Jump to content


Photo

Powered by, unsolicited new tabs, popups making my browsing a bust.


  • This topic is locked This topic is locked
6 replies to this topic

#1 TheGerkin

TheGerkin

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 14 June 2015 - 09:54 AM

Hello,
     I have read the FAQ and am attempting to follow the directions.
     My problem is with firefox.  "Powered by" will take over a web page after a bit.
A new tab will open when I click on something on my existing page.  The new page will be
an advertisement, most of the time for some PCKeeper, PCFix, or the like.  I get popups.
Their content can pretty much be just about anything.  Sometimes the popups slide in from
the sides, or appear at the top of the body, pretty much they try to be as disruptive as
possible.  I tried uninstalled and reinstalled Firefox, to no avail.  Even decided to use IE,
but it showed similar signs of being infected.
     When I go to sites (banking, quiitrak, etc.)  where I am working instead of searching, the
effects are minimal.  There is the constant highlighting and color change and font size increasing
of certain key words.  But the popups do not seem to make it.

     I have run the three programs you have requested, and here are the logs:
First, DDS.TXT:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.17356  BrowserJavaVersion: 11.45.2
Run by Christian at 19:47:24 on 2015-06-13
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2811.1412 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\PROGRA~2\Intuit\QUICKB~2\QBDBMgrN.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickBooksDB22] C:\PROGRA~2\Intuit\QUICKB~2\QBDBMgrN.exe -n QB_CHRISTIAN-LAPG6_22 -qs -gd ALL -gk all -gp 4096 -gu all -ch 256M -c 128M  -x tcpip(BroadcastListener=NO;port=55348) -ti 0 -ec simple  -qi -qw  -tl 120 -oe C:\PROGRA~3\Intuit\QUICKB~2\DBSTAR~1.LOG -y
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: addon.downloadterms.com
Trusted Zone: addon.downloadterms.com
Trusted Zone: addon.downloadterms.com
Trusted Zone: addon.downloadterms.com
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{7C413551-5001-4EBE-9365-9DFA8947F2D4} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{7C413551-5001-4EBE-9365-9DFA8947F2D4}\4416C6C6E65627 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{939CAAF4-2430-43E3-9E91-8137E331428C} : DHCPNameServer = 192.168.42.129
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Media+PlayerVidEd2.5: {11111111-1111-1111-1111-110611791113} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - <orphaned>
x64-Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\fkbv0kaa.default-1429128040315\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Christian\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Christian\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2010-5-14 73856]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2010-5-14 28800]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-3-4 280376]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-15 204288]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 124568]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-3-13 46136]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-4-30 366544]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-3-13 333416]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-3-13 38528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S3 HP DS Service;HP DS Service;C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [2011-10-17 13824]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2011-11-13 15360]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-5 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2015-4-6 31800]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-28 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-8 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-15 354304]
S4 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
S4 HP LaserJet Service;HP LaserJet Service;C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2012-5-2 164864]
S4 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
S4 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
S4 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
S4 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2014-9-18 14624]
S4 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-12-6 1248256]
S4 QuickBooksDB22;QuickBooksDB22;C:\PROGRA~2\Intuit\QUICKB~2\QBDBMgrN.exe -hvQuickBooksDB22 --> C:\PROGRA~2\Intuit\QUICKB~2\QBDBMgrN.exe -hvQuickBooksDB22 [?]
S4 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-1-2 315488]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-06-13 12:00:37    1187344    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{87AEB5DD-1D8C-4667-AF20-DD9056C4DB93}\gapaengine.dll
2015-06-13 11:59:11    12214312    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{72F7CFB8-6AD6-4989-83FD-FB2312910FAC}\mpengine.dll
2015-06-12 12:00:25    12214312    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-06-10 12:03:54    1187344    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6D3692E6-DD13-452C-83D0-ACCB1824C5CA}\gapaengine.dll
2015-06-05 12:09:30    298608    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\tobedeleted\rep2136.tmp
2015-06-05 11:58:26    1187344    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3AC463FE-1A76-4475-9231-B33C290FDA03}\gapaengine.dll
2015-06-02 18:16:23    1187344    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{15C89757-3CD2-417D-95AB-5196EB2422BF}\gapaengine.dll
2015-05-18 14:44:45    124112    ----a-w-    C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-05-18 14:44:45    102608    ----a-w-    C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-18 14:37:57    1647104    ----a-w-    C:\Windows\System32\DWrite.dll
.
==================== Find3M  ====================
.
2015-06-10 16:47:21    778416    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2015-06-10 16:47:21    142512    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-03 21:56:36    97888    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-05-05 01:29:39    342016    ----a-w-    C:\Windows\System32\schannel.dll
2015-05-05 01:12:49    248832    ----a-w-    C:\Windows\SysWow64\schannel.dll
2015-04-27 19:28:36    5569984    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2015-04-27 19:28:35    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2015-04-27 19:28:35    155584    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2015-04-27 19:26:21    1728960    ----a-w-    C:\Windows\System32\ntdll.dll
2015-04-27 19:22:57    47104    ----a-w-    C:\Windows\System32\typeperf.exe
2015-04-27 19:22:57    404992    ----a-w-    C:\Windows\System32\tracerpt.exe
2015-04-27 19:22:53    112640    ----a-w-    C:\Windows\System32\smss.exe
