ProtectedIO [Archive] - Safer-Networking Forums

Pmj12343

2015-08-06, 04:40

I have Spybot 2.4 on Windows 8.1. An adware type virus powered by ProtectedIO has infected my browser. Spybot will not pick up on this. I did a manual search for ProtectedIO and deleted those files all over my computer, in the adds ons and extension, but it changed nothing. ProtectedIO still takes over as my search engine when I open a new tab and overwrites my google default homepage if I don't change it every few days. This program does not show up in my control panel even under alternative names I've researched. My browsers (internet explorer, firefox and google chrome before I deleted that browser) all say I have no add ons or extentions at all. This program makes my browser very slow, prevents me from downloading things, does not allow me to type in large textboxes on blog type sites [I'm on someone else's computer now so I can write this], makes videos unplayable if not extremely pixelated, randomly opens adware type sites and obviously fake Windows Security alerts and Flashplayer update pages asking for my phone number/payment for antiviruses, etc.

Please help,

Thanks!

1229212291

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-08-2015 01
Ran by Paige (administrator) on WINDOWS-LH3RM1K (05-08-2015 21:31:36)
Running from C:\Users\Paige\Downloads
Loaded Profiles: Paige (Available Profiles: Paige)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(SecureSoft) C:\Windows\mlwps.exe
(The Privoxy team - www.privoxy.org (http://www.privoxy.org)) C:\Program Files (x86)\IT Viewer\privoxy.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Dropbox, Inc.) C:\Users\Paige\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2014-01-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [285272 2013-12-30] (Waves Audio Ltd.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3777696 2014-01-16] (Dell Inc.)
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-03-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Elite Unzip AppIntegrator 32-bit] => C:\PROGRA~2\ELITEU~2\bar\1.bin\AppIntegrator.exe
HKLM-x32\...\Run: [Elite Unzip AppIntegrator 64-bit] => C:\PROGRA~2\ELITEU~2\bar\1.bin\AppIntegrator64.exe
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-10-16] (Cisco Systems, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [133760 2014-01-08] (Qualcomm®Atheros®)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1680917060-3121241294-2322712074-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-1680917060-3121241294-2322712074-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-1680917060-3121241294-2322712074-1002\...\Run: [pdiface] => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe -noshow
HKU\S-1-5-21-1680917060-3121241294-2322712074-1002\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1680917060-3121241294-2322712074-1002\...\Run: [Flvto Youtube Downloader] => "C:\Users\Paige\AppData\Local\Flvto Youtube Downloader\FlvtoYoutubeDownloader.exe" /minimize
HKU\S-1-5-21-1680917060-3121241294-2322712074-1002\...\Run: [Dropbox Update] => C:\Users\Paige\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-1680917060-3121241294-2322712074-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
Startup: C:\Users\Paige\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-26]
ShortcutTarget: Dropbox.lnk -> C:\Users\Paige\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Paige\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe [2015-04-25] (Leader Technologies)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paige\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paige\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paige\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paige\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paige\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paige\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paige\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paige\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-1680917060-3121241294-2322712074-1002] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1680917060-3121241294-2322712074-1002] => 127.0.0.1:8118
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1680917060-3121241294-2322712074-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.protectedio.com/?u=31d17213b455f60b7a0561a413c927e5&c=p1&src=hp&inst=1438395593
