebPrinting

SolutionCenter

Spybot - Search & Destroy

Status

TomTom HOME

TomTom HOME Visual Studio Merge Modules

Toolbox

TrayApp

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VMware Player

VMwarePlayer_x64

WebReg

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

12/29/2013 6:19:15 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

.

==== End Of File ===========================

 

 

[Maniac]

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Clean.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.

[mwiebe71]

This is the log from AdwCleaner that I ran yesterday (before your instructions).  Since then I have not seen the pop-ups or the "ad not by this site" on other web pages.  I am sending you this log but I will wait for your reply before running AdwCleaner again.  I want to try to be sure you have all the information in spite of the fact that I did some parts on my own, out of sequence, "running wherever I wanted."  I won't do that again, so I wanted to be sure you understood the situation after I ran it yesterday.

 

# AdwCleaner v3.016 - Report created 29/12/2013 at 18:14:52

# Updated 23/12/2013 by Xplode

# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

# Username : mikew - HPWIN7

# Running from : H:\Component Setup\AdwCleaner\adwcleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Program Files (x86)\weDownload Manager Pro

Folder Deleted : C:\Users\mikew\AppData\LocalLow\weDownload Manager Pro

Folder Deleted : C:\Users\mikew\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{13a747ac-0f75-4834-889a-033e8f849beb}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2ff0943e-3ec4-4e3a-94c4-b7a2d3650ff6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c325bb22-92cd-42c3-99e5-6cb47d88377c}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c93b67c2-12bf-469d-9b8c-a20a807e7d99}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d71aadf3-fa71-478f-bd7a-c531dd46acb2}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{13a747ac-0f75-4834-889a-033e8f849beb}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2ff0943e-3ec4-4e3a-94c4-b7a2d3650ff6}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c325bb22-92cd-42c3-99e5-6cb47d88377c}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c93b67c2-12bf-469d-9b8c-a20a807e7d99}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d71aadf3-fa71-478f-bd7a-c531dd46acb2}

Key Deleted : HKCU\Software\AppDataLow\Software\weDownload Manager Pro

Key Deleted : HKLM\Software\DeviceVM

Key Deleted : HKLM\Software\weDownload Manager Pro

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\weDownload Manager Pro

Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 

 

-\\ Google Chrome v31.0.1650.63

 

[ File : C:\Users\mikew\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [6717 octets] - [29/12/2013 18:13:13]

AdwCleaner[s0].txt - [3862 octets] - [29/12/2013 18:14:52]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3922 octets] ##########

[Maniac]

Okay, momitor your system and come back to let me know how are things there.

[AdvancedSetup]

Are you still with us?

[mwiebe71]

Yes I am still here.  As suggested I am watching carefully for evidence of the malware I was having trouble with.  It seems to be better (or maybe even cured) but with the holidays I have not been as active on this machine as usual.  I want to watch for another day or two before I feel "safe."  I will report back later this week or early next week.

[AdvancedSetup]

Okay sounds good but generally speaking if there is no feedback for 3 days we normally will close your topic. 

 

Thanks

[AdvancedSetup]

Are you still with us?  I will go ahead and close the topic if we don't hear back otherwise.

 

Thanks

[mwiebe71]

It has been several days since I have seen the problem with pop-up ads, so hopefully it has been solved.  Thanks for the help.

[AdvancedSetup]

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
It will also reset your System Restore by flushing out previous restore points and create a new restore point.
It will also remove all the backups our tools may have created.

Uninstall ComboFix (if used):

• Turn off all active protection software including your antivirus.
• Push the "Windows key" + "R" (between the "Ctrl" button and "Alt" Button)
• Please copy and past the following into the box ComboFix /Uninstall and click OK.
• Note the space between the X and the /Uninstall, it needs to be there.
  

 
Remove the rest of the tools used:
 

Please download

OTCleanIt

and save it to your Desktop. This tool will remove all the tools we used to clean your pc.

• Double-click OTCleanIt.exe.
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes, if not go ahead and delete it by yourself.
• If asked to restart the computer, please do so
  

Note:

If you receive a warning from your firewall or other security programs regarding

OTCleanIt

attempting to contact the internet, please allow it to do so.

AdwCleaner Removal:

• Double click on AdwCleaner.exe to run the tool.
• Click on Uninstall
• Confirm with Yes
  

ESET antivirus Removal:

• This tool can be uninstalled via the Control Panel, Programs, Uninstall
  

 
 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.

• How Malware Spreads - How did I get infected
• Best Practices for Safe Computing - Prevention of Malware Infection
• Avoiding those unwanted free applications
• A close look at how Oracle installs deceptive software with Java updates
• IAC / Ask.com toolbars
• Malwarebytes Unpacked Blog
  

If you're not currently using Malwarebytes PRO then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!