2015-04-27 19:22:47    296960    ----a-w-    C:\Windows\System32\rstrui.exe
2015-04-27 19:22:46    43008    ----a-w-    C:\Windows\System32\relog.exe
2015-04-27 19:22:35    31232    ----a-w-    C:\Windows\System32\lsass.exe
2015-04-27 19:22:34    104448    ----a-w-    C:\Windows\System32\logman.exe
2015-04-27 19:22:26    19456    ----a-w-    C:\Windows\System32\diskperf.exe
2015-04-27 19:22:08    338432    ----a-w-    C:\Windows\System32\conhost.exe
2015-04-27 19:21:37    64000    ----a-w-    C:\Windows\System32\auditpol.exe
2015-04-27 19:18:37    60416    ----a-w-    C:\Windows\System32\msobjs.dll
2015-04-27 19:18:25    146432    ----a-w-    C:\Windows\System32\msaudite.dll
2015-04-27 19:11:55    3934144    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2015-04-27 19:11:54    3989440    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2015-04-27 19:08:02    1310744    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2015-04-27 19:05:40    172032    ----a-w-    C:\Windows\SysWow64\wdigest.dll
2015-04-27 19:05:35    65536    ----a-w-    C:\Windows\SysWow64\TSpkg.dll
2015-04-27 19:05:34    635392    ----a-w-    C:\Windows\SysWow64\tdh.dll
2015-04-27 19:05:32    43008    ----a-w-    C:\Windows\SysWow64\srclient.dll
2015-04-27 19:05:29    92160    ----a-w-    C:\Windows\SysWow64\sechost.dll
2015-04-27 19:05:29    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2015-04-27 19:05:19    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2015-04-27 19:05:17    221184    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2015-04-27 19:05:11    259584    ----a-w-    C:\Windows\SysWow64\msv1_0.dll
2015-04-27 19:04:45    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2015-04-27 19:04:37    17408    ----a-w-    C:\Windows\SysWow64\credssp.dll
2015-04-27 19:04:33    641536    ----a-w-    C:\Windows\SysWow64\advapi32.dll
2015-04-27 19:04:33    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2015-04-27 19:04:24    40448    ----a-w-    C:\Windows\SysWow64\typeperf.exe
2015-04-27 19:04:24    364544    ----a-w-    C:\Windows\SysWow64\tracerpt.exe
2015-04-27 19:04:19    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2015-04-27 19:04:12    37888    ----a-w-    C:\Windows\SysWow64\relog.exe
2015-04-27 19:04:04    82944    ----a-w-    C:\Windows\SysWow64\logman.exe
2015-04-27 19:03:58    17408    ----a-w-    C:\Windows\SysWow64\diskperf.exe
2015-04-27 19:03:52    50176    ----a-w-    C:\Windows\SysWow64\auditpol.exe
2015-04-27 19:03:36    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2015-04-27 19:03:36    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2015-04-27 19:03:36    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2015-04-27 19:01:33    60416    ----a-w-    C:\Windows\SysWow64\msobjs.dll
2015-04-27 19:01:22    146432    ----a-w-    C:\Windows\SysWow64\msaudite.dll
2015-04-27 18:06:48    36864    ----a-w-    C:\Windows\System32\UtcResources.dll
2015-04-27 17:57:32    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2015-04-27 17:57:31    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2015-04-27 17:55:03    6144    ---ha-w-    C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-04-27 17:55:03    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-27 17:55:03    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-27 17:55:03    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-04-21 14:33:27    1763328    ----a-w-    C:\Windows\SysWow64\wininet.dll
2015-04-21 14:33:25    524288    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2015-04-21 14:33:03    2864640    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2015-04-21 14:33:02    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2015-04-21 14:33:02    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2015-04-21 14:32:45    1441280    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2015-04-21 13:53:34    2237440    ----a-w-    C:\Windows\System32\wininet.dll
2015-04-21 13:53:29    601600    ----a-w-    C:\Windows\System32\vbscript.dll
2015-04-21 13:52:53    3959296    ----a-w-    C:\Windows\System32\jscript9.dll
2015-04-21 13:52:51    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2015-04-21 13:52:51    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2015-04-21 13:52:36    1509376    ----a-w-    C:\Windows\System32\inetcpl.cpl
2015-04-20 03:17:07    1179136    ----a-w-    C:\Windows\System32\FntCache.dll
2015-04-20 02:56:29    1250816    ----a-w-    C:\Windows\SysWow64\DWrite.dll
2015-04-20 02:11:23    3204608    ----a-w-    C:\Windows\System32\win32k.sys
2015-04-18 03:10:57    460800    ----a-w-    C:\Windows\System32\certcli.dll
2015-04-18 03:06:19    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2015-04-18 02:59:05    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2015-04-18 02:56:57    342016    ----a-w-    C:\Windows\SysWow64\certcli.dll
2015-04-18 02:37:08    361984    ----a-w-    C:\Windows\SysWow64\html.iec
2015-04-18 02:34:17    441856    ----a-w-    C:\Windows\System32\html.iec
2015-04-18 02:12:40    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2015-04-18 02:09:03    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2015-04-14 09:38:52    1217192    ----a-w-    C:\Windows\SysWow64\FM20.DLL
2015-04-13 03:28:33    328704    ----a-w-    C:\Windows\System32\services.exe
2015-04-08 03:29:07    275456    ----a-w-    C:\Windows\System32\InkEd.dll
2015-04-08 03:14:07    216064    ----a-w-    C:\Windows\SysWow64\InkEd.dll
2015-04-06 16:10:35    24064    ----a-w-    C:\Windows\zoek-delete.exe
2015-03-25 03:24:41    98304    ----a-w-    C:\Windows\System32\wudriver.dll
2015-03-25 03:24:41    3298816    ----a-w-    C:\Windows\System32\wucltux.dll
2015-03-25 03:24:41    191488    ----a-w-    C:\Windows\System32\wuwebv.dll
2015-03-25 03:24:08    60416    ----a-w-    C:\Windows\System32\WinSetupUI.dll
2015-03-25 03:23:58    12288    ----a-w-    C:\Windows\System32\wu.upgrade.ps.dll
2015-03-25 03:23:55    36864    ----a-w-    C:\Windows\System32\wuapp.exe
2015-03-25 03:00:57    92672    ----a-w-    C:\Windows\SysWow64\wudriver.dll
2015-03-25 03:00:57    173056    ----a-w-    C:\Windows\SysWow64\wuwebv.dll
2015-03-25 03:00:15    33792    ----a-w-    C:\Windows\SysWow64\wuapp.exe
2015-03-23 03:25:15    726528    ----a-w-    C:\Windows\System32\generaltel.dll
2015-03-23 03:25:01    769536    ----a-w-    C:\Windows\System32\invagent.dll
2015-03-23 03:24:56    419840    ----a-w-    C:\Windows\System32\devinv.dll
2015-03-23 03:24:54    957952    ----a-w-    C:\Windows\System32\appraiser.dll
2015-03-23 03:24:53    30720    ----a-w-    C:\Windows\System32\acmigration.dll
2015-03-23 03:24:53    227328    ----a-w-    C:\Windows\System32\aepdu.dll
2015-03-23 03:24:53    192000    ----a-w-    C:\Windows\System32\aepic.dll
.
============= FINISH: 19:49:17.89 ===============