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://search.protectedio.com/search.php/?q={searchTerms}&u=31d17213b455f60b7a0561a413c927e5&c=p1&src=srch&inst=1438395593
SearchScopes: HKLM-x32 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://search.protectedio.com/search.php/?q={searchTerms}&u=31d17213b455f60b7a0561a413c927e5&c=p1&src=srch&inst=1438395593
SearchScopes: HKLM-x32 -> {63894242-d1a7-4235-a425-c124cb8f4633} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^BDG^xdm037^S11849^us&si=downloadzipfree&ptb=482AD62C-39F6-4AD4-A784-759CD985F4CA&ind=2014122020&n=780d1024&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-1680917060-3121241294-2322712074-1002 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://search.protectedio.com/search.php/?q={searchTerms}&u=31d17213b455f60b7a0561a413c927e5&c=p1&src=srch&inst=1438395593
SearchScopes: HKU\S-1-5-21-1680917060-3121241294-2322712074-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1680917060-3121241294-2322712074-1002 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1680917060-3121241294-2322712074-1002 -> {1A95DC8F-4A6D-4938-B715-50B59B516306} URL =
SearchScopes: HKU\S-1-5-21-1680917060-3121241294-2322712074-1002 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://search.protectedio.com/search.php/?q={searchTerms}&u=31d17213b455f60b7a0561a413c927e5&c=p1&src=srch&inst=1438395593
BHO: DeealEExpreSss -> {203E97AC-9562-4A53-AB67-7E93186F6413} -> C:\Program Files (x86)\DeealEExpreSss\TXUtNNMGfxDe4g.x64.dll No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO: DealEExPReses -> {B66B6D60-2BEF-4659-A212-700920CA9EAA} -> C:\Program Files (x86)\DealEExPReses\7T9fH9hNcme5Zo.x64.dll No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: DeealEExpreSss -> {203E97AC-9562-4A53-AB67-7E93186F6413} -> C:\Program Files (x86)\DeealEExpreSss\TXUtNNMGfxDe4g.dll No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO-x32: DealEExPReses -> {B66B6D60-2BEF-4659-A212-700920CA9EAA} -> C:\Program Files (x86)\DealEExPReses\7T9fH9hNcme5Zo.dll No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1680917060-3121241294-2322712074-1002 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ADCB248E-0C04-4621-9A64-CCFDB7FC90B2}: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Paige\AppData\Roaming\Mozilla\Firefox\Profiles\aiqy4c7q.default
FF NewTab: https://search.protectedio.com/?u=31d17213b455f60b7a0561a413c927e5&c=p1&src=hp&inst=1438395593
FF DefaultSearchEngine.US: Google encrypted
FF Homepage: hxxp://google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-08-03] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-08-03] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Paige\AppData\Roaming\Mozilla\Firefox\Profiles\aiqy4c7q.default\searchplugins\google-encrypted.xml [2015-07-31]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-03-25] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [318592 2014-01-08] (Windows (R) Win 7 DDK provider) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S2 CLKMSVC10_99E320F5; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe [243464 2013-08-06] (CyberLink)
R2 d65a1a66; c:\Program Files (x86)\TampaGeneration\TampaGeneration.dll [3329536 2015-01-16] () [File not signed]
R2 Live Malware Protection; C:\windows\mlwps.exe [242688 2015-07-19] (SecureSoft) [File not signed] <==== ATTENTION
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-12] (Electronic Arts)
R2 PrivoxyService; C:\Program Files (x86)\IT Viewer\privoxy.exe [371200 2015-07-22] (The Privoxy team - www.privoxy.org (http://www.privoxy.org)) [File not signed] <==== ATTENTION
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915408 2013-10-17] (SoftThinks SAS)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-24] (Advanced Micro Devices, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 Broad Fortune; "C:\Program Files (x86)\Broad Fortune\Broad Fortune.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 Mammoth Resort; "C:\Program Files (x86)\Mammoth Resort\Mammoth Resort.exe" [X]
S2 McAfeeFramework; "C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe" /ServiceStart [X]
S2 Mortified Whole; "C:\Program Files (x86)\Mortified Whole\Mortified Whole.exe" [X]
S2 Update DigiHelp; "C:\Program Files (x86)\DigiHelp\updateDigiHelp.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\System32\drivers\amdkmcsp.sys [85704 2014-02-24] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-12] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\drivers\amdpsp.sys [230088 2014-02-24] (Advanced Micro Devices, Inc. )
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881472 2013-12-12] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-08] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 dcdbas; C:\Windows\System32\drivers\dcdbas64.sys [38472 2011-02-02] (Dell Inc.)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2014-10-16] (Cisco Systems, Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-05 21:31 - 2015-08-05 21:32 - 00020206 _____ C:\Users\Paige\Downloads\FRST.txt
2015-08-05 21:31 - 2015-08-05 21:31 - 00000000 ____D C:\FRST
2015-08-05 21:30 - 2015-08-05 21:30 - 02169856 _____ (Farbar) C:\Users\Paige\Downloads\FRST64.exe
2015-08-04 21:02 - 2015-08-05 17:31 - 00004998 _____ C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for WINDOWS-LH3RM1K-Paige WINDOWS-LH3RM1K
2015-08-04 20:58 - 2015-08-04 20:58 - 00000000 ___RD C:\Users\Paige\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-08-03 18:38 - 2015-08-03 18:38 - 00000000 ____D C:\Users\Paige\AppData\Local\Macromedia
2015-08-03 18:28 - 2015-08-05 20:36 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-08-03 18:28 - 2015-08-03 18:28 - 00003718 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-08-03 18:27 - 2015-08-03 18:28 - 00000000 ____D C:\Users\Paige\AppData\Local\Adobe
2015-08-02 17:41 - 2015-08-02 17:41 - 00001767 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-08-02 17:41 - 2015-08-02 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-02 17:40 - 2015-08-02 17:41 - 00000000 ____D C:\Program Files\iTunes
2015-08-02 17:40 - 2015-08-02 17:40 - 00000000 ____D C:\Program Files\iPod
2015-08-02 17:40 - 2015-08-02 17:40 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-08-01 13:25 - 2015-08-01 13:25 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-01 13:25 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-07-31 21:44 - 2015-07-31 21:44 - 00032758 _____ C:\ProgramData\1438397003.bdinstall.bin
2015-07-31 01:01 - 2015-07-25 08:34 - 01084928 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-07-30 17:12 - 2015-07-30 17:12 - 00000000 ____D C:\Users\Paige\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-28 13:07 - 2015-07-28 12:59 - 00451043 ____R C:\windows\system32\Drivers\etc\hosts.20150728-130740.backup
2015-07-28 12:59 - 2015-07-22 12:21 - 00451923 _____ C:\windows\system32\Drivers\etc\hosts.20150728-125900.backup
2015-07-24 01:22 - 2015-07-30 17:13 - 00003628 _____ C:\windows\System32\Tasks\Audio Security Viewer
2015-07-22 20:39 - 2015-07-22 20:39 - 00000000 ____D C:\Program Files (x86)\IT Viewer
2015-07-22 18:17 - 2015-06-29 17:43 - 00026288 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-07-22 18:17 - 2015-06-29 10:07 - 01145856 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-07-22 18:17 - 2015-06-29 10:07 - 00764928 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-07-22 18:17 - 2015-06-29 10:07 - 00433152 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-07-22 18:17 - 2015-06-29 10:07 - 00067584 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-07-22 18:17 - 2015-06-26 18:21 - 00726528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-07-22 18:17 - 2015-06-26 18:21 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-07-22 18:11 - 2015-07-24 01:21 - 00001186 _____ C:\Users\Paige\Desktop\Dropbox.lnk
2015-07-21 23:15 - 2015-07-21 23:15 - 00527423 _____ ( ) C:\Users\Paige\Downloads\Lame_v3.99.3_for_Windows.exe
2015-07-21 23:15 - 2015-07-21 23:15 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2015-07-21 23:12 - 2015-07-21 23:12 - 01200163 _____ C:\Users\Paige\Downloads\7zip.exe
2015-07-21 22:38 - 2015-07-21 22:38 - 05272364 _____ (Recisio ) C:\Users\Paige\Downloads\karafunplayer_1.20.86.exe
2015-07-21 22:32 - 2015-07-21 22:32 - 15456623 _____ (Recisio ) C:\Users\Paige\Downloads\karafunplayer_2.2.6.224 (1).exe
2015-07-21 21:34 - 2015-07-21 21:35 - 15456623 _____ (Recisio ) C:\Users\Paige\Downloads\karafunplayer_2.2.6.224.exe
2015-07-21 21:21 - 2015-07-21 23:55 - 00000000 ____D C:\Users\Paige\AppData\Roaming\Audacity
2015-07-21 21:19 - 2015-07-21 21:21 - 00000000 ____D C:\Program Files (x86)\Audacity