Next Checkup.txt:

 Results of screen317's Security Check version 1.00  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 JavaFX 2.1.1    
 Java 8 Update 45  
 Java version 32-bit out of Date!
 Adobe Flash Player 17.0.0.188  
 Adobe Reader XI  
 Mozilla Firefox (38.0.5)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

And Last is the Log from the scan by Malwarebytes MBAM.TXT.
I ran one scan with 10 items found.  I have the saved file here.
Then I ran the scan again. I am also showing that MBAM.TXT.

The first MBAM:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/13/2015
Scan Time: 9:40:56 PM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.13.07
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Christian

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 471781
Time Elapsed: 52 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, , [231868526723e55184e8ec04fb08b64a],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1DDD73DA-158D-4CAD-AE39-47FEC7FAD8E4}, , [8ab1556591f98ea85fc51c6c5ca9aa56],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A1D6DF45-2AE7-4995-8A9E-4DDC4410E2A5}, , [0239645690fa2f0780a2f89017ee27d9],
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [f447aa10c0cae1553ed896f771944ab6],

Registry Values: 2
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1ddd73da-158d-4cad-ae39-47fec7fad8e4}|AppName, Media+PlayerVidEd2.5-codedownloader.exe, , [8ab1556591f98ea85fc51c6c5ca9aa56]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{a1d6df45-2ae7-4995-8a9e-4ddc4410e2a5}|AppName, Media+PlayerVidEd2.5-bg.exe, , [0239645690fa2f0780a2f89017ee27d9]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
PUP.Optional.Updating.A, C:\Windows\System32\Tasks\sup_games_updating_service, , [7ac1506a404a3ff79d6f737e52b17c84],
PUP.Optional.Updating.A, C:\Windows\Tasks\sup_games_updating_service.job, , [b18ab1097812102684897d746e9506fa],
PUP.Optional.Notification.A, C:\Windows\Tasks\sup_games_notification_service.job, , [db60dddde4a6d95dc86dfcf5ec17f50b],
PUP.Optional.Notification.A, C:\Windows\System32\Tasks\sup_games_notification_service, , [ac8fc9f1eaa0e5510036d21f0df6b24e],

Physical Sectors: 0
(No malicious items detected)


(end)


Here is the Second MBAM.TXT file which was generated after I cleaned out the 10 incidents
that were found in the scan above this text:


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/13/2015
Scan Time: 10:48:59 PM
Logfile: MBAM2.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.13.07
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Christian

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 472266
Time Elapsed: 1 hr, 0 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

I hope I have presented the post information in a manner that makes your efforts easier.
Should you need anything further, please let me know.



#2 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,803 posts

Posted 15 June 2015 - 12:28 AM

Hello TheGerkin. Welcome to SWI.

 

Please download AdwCleaner by Xplode onto your Desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found.  Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please attach it to your reply.

You have used an out of date copy of Security Check. Please delete your copy and download a fresh copy from http://www.spywarein...showtopic=79038. The latest version is: 1.004.

 

 

Please post:

ADWCleaner log.

FRST log.

Security Check log.

 

How's the computer performing now?

 

 

Rocket Grannie.


a94.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#3 TheGerkin

TheGerkin

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 16 June 2015 - 07:44 PM

Hello Rocket Grannie,
  I was following your instructions and preparing the logs for ADW, FRST and Security Check.
At the end of your text you asked "How's the computer running now?".
  After following all your instructions, I tested out a couple of sites that had previously been obnoxious
with symptoms.  I had to have a coworker, my wife, check it out also, because in the words
of the leper "Jesus, I'm cured, I'm cured."
  Thank you for your help!
  I assume you do not want the copies of the logs at this time.
Thanks again,
The Gerkin

#4 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,803 posts

Posted 16 June 2015 - 07:50 PM

Hello TheGerkin

 

I am glad the popups appear to be gone. However, I doubt that the computer will be completely clean yet.