2015-07-21 21:19 - 2015-07-21 21:19 - 00001037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-07-21 21:19 - 2015-07-21 21:19 - 00001025 _____ C:\Users\Public\Desktop\Audacity.lnk
2015-07-21 21:11 - 2015-07-21 21:11 - 25186399 _____ (Audacity Team ) C:\Users\Paige\Downloads\audacity-win-2.1.1.exe
2015-07-21 17:03 - 2015-05-11 13:17 - 01201664 ____C (Microsoft Corporation) C:\windows\system32\Drivers\bthport.sys
2015-07-21 17:03 - 2015-05-07 12:50 - 22292672 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-07-21 17:03 - 2015-05-07 12:00 - 03109376 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2015-07-21 17:03 - 2015-05-07 11:53 - 19734960 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-07-21 17:03 - 2015-05-07 11:12 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2015-07-21 17:03 - 2015-05-07 10:21 - 00522240 _____ (Microsoft Corporation) C:\windows\system32\GeofenceMonitorService.dll
2015-07-21 17:03 - 2015-05-07 10:05 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\GeofenceMonitorService.dll
2015-07-21 17:03 - 2015-05-03 10:09 - 00274944 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-21 17:03 - 2015-05-03 09:58 - 00210944 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-21 17:03 - 2015-05-03 09:55 - 00971776 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2015-07-21 17:03 - 2015-05-03 09:49 - 00811008 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2015-07-21 17:03 - 2015-05-02 19:39 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-07-21 17:03 - 2015-04-29 18:22 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\WiFiDisplay.dll
2015-07-21 17:03 - 2015-04-24 21:25 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usb8023.sys
2015-07-21 17:03 - 2014-11-04 14:25 - 00059712 ____C (Microsoft Corporation) C:\windows\system32\Drivers\kbdclass.sys
2015-07-21 17:03 - 2014-11-04 14:25 - 00051008 ____C (Microsoft Corporation) C:\windows\system32\Drivers\mouclass.sys
2015-07-21 17:03 - 2014-11-04 01:55 - 00026112 ____C (Microsoft Corporation) C:\windows\system32\Drivers\sermouse.sys
2015-07-21 17:03 - 2014-11-04 01:54 - 00108544 ____C (Microsoft Corporation) C:\windows\system32\Drivers\i8042prt.sys
2015-07-21 17:03 - 2014-11-04 01:54 - 00032256 ____C (Microsoft Corporation) C:\windows\system32\Drivers\kbdhid.sys
2015-07-21 17:03 - 2014-11-04 01:54 - 00030208 ____C (Microsoft Corporation) C:\windows\system32\Drivers\mouhid.sys
2015-07-21 17:02 - 2015-05-12 08:19 - 00294912 _____ (Microsoft Corporation) C:\windows\system32\SystemEventsBrokerServer.dll
2015-07-21 17:02 - 2015-05-11 11:34 - 00332800 _____ (Microsoft Corporation) C:\windows\system32\fhcpl.dll
2015-07-21 17:02 - 2015-05-01 18:33 - 00410739 _____ C:\windows\system32\ApnDatabase.xml
2015-07-21 17:02 - 2015-04-28 08:13 - 00513480 _____ C:\windows\SysWOW64\locale.nls
2015-07-21 17:02 - 2015-04-28 08:13 - 00513480 _____ C:\windows\system32\locale.nls
2015-07-21 17:02 - 2015-04-23 10:47 - 03084288 _____ (Microsoft Corporation) C:\windows\system32\msftedit.dll
2015-07-21 17:02 - 2015-04-23 10:16 - 02471424 _____ (Microsoft Corporation) C:\windows\SysWOW64\msftedit.dll
2015-07-21 16:37 - 2015-07-14 09:14 - 00358912 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-07-21 16:37 - 2015-07-14 09:14 - 00301056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-07-21 16:37 - 2015-07-14 09:14 - 00035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-07-21 16:37 - 2015-07-14 09:13 - 00044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-07-20 19:49 - 2015-05-03 10:07 - 07784448 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
2015-07-20 19:49 - 2015-05-03 09:57 - 05264384 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
2015-07-20 18:36 - 2015-07-20 18:36 - 00000000 ____D C:\Users\Paige\Downloads\2
2015-07-20 18:35 - 2015-07-20 18:36 - 00000000 ____D C:\Users\Paige\Downloads\3last
2015-07-20 18:34 - 2015-07-20 18:34 - 01132925 _____ C:\Users\Paige\Downloads\3last.zip
2015-07-20 18:34 - 2015-07-20 18:34 - 01129736 _____ C:\Users\Paige\Downloads\2.zip
2015-07-19 20:37 - 2015-07-19 20:37 - 00803840 _____ C:\Users\Paige\AppData\Roaming\EA28.tmp.exe
2015-07-19 20:37 - 2015-07-19 20:37 - 00242688 _____ (SecureSoft) C:\windows\mlwps.exe
2015-07-19 20:37 - 2015-07-19 20:37 - 00003346 _____ C:\windows\System32\Tasks\Malware Cleaner
2015-07-19 20:37 - 2015-07-19 20:37 - 00003284 _____ C:\windows\System32\Tasks\Security Software