Please post the requested logs so I can check for any leftovers.

 

 

Rocket Grannie.


a94.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#5 TheGerkin

TheGerkin

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 16 June 2015 - 08:31 PM

Hello Rocket Grannie,

BELOW IS THE TEXT I PREPARED FOR YOU BEFORE I DID MY HAPPY DANCE OF CURED.

First, let me thank you for taking time to look into my problem.

Per your instructions, I have downloaded ADWCleaner and ran it.
I cleaned 4 files and 3 registry items. The resulting ADWCleaner[S1].txt log is listed first.

Then I downloaded the Farbar Recovery Scan Tool and ran it.
The FRST.txt file and the Addition.txt file are listed next.

Then I downloaded the latest version of securecheck and ran it.
I ran it and the checkit.txt log file is presented last.


THE FOLLOWING IS THE ADWCLEANER.TXT LOG

File Deleted : C:\Users\Christian\AppData\Local\GDIPFONTCACHEV1.DAT
File Deleted : C:\Users\Christian\AppData\Roaming\GDIPFONTCACHEV1.DAT
File Deleted : C:\Program Files (x86)\Mozilla Firefox\my.cfg
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\defaults\preferences\my-prefs.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Universal
Key Deleted : HKLM\SOFTWARE\W3I
Key Deleted : HKU\.DEFAULT\Software\AnyProtect

***** [ Web browsers ] *****

-\\ Internet Explorer v10.0.9200.17356


-\\ Mozilla Firefox v38.0.5 (x86 en-US)


*************************

AdwCleaner[S1].txt - [668 bytes] - [16/06/2015 12:44:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [726 bytes] ##########





THE FOLLOWING IS THE FRST.TXT LOG FILE:




Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Christian (administrator) on CHRISTIAN-LAPG6 on 16-06-2015 13:17:18
Running from C:\- ALL\In-house Hardware and Software\System\Virus Cleaners and Killers\FRST Recovery Tool
Loaded Profiles: Christian (Available Profiles: Christian & QBDataServiceUser22 & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickBooksDB22] => C:\Program Files (x86)\Intuit\QuickBooks 2012\QBDBMgrN.exe [679936 2015-02-27] (Intuit, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-490523010-3529280521-2036877387-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-490523010-3529280521-2036877387-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.co...q={searchTerms}
SearchScopes: HKU\S-1-5-21-490523010-3529280521-2036877387-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
BHO: Media+PlayerVidEd2.5 -> {11111111-1111-1111-1111-110611791113} -> C:\Program Files (x86)\Media+PlayerVidEd2.5\Media+PlayerVidEd2.5-bho64.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-03] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-03] (Oracle Corporation)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler-x32: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll [2015-02-27] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\fkbv0kaa.default-1429128040315
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2010-08-18] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-490523010-3529280521-2036877387-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Christian\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-02-24] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2011-07-22] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2012-03-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2012-03-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2012-03-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2012-03-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2012-03-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2012-03-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2012-03-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Christian\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-03-27] (Cisco WebEx LLC)
FF Extension: DownloadTerms - C:\Program Files (x86)\Mozilla Firefox\extensions\qnecriolahfk@xzqgbwzoamwuwufy.org [2015-06-02]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-12-15] (Advanced Micro Devices, Inc.) [File not signed]
S4 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
S4 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-06-20] (Hewlett-Packard Company) [File not signed]
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-02-27] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2011-12-06] (Intuit Inc.) [File not signed]
S4 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-12-06] (Intuit Inc.) [File not signed]
S4 QuickBooksDB22; C:\Program Files (x86)\Intuit\QuickBooks 2012\QBDBMgrN.exe [679936 2015-02-27] (Intuit, Inc.) [File not signed]
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S4 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 clwvd; system32\DRIVERS\clwvd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-16 12:47 - 2015-06-16 12:47 - 00071104 _____ C:\Users\Christian\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-16 12:44 - 2015-06-16 12:49 - 00000000 ____D C:\AdwCleaner
2015-06-16 10:45 - 2015-06-16 10:45 - 00688992 _____ (Swearware) C:\Users\Christian\Downloads\dds(1).com
2015-06-16 10:39 - 2015-06-16 10:39 - 00688992 ____R (Swearware) C:\Users\Christian\Downloads\dds.com
2015-06-13 22:01 - 2015-06-13 22:17 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-06-13 22:01 - 2015-06-13 22:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-06-13 22:01 - 2015-06-13 22:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-06-13 22:00 - 2015-06-13 22:00 - 03020968 _____ (Malwarebytes ) C:\Users\Christian\Downloads\mbae-setup-1.06.1.1019.exe
2015-06-13 21:31 - 2015-06-13 21:37 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-13 21:31 - 2015-06-13 21:36 - 00001161 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-13 21:31 - 2015-06-13 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-13 21:31 - 2015-06-13 21:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-13 21:31 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-13 21:31 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-13 21:31 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-03 15:54 - 2015-06-03 15:54 - 00561248 _____ (Oracle Corporation) C:\Users\Christian\Downloads\jxpiinstall(1).exe
2015-06-02 07:55 - 2015-06-16 12:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-05-18 08:44 - 2015-05-01 07:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-18 08:44 - 2015-05-01 07:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-18 08:40 - 2015-04-21 08:33 - 14374400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-18 08:40 - 2015-04-21 08:33 - 13771776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-18 08:40 - 2015-04-21 08:33 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-18 08:40 - 2015-04-21 08:33 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-18 08:40 - 2015-04-21 08:33 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-18 08:40 - 2015-04-21 08:33 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-18 08:40 - 2015-04-21 08:33 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-18 08:40 - 2015-04-21 08:33 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-18 08:40 - 2015-04-21 08:33 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-18 08:40 - 2015-04-21 08:33 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-18 08:40 - 2015-04-21 08:33 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-18 08:40 - 2015-04-21 08:33 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-18 08:40 - 2015-04-21 08:33 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-18 08:40 - 2015-04-21 08:33 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-18 08:40 - 2015-04-21 08:33 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-05-18 08:40 - 2015-04-21 08:33 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-18 08:40 - 2015-04-21 08:33 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-18 08:40 - 2015-04-21 08:33 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-18 08:40 - 