2015-07-19 20:37 - 2015-07-19 20:37 - 00000000 ____D C:\Users\Paige\AppData\Roaming\Updater
2015-07-19 20:37 - 2015-07-19 20:37 - 00000000 _____ C:\Users\Paige\AppData\Roaming\EA28.tmp
2015-07-19 20:36 - 2015-07-19 20:36 - 00000000 ____D C:\Users\Paige\Downloads\Bret Easton Ellis 7 books epub
2015-07-19 20:35 - 2015-07-19 20:35 - 00093138 _____ C:\Users\Paige\Downloads\Bret Easton Ellis 7 books epub .zip
2015-07-15 10:48 - 2015-06-28 00:07 - 00442712 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-07-15 10:48 - 2015-06-28 00:07 - 00178008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-07-15 10:48 - 2015-06-28 00:06 - 01311960 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-07-15 10:48 - 2015-06-28 00:06 - 00332120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-07-15 10:48 - 2015-06-27 11:42 - 00747520 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-07-15 10:48 - 2015-06-26 22:13 - 00202240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-07-15 10:48 - 2015-06-26 22:12 - 00401408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-07-15 10:48 - 2015-06-26 22:12 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-07-15 10:48 - 2015-06-26 21:40 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-07-15 10:48 - 2015-06-26 21:05 - 01441792 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-07-15 10:48 - 2015-06-26 21:00 - 00989184 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-07-15 10:48 - 2015-06-26 20:53 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-07-15 10:48 - 2015-06-26 20:26 - 00802816 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-07-15 10:48 - 2015-06-24 21:31 - 04177920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-07-15 10:47 - 2015-07-09 14:51 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-07-15 10:47 - 2015-07-09 13:40 - 00359936 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-07-15 10:47 - 2015-07-09 11:03 - 03701760 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-07-15 10:47 - 2015-07-09 10:54 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-07-15 10:47 - 2015-07-09 10:53 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-07-15 10:47 - 2015-07-09 10:50 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-07-15 10:47 - 2015-07-09 10:50 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-07-15 10:47 - 2015-07-09 10:48 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-07-15 10:47 - 2015-07-09 10:46 - 02229248 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-07-15 10:47 - 2015-07-09 10:38 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-07-15 10:47 - 2015-07-09 10:37 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-07-15 10:47 - 2015-07-09 10:35 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-07-15 10:47 - 2015-07-09 10:34 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-07-15 10:47 - 2015-06-26 22:08 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-07-15 10:47 - 2015-06-26 22:08 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-07-15 10:47 - 2015-06-26 21:14 - 00027136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-07-15 10:47 - 2015-05-30 16:18 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\werdiagcontroller.dll
2015-07-15 10:47 - 2015-05-30 14:36 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
2015-07-15 10:47 - 2015-05-30 14:35 - 00911360 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-07-15 10:46 - 2015-06-15 17:41 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2015-07-15 10:46 - 2015-06-15 17:24 - 03320320 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2015-07-15 10:46 - 2015-06-15 16:16 - 00059904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2015-07-15 10:46 - 2015-06-15 16:09 - 03607552 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2015-07-15 10:46 - 2015-06-15 15:50 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-07-15 10:46 - 2015-06-15 14:57 - 02460160 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-07-15 10:45 - 2015-06-15 17:39 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-07-15 10:45 - 2015-06-15 17:38 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-07-15 10:45 - 2015-06-15 17:26 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-07-15 10:45 - 2015-06-15 17:24 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-07-15 10:45 - 2015-06-15 17:02 