2015-04-21 08:33 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-18 08:40 - 2015-04-21 08:32 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-18 08:40 - 2015-04-21 07:53 - 02237440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-18 08:40 - 2015-04-21 07:53 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-18 08:40 - 2015-04-21 07:53 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-18 08:40 - 2015-04-21 07:53 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-18 08:40 - 2015-04-21 07:53 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-18 08:40 - 2015-04-21 07:52 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-18 08:40 - 2015-04-21 07:52 - 15414784 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-18 08:40 - 2015-04-21 07:52 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-18 08:40 - 2015-04-21 07:52 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-18 08:40 - 2015-04-21 07:52 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-18 08:40 - 2015-04-21 07:52 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-18 08:40 - 2015-04-21 07:52 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-18 08:40 - 2015-04-21 07:52 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-18 08:40 - 2015-04-21 07:52 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-18 08:40 - 2015-04-21 07:52 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-18 08:40 - 2015-04-21 07:52 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-18 08:40 - 2015-04-21 07:52 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-05-18 08:40 - 2015-04-21 07:52 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-18 08:40 - 2015-04-21 07:52 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-18 08:40 - 2015-04-21 07:52 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-18 08:40 - 2015-04-21 07:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-18 08:40 - 2015-04-17 21:06 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-18 08:40 - 2015-04-17 20:59 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-18 08:40 - 2015-04-17 20:37 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-18 08:40 - 2015-04-17 20:34 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-18 08:40 - 2015-04-17 20:12 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-05-18 08:40 - 2015-04-17 20:09 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-05-18 08:37 - 2015-05-04 19:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-18 08:37 - 2015-05-04 19:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-18 08:37 - 2015-04-19 21:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-18 08:37 - 2015-04-19 21:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-18 08:37 - 2015-04-19 20:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-18 08:37 - 2015-04-19 20:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-18 08:37 - 2015-04-17 21:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-18 08:37 - 2015-04-17 20:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-18 08:37 - 2015-04-12 21:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-18 08:37 - 2015-04-07 21:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-18 08:37 - 2015-04-07 21:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-16 13:17 - 2015-04-06 08:12 - 00000000 ____D C:\FRST
2015-06-16 13:14 - 2011-03-13 02:39 - 01760954 _____ C:\Windows\WindowsUpdate.log
2015-06-16 13:06 - 2014-11-13 15:52 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-16 12:55 - 2009-07-13 22:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-16 12:55 - 2009-07-13 22:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-16 12:47 - 2015-04-06 12:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-16 12:47 - 2014-11-13 15:52 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-16 12:47 - 2011-03-13 02:45 - 00881456 _____ C:\Windows\PFRO.log
2015-06-16 12:47 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-16 12:47 - 2009-07-13 22:51 - 00070921 _____ C:\Windows\setupact.log
2015-06-16 12:45 - 2014-02-27 06:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-16 11:01 - 2009-07-13 23:13 - 00866876 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-16 10:48 - 2015-04-13 17:03 - 00022890 _____ C:\Users\Christian\Desktop\dds.txt
2015-06-16 10:48 - 2015-04-13 17:03 - 00012576 _____ C:\Users\Christian\Desktop\attach.txt
2015-06-13 22:06 - 2011-06-22 15:00 - 00000000 ____D C:\Users\Christian\AppData\Local\CrashDumps
2015-06-10 10:47 - 2014-02-27 06:14 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-10 10:47 - 2012-11-05 09:32 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-10 10:47 - 2011-06-22 14:18 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-05 09:10 - 2012-01-14 22:35 - 00000000 ____D C:\- Degele
2015-06-03 16:37 - 2013-09-20 21:55 - 00000000 ____D C:\Users\Christian\Downloads\Ocwen
2015-06-03 16:23 - 2013-10-25 06:06 - 00000000 ____D C:\ProgramData\Oracle
2015-06-03 16:16 - 2011-01-14 12:21 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-03 15:56 - 2014-11-03 08:59 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-05-18 11:11 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2015-05-18 10:09 - 2009-07-13 22:45 - 00320048 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-18 10:08 - 2013-04-20 10:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-18 10:08 - 2013-04-20 10:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-18 10:06 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-18 09:21 - 2011-05-08 18:20 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-18 09:20 - 2012-06-23 06:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-05-18 09:20 - 2012-01-18 13:41 - 00001945 _____ C:\Windows\epplauncher.mif
2015-05-18 09:20 - 2012-01-18 13:38 - 00002176 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-18 09:20 - 2012-01-18 13:38 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-05-18 09:16 - 2013-09-01 06:55 - 00000000 ____D C:\Windows\system32\MRT
2015-05-18 08:51 - 2011-06-17 05:28 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-18 08:44 - 2013-04-20 10:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-17 20:11 - 2011-05-08 13:09 - 00003232 _____ C:\Windows\System32\Tasks\HPCeeScheduleForCHRISTIAN-LAPG6$
2015-05-17 20:11 - 2011-05-08 13:09 - 00000356 _____ C:\Windows\Tasks\HPCeeScheduleForCHRISTIAN-LAPG6$.job