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2015-07-15 10:45 - 2015-06-15 16:58 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-07-15 10:45 - 2015-06-15 16:57 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-07-15 10:45 - 2015-06-15 16:56 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-07-15 10:45 - 2015-06-15 16:55 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-07-15 10:45 - 2015-06-15 16:49 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-07-15 10:45 - 2015-06-15 16:41 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-07-15 10:45 - 2015-06-15 16:38 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-07-15 10:45 - 2015-06-15 16:36 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-07-15 10:45 - 2015-06-15 16:17 - 02880000 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2015-07-15 10:45 - 2015-06-15 16:16 - 02427392 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-07-15 10:45 - 2015-06-15 16:15 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-07-15 10:45 - 2015-06-15 16:13 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-07-15 10:45 - 2015-06-15 16:04 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-07-15 10:45 - 2015-06-15 16:03 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-07-15 10:45 - 2015-06-15 15:52 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-07-15 10:45 - 2015-06-15 15:47 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2015-07-15 10:45 - 2015-06-15 15:44 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-07-15 10:45 - 2015-06-15 15:43 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-07-15 10:45 - 2015-06-15 15:42 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-07-15 10:45 - 2015-06-15 15:41 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-07-15 10:45 - 2015-06-15 15:37 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-07-15 10:45 - 2015-06-15 15:32 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-07-15 10:45 - 2015-06-15 15:31 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-07-15 10:45 - 2015-06-15 15:30 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-07-15 10:45 - 2015-06-15 15:30 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-07-15 10:45 - 2015-06-15 15:17 - 01048576 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2015-07-15 10:45 - 2015-06-15 15:07 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-07-15 10:45 - 2015-06-15 15:02 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-07-15 10:43 - 2015-06-16 00:36 - 01661576 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2015-07-15 10:43 - 2015-06-16 00:36 - 01212248 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2015-07-15 10:43 - 2015-06-10 22:49 - 01380600 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-07-15 10:43 - 2015-06-10 11:13 - 01097216 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-07-15 10:43 - 2015-05-07 11:47 - 00564224 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-07-15 10:42 - 2015-07-01 17:08 - 05923840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-07-15 10:42 - 2015-07-01 16:14 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-07-15 10:41 - 2015-07-02 16:21 - 19877376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-07-15 10:41 - 2015-07-02 15:50 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-07-15 10:41 - 2015-07-02 15:49 - 25193984 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-07-15 10:41 - 2015-07-02 15:23 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-07-15 10:41 - 2015-07-02 15:19 - 12855296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-07-15 10:41 - 2015-07-02 14:55 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-07-15 10:41 - 2015-07-02 14:20 - 14453248 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-07-15 10:41 - 2015-07-02 13:59 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-07-10 08:39 - 2015-07-28 18:28 - 00000000 ___HD C:\$Windows.~BT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-05 21:10 - 2015-06-17 15:59 - 00000950 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1680917060-3121241294-2322712074-1002UA.job
2015-08-05 21:10 - 2014-11-24 10:59 - 01141331 _____ C:\windows\WindowsUpdate.log
2015-08-05 21:00 - 2013-08-22 10:36 - 00000000 ____D C:\windows\system32\sru
2015-08-05 20:43 - 2014-12-05 17:07 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1680917060-3121241294-2322712074-1002
2015-08-05 20:38 - 2015-05-10 23:09 - 00001128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-05 20:38 - 2015-05-10 23:09 - 00001116 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-05 19:47 - 2013-08-22 10:36 - 00000000 ____D C:\windows\AppReadiness
2015-08-05 16:10 - 2015-06-17 15:59 - 00000898 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1680917060-3121241294-2322712074-1002Core.job
2015-08-05 12:51 - 2014-12-30 18:51 - 02681344 ___SH C:\Users\Paige\Desktop\Thumbs.db
2015-08-05 12:32 - 2013-08-22 10:36 - 00000000 ____D C:\windows\rescache
2015-08-04 21:07 - 2014-12-20 19:00 - 00000000 ____D C:\Users\Paige\AppData\Local\CrashDumps
2015-08-04 21:00 - 2014-11-24 11:00 - 01526656 _____ C:\windows\SysWOW64\rootpa.e2e
2015-08-04 20:59 - 2014-12-20 17:31 - 00000000 ___RD C:\Users\Paige\Dropbox
2015-08-04 20:59 - 2014-12-20 17:27 - 00000000 ____D C:\Users\Paige\AppData\Roaming\Dropbox
2015-08-04 20:59 - 2014-11-24 12:08 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-08-04 20:57 - 2014-12-21 11:51 - 00000000 __RDO C:\Users\Paige\OneDrive
2015-08-04 20:57 - 2014-12-05 17:01 - 00000000 ____D C:\Users\Paige
2015-08-04 20:57 - 2013-08-22 09:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-08-04 20:56 - 2014-11-24 12:53 - 00163022 _____ C:\windows\PFRO.log
2015-08-04 20:56 - 2013-08-22 09:46 - 00017329 _____ C:\windows\setupact.log
2015-08-04 20:51 - 2014-12-25 23:57 - 00000000 ____D C:\Users\Paige\AppData\Roaming\Skype
2015-08-03 12:36 - 2015-02-07 17:04 - 00065024 ___SH C:\Users\Paige\Downloads\Thumbs.db
2015-08-02 19:16 - 2014-12-20 19:51 - 00000000 ____D C:\ProgramData\WindSolutions
2015-08-02 17:40 - 2014-12-20 18:07 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-08-02 17:40 - 2014-12-20 18:06 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-01 13:25 - 2015-02-28 00:39 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-08-01 11:52 - 2013-08-22 10:20 - 00000000 ____D C:\windows\CbsTemp
2015-07-31 23:39 - 2013-08-22 08:25 - 00524288 ___SH C:\windows\system32\config\BBI
2015-07-31 23:38 - 2013-08-22 10:36 - 00000000 ___RD C:\windows\ToastData
2015-07-31 23:36 - 2013-08-22 10:36 - 00000000 ____D C:\windows\WinStore
2015-07-31 01:26 - 2015-02-15 18:22 - 00000000 ____D C:\Users\Paige\Desktop\Engs
2015-07-30 17:09 - 2015-07-05 11:59 - 00000020 _____ C:\Users\Paige\AppData\Roaming\appdataFr2.bin
2015-07-28 18:49 - 2014-11-24 10:45 - 00000000 ____D C:\windows\Panther
2015-07-28 13:19 - 2015-04-04 17:37 - 00000000 ___SD C:\windows\system32\GWX
2015-07-23 16:37 - 2014-12-05 17:03 - 00000000 ____D C:\Users\Paige\Documents\Bluetooth Folder
2015-07-22 18:03 - 2014-12-21 20:06 - 00000000 ___SD C:\windows\system32\CompatTel
2015-07-22 18:03 - 2014-12-21 20:06 - 00000000 ____D C:\windows\system32\appraiser
2015-07-21 22:26 - 2013-08-22 09:44 - 00499552 _____ C:\windows\system32\FNTCACHE.DAT
2015-07-21 22:21 - 2015-04-04 17:37 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-07-21 22:21 - 2014-12-21 11:33 - 00000000 ____D C:\windows\system32\MRT
2015-07-21 21:15 - 2014-12-20 19:51 - 00000000 ____D C:\Users\Paige\AppData\Roaming\WindSolutions
2015-07-21 21:10 - 2014-12-20 19:51 - 00001393 _____ C:\Users\Paige\Desktop\CopyTrans Control Center.lnk
2015-07-21 21:10 - 2014-12-20 19:51 - 00000000 ____D C:\Users\Paige\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Control Center
2015-07-19 14:54 - 2014-12-25 23:57 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-19 14:54 - 2014-12-25 23:56 - 00000000 ____D C:\ProgramData\Skype
2015-07-18 19:24 - 2014-12-21 13:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-17 16:05 - 2015-06-17 15:59 - 00003896 _____ C:\windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1680917060-3121241294-2322712074-1002UA
2015-07-17 16:05 - 2015-06-17 15:59 - 00003516 _____ C:\windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1680917060-3121241294-2322712074-1002Core
2015-07-15 14:55 - 2014-12-21 13:22 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-07-15 14:50 - 2013-08-22 08:25 - 00000269 _____ C:\windows\win.ini
2015-07-13 16:10 - 2013-08-22 10:38 - 00792568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-07-13 16:10 - 2013-08-22 10:38 - 00178168 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-10 16:28 - 2014-12-05 17:02 - 00000000 ____D C:\Users\Paige\AppData\Local\Packages