==================== Files in the root of some directories =======

2012-11-09 10:21 - 2013-04-19 07:42 - 0007605 _____ () C:\Users\Christian\AppData\Local\Resmon.ResmonCfg
2012-06-08 11:19 - 2012-06-08 11:19 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-12-24 10:45 - 2015-01-21 17:35 - 0001255 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-01-08 11:08 - 2015-01-08 12:18 - 0001781 _____ () C:\ProgramData\tempimage.bmp
2011-03-13 02:49 - 2011-03-13 02:49 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2011-01-14 12:18 - 2011-01-14 12:19 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-03-13 02:49 - 2011-03-13 02:49 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2011-01-14 12:17 - 2011-01-14 12:18 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-03-13 02:48 - 2011-03-13 02:48 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2011-01-14 12:16 - 2011-01-14 12:17 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some files in TEMP:
====================
C:\Users\Christian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3favrg.dll
C:\Users\Christian\AppData\Local\Temp\Quarantine.exe
C:\Users\Christian\AppData\Local\Temp\sqlite3.dll
C:\Users\Christian\AppData\Local\Temp\swt-win32-3448.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-13 00:32

==================== End of log ============================




THE FOLLOWING IS THE ADDITION.TXT FILE CREATED BY FARBAR. YOU DID NOT
REQUEST IT, BUT I THREW IT IN ANYWAY:




Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Christian at 2015-06-16 13:19:23
Running from C:\- ALL\In-house Hardware and Software\System\Virus Cleaners and Killers\FRST Recovery Tool
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-490523010-3529280521-2036877387-500 - Administrator - Disabled)
Christian (S-1-5-21-490523010-3529280521-2036877387-1001 - Administrator - Enabled) => C:\Users\Christian
Guest (S-1-5-21-490523010-3529280521-2036877387-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-490523010-3529280521-2036877387-1006 - Limited - Enabled)
QBDataServiceUser22 (S-1-5-21-490523010-3529280521-2036877387-1007 - Limited - Enabled) => C:\Users\QBDataServiceUser22

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3sixty Freight Match (HKU\S-1-5-21-490523010-3529280521-2036877387-1001\...\136e33ada5e2a0f1) (Version: 3.8.5385.19310 - TransCore)
3sixty Freight Match Prerequisites (HKLM-x32\...\{3D38DA45-A4F2-42F1-9043-E8D606DEB38B}) (Version: 1.0.0 - TransCore)
64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}) (Version: 11.5.8.612 - Adobe Systems, Inc)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{16563676-2243-041A-DC00-5F0A34FA17F2}) (Version: 3.0.804.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
C5150n - C5200n Series GDI Driver from OKI® Printing Solutions for Windows (HKLM-x32\...\{2C52D6EB-EE7E-45C4-AFB8-1242164A4A44}) (Version: 210 - OKI® Printing Solutions)
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
ccc-core-static (x32 Version: 2010.1215.1159.21448 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-490523010-3529280521-2036877387-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
FileZilla Client 3.5.0 (HKLM-x32\...\FileZilla Client) (Version: 3.5.0 - )
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{B6A3EAE4-3727-46A4-A659-8576BF7C8C8D}) (Version: 23.0.504.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{F638F65B-B435-44E0-9382-7F90BDB003E2}) (Version: 23.0.504.0 - Hewlett-Packard Co.)
HP Documentation (HKLM-x32\...\{53CD60C7-12F9-420D-A9BF-EC8D815475A9}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP LaserJet 200 color MFP M276 (HKLM-x32\...\{CC38C23C-7824-4DBB-AC73-997CD0BBFEC7}) (Version: 5.0.12201.1116 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{ADDF4B84-5D28-4EAE-8511-EF808C8BC81C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP On Screen Display (HKLM-x32\...\{124DB96E-CBF5-44FB-AB59-7D2444DEC777}) (Version: 1.0.7 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{AF306BD8-F9D1-4627-89B9-246E59074A05}) (Version: 1.1.2 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{802C068E-0576-4F25-8137-D54B7DB0FC5E}) (Version: 8.4.4487.3576 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12845.3522 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{35D2E477-8524-4294-9D6A-D8481328389F}) (Version: 4.0.80.1 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version: - )
HP Wireless Assistant (HKLM\...\{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}) (Version: 4.0.10.0 - Hewlett-Packard Company)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM276DSService (x32 Version: 001.001.05874 - Hewlett-Packard) Hidden
HPDXP (x32 Version: 3.0.26.8 - HP) Hidden
HPLaserJet200color-MFPM276_HelpLearnCenter_SI (HKLM-x32\...\{0F044C7A-6EE1-4F03-90AC-329AAF2FCF12}) (Version: 1.01.0000 - Hewlett-Packard)
HPLJDXPHelper (x32 Version: 020.021.004 - HP) Hidden
HPLJUTCore (x32 Version: 004.005.0001 - HP) Hidden
HPLJUTM276 (x32 Version: 3.00.0003 - HP) Hidden
hppFaxDrvM276 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden
hppM276LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden
hppSendFaxM276 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) Hidden
hpStatusAlertsM276 (x32 Version: 050.034.00131 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
InstaCodecs (HKLM-x32\...\InstaCodecs_is1) (Version: 1.0 - )
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LightScribe System Software (HKLM-x32\...\{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}) (Version: 1.18.24.1 - LightScribe)
LJDXPHelperUI (x32 Version: 020.021.004 - HP) Hidden
Malwarebytes Anti-Exploit version 1.06.1.1019 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.06.1.1019 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office XP Media Content (HKLM-x32\...\{90300409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM-x32\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Outlook 2010 (HKLM-x32\...\Office14.OUTLOOK) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 9.0 - PlotSoft LLC)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Punch! Super Home Suite (HKLM-x32\...\Punch! Super Home Suite) (Version: - )
QuickBooks (x32 Version: 22.0.4016.2206 - Intuit Inc.) Hidden
QuickBooks Pro 2012 (HKLM-x32\...\{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}) (Version: 22.0.4016.2206 - Intuit Inc.)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.72 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 1.0.22 - Hewlett-Packard) Hidden
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax Audit Support Center 3.0 (HKLM-x32\...\{E371C150-A9F1-49CE-ACC1-51AEFD01C1D5}_is1) (Version: - TurboTax)
TurboTax Business 2012 (HKLM-x32\...\TurboTax Business 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax Business 2013 (HKLM-x32\...\TurboTax Business 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax Business 2014 (HKLM-x32\...\TurboTax Business 2014) (Version: 2014.0 - Intuit, Inc)
USB Disk Storage Format Tool 5.0 (HKLM\...\USB Disk Storage Format Tool_is1) (Version: - Authorsoft Corporation)
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Vocalocity Desktop (HKU\S-1-5-21-490523010-3529280521-2036877387-1001\...\2620787867.vpf.cloudapp.net) (Version: - vpf.cloudapp.net)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-490523010-3529280521-2036877387-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

==================== Restore Points =========================

28-05-2015 00:00:20 Windows Backup
29-05-2015 00:00:22 Windows Backup
29-05-2015 12:10:26 Windows Update
30-05-2015 00:00:21 Windows Backup
31-05-2015 00:00:20 Windows Backup
01-06-2015 00:00:23 Windows Backup
02-06-2015 12:11:41 Windows Update
06-06-2015 05:57:47 Windows Update
10-06-2015 06:00:19 Windows Update
14-06-2015 02:03:46 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {018AE16F-47B1-4473-835E-BE9051A68AA4} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-490523010-3529280521-2036877387-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {35DDCE7D-5F6D-4141-9604-74DCA2BB62B0} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {3C6CD6FC-BF5C-4D1B-A113-021612377A0B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {3EB186CD-4E96-4561-B1AE-181D10DDA405} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-490523010-3529280521-2036877387-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {5441AD73-2E92-4142-B2D3-EBFF3B5AC5B2} - System32\Tasks\HPCeeScheduleForCHRISTIAN-LAPG6$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {639BC907-B472-41FD-8FAF-A4BDE978D572} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-13] (Google Inc.)
Task: {74A526DD-CBB1-4486-B413-26AFAA28960A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-13] (Google Inc.)
Task: {7E5E33C6-23A4-42FF-AAAD-776C42821EA5} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2012-06-14] (Hewlett Packard)
Task: {9CA859A5-E8DA-4C4E-9A82-F2F22BB39E47} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {9DDDD51A-7DDC-4AF7-B0E8-4FBC1F67F870} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-10] (Adobe Systems Incorporated)
Task: {A510FD9A-35BC-44D7-AF3E-20B3AAF2E8BC} - System32\Tasks\{DA292985-2E3F-457B-B19B-33A62F50D8EC} => pcalua.exe -a C:\PROGRA~2\ANYTIM~1\ANYTIM~1\UNWISE.EXE -c C:\PROGRA~2\ANYTIM~1\ANYTIM~1\INSTALL.LOG
Task: {A62CD87D-A423-4C9A-9CD3-7BD604132F62} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-03-30] (Hewlett-Packard Co.)
Task: {AE5EB273-E3F7-4875-8B93-F0CD26AE03F5} - System32\Tasks\BBQLeads => C:\Program Files (x86)\bbqleads\ScheduledTask.exe
Task: {BA572EBD-20FC-4283-A45B-53C1DFCCE496} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {CE0C03DC-7F76-4A1E-B494-62E6805FAE8B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {D1B9DDD5-5CB6-4DC3-81C1-1B11FDD9CB1D} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2011-05-08] (Microsoft Corporation)
Task: {D964251A-1179-4B42-B7B6-0B7943734665} - System32\Tasks\{483ABA99-8133-495C-A2D1-B564C12954A7} => pcalua.exe -a E:\setup.exe -d E:\
Task: {F923CDFD-4391-4C01-8600-9342AC2A5754} - System32\Tasks\{3AD44D91-3CEB-443F-A7E0-6BCBD29E66BA} => pcalua.exe -a "F:\- JCD\- ALLJCD\ALL Downloads\SuperAntiSpyware W7 Internet Virus Fix\SUPERAntiSpyware.exe" -d "F:\- JCD\- ALLJCD\ALL Downloads\SuperAntiSpyware W7 Internet Virus Fix"
Task: {FC7344DD-BCAC-4F0B-855A-3899A64A9500} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForCHRISTIAN-LAPG6$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2010-01-02 08:42 - 2010-01-02 08:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-03-16 03:29 - 2011-03-16 03:29 - 02673000 _____ () C:\Windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 16:46 - 2013-02-14 16:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-490523010-3529280521-2036877387-1001\...\addon.downloadterms.com -> hxxps://addon.downloadterms.com
IE trusted site: HKU\S-1-5-21-490523010-3529280521-2036877387-1001\...\addon.downloadterms.com -> hxxp://addon.downloadterms.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-490523010-3529280521-2036877387-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D3E0E7C4-49D4-4C0B-9DA9-F17BD5E8BB8C}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{D0F9D0B6-50A4-4B9C-BD68-DD57205A6D76}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{36A89647-696F-4B72-8F38-BB690BA04CB4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{A432C1F1-CA65-409E-8007-A090F53C8F06}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{7C60CEBE-44AE-442A-B883-EE68F6EFED10}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{8B863AA4-1253-4BDA-8042-EDAAF4ED9EA6}] => (Allow) LPort=2869
FirewallRules: [{B1129A83-15F0-43CF-8877-A02D26B432C0}] => (Allow) LPort=1900
FirewallRules: [{44AE4932-A859-4F9F-9742-345C8DD2767E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{1DD0D249-EFDF-47B2-AE22-8A0B9E307A38}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{8D87BE97-7EF9-4AF3-A32F-C1495F5C8CC9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
FirewallRules: [{C4DFA506-1ED4-4DEB-A630-8B78F90A4155}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
FirewallRules: [{F6E09516-7E22-40FA-AB41-A5EBD56A1FF2}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe
FirewallRules: [{2CAF2C27-3391-4D1D-BCD0-81BE2D882A4B}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe
FirewallRules: [{F2BA140B-4909-4A85-8053-16B9330D732C}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
FirewallRules: [{49313EB7-CD37-4530-B3A9-9DF3C1208EBB}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
FirewallRules: [TCP Query User{C66C1329-A53A-4ACB-A53B-3F082ADBD5CA}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{836D3478-9C66-4321-93E5-5DEC3BD50509}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [TCP Query User{7F875F47-2C1B-43A6-95E9-14EE5C31DBCE}C:\users\christian\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\christian\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{30AF5DEF-1AA0-4E9E-8743-7AF036EBA53A}C:\users\christian\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\christian\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{086F5CB2-9F51-4613-BC0A-330334116939}C:\users\christian\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\christian\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{5D5D33FB-0073-4484-B900-7D3211D662BB}C:\users\christian\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\christian\appdata\local\akamai\netsession_win.exe
FirewallRules: [{0A10F816-9B5D-43D0-B911-0CE4936ACFF7}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{2AF1B9BB-B940-4132-BBDA-DE072B7F75A3}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe
FirewallRules: [{72BDF97C-4FD1-419E-836C-D3FFEBDABFBC}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [TCP Query User{FB99E89D-BA00-4EDE-AC8E-C60D526ED458}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{7D75039A-15F3-4322-935F-15EB9198F6F1}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
FirewallRules: [{2ECC03D9-3135-4C19-B255-9F84A3D5E070}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 200 color MFP M276\bin\FaxApplications.exe
FirewallRules: [{260576F9-6E69-40A3-81C8-B1B0FDBDC1DA}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 200 color MFP M276\bin\DigitalWizards.exe
FirewallRules: [{62E4D703-D964-469A-B114-29C5ED10E4C4}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 200 color MFP M276\Bin\HPNetworkCommunicator.exe
FirewallRules: [{A173D68F-A0EE-42EC-ABB3-786C3B72C1A1}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 200 color MFP M276\bin\EWSProxy.exe
FirewallRules: [TCP Query User{CD71A2CD-E2AE-4FE9-A304-ABDEE0B426CC}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{86357A9E-D555-4B1B-A04A-FFA93836CABB}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{76933465-7336-4007-A9E5-04CC7B73091D}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{22D76B1B-BB4C-44F9-A661-329820482E5F}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{6C90D519-2864-41F7-B2E0-F19692569645}C:\users\christian\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\christian\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{8E032694-0365-4BF3-9945-8C8BD448BDA9}C:\users\christian\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\christian\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{FBF23222-3532-475D-9213-C93788890BE8}C:\program files (x86)\intuit\quickbooks 2012\qbdbmgrn.exe] => (Allow) C:\program files (x86)\intuit\quickbooks 2012\qbdbmgrn.exe
FirewallRules: [UDP Query User{19F9B50F-8F1C-4DEE-9E5F-1315BB77450E}C:\program files (x86)\intuit\quickbooks 2012\qbdbmgrn.exe] => (Allow) C:\program files (x86)\intuit\quickbooks 2012\qbdbmgrn.exe
FirewallRules: [{7BC01A0E-E30A-40A5-BF85-619276CDEE10}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{7503180D-05F9-4371-8ACA-E38FB15ED801}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{2E7BE46F-6F32-47C6-8B75-87143BCA1BBA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
Fi

#6 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,803 posts

Posted 16 June 2015 - 10:43 PM

Hello TheGerkin

First of all you need to create a Restore point. Give it a name that you will understand. Something like---before running tools.
For information on how to create a Restore point please go here: How to create Restore Point.

Open Notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.

start

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-490523010-3529280521-2036877387-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.co...q={searchTerms}
SearchScopes: HKU\S-1-5-21-490523010-3529280521-2036877387-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}

end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png
       icon on your Desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Scan Archives and Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Note: If nothing is found, it will not produce a log.

Please post:
FRST log
ESet log (if it produced one)
Security Check log

Any further problems?

Rocket Grannie
 
a94.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#7 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,803 posts

Posted 10 January 2017 - 05:56 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
a94.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!