==================== Files in the root of some directories =======

2015-07-05 11:59 - 2015-07-30 17:09 - 0000020 _____ () C:\Users\Paige\AppData\Roaming\appdataFr2.bin
2015-02-02 23:47 - 2015-02-07 15:58 - 0000020 _____ () C:\Users\Paige\AppData\Roaming\appdataFr3.bin
2015-07-19 20:37 - 2015-07-19 20:37 - 0000000 _____ () C:\Users\Paige\AppData\Roaming\EA28.tmp
2015-07-19 20:37 - 2015-07-19 20:37 - 0803840 _____ () C:\Users\Paige\AppData\Roaming\EA28.tmp.exe
2015-02-18 21:56 - 2015-02-18 21:56 - 0000043 _____ () C:\Users\Paige\AppData\Roaming\WB.CFG
2014-12-20 18:53 - 2014-12-20 18:53 - 0000064 _____ () C:\Users\Paige\AppData\Local\ec8f4072e20c2c8b6706d1c6e5294e3d
2015-02-26 22:31 - 2015-02-26 22:31 - 0336332 _____ () C:\ProgramData\1425007655.bdinstall.bin
2015-02-26 22:31 - 2015-02-26 22:31 - 0049287 _____ () C:\ProgramData\1425007854.bdinstall.bin
2015-07-31 21:44 - 2015-07-31 21:44 - 0032758 _____ () C:\ProgramData\1438397003.bdinstall.bin
2014-11-24 12:56 - 2014-11-24 12:56 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-11-24 12:07 - 2014-11-24 12:08 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-11-24 11:58 - 2014-11-24 11:59 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-11-24 12:00 - 2014-11-24 12:03 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-11-24 12:03 - 2014-11-24 12:07 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-11-24 11:57 - 2014-11-24 11:58 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some files in TEMP:
====================
C:\Users\Paige\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf7dlr2.dll
C:\Users\Paige\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzt8eqk.dll

Some zero byte size files/folders:
==========================
C:\Windows\System32\BDSandBoxUISkin32.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-28 17:56

==================== End of log ============================

Juliet

2015-08-06, 16:05

A couple of items need to be removed from your programs list.

Daily Stats for Google Analytics (HKLM-x32\...\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}) (Version: - "") <==== ATTENTION
PathSystem (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{d65a1a66}) (Version: - SoftwareUpgrader) <==== ATTENTION

~~~
NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Running from C:\Users\Paige\Downloads

It's best we move Farbar's to desktop.

Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [Elite Unzip AppIntegrator 32-bit] => C:\PROGRA~2\ELITEU~2\bar\1.bin\AppIntegrator.exe
HKLM-x32\...\Run: [Elite Unzip AppIntegrator 64-bit] => C:\PROGRA~2\ELITEU~2\bar\1.bin\AppIntegrator64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-1680917060-3121241294-2322712074-1002] => 127.0.0.1:8118
HKU\S-1-5-21-1680917060-3121241294-2322712074-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.protectedio.com/?u=31...nst=1438395593
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://search.protectedio.com/search.php/?q={searchTerms}&u=31d17213b455f60b7a0561a413c927e5&c=p1&src=srch&inst=1438395593
SearchScopes: HKLM-x32 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://search.protectedio.com/search.php/?q={searchTerms}&u=31d17213b455f60b7a0561a413c927e5&c=p1&src=srch&inst=1438395593
SearchScopes: HKLM-x32 -> {63894242-d1a7-4235-a425-c124cb8f4633} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^BDG^xdm037^S11849^us&si=downloadzipfree&ptb=482AD62C-39F6-4AD4-A784-759CD985F4CA&ind=2014122020&n=780d1024&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-1680917060-3121241294-2322712074-1002 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://search.protectedio.com/search.php/?q={searchTerms}&u=31d17213b455f60b7a0561a413c927e5&c=p1&src=srch&inst=1438395593
SearchScopes: HKU\S-1-5-21-1680917060-3121241294-2322712074-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1680917060-3121241294-2322712074-1002 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1680917060-3121241294-2322712074-1002 -> {1A95DC8F-4A6D-4938-B715-50B59B516306} URL =
SearchScopes: HKU\S-1-5-21-1680917060-3121241294-2322712074-1002 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://search.protectedio.com/search.php/?q={searchTerms}&u=31d17213b455f60b7a0561a413c927e5&c=p1&src=srch&inst=1438395593
BHO: DeealEExpreSss -> {203E97AC-9562-4A53-AB67-7E93186F6413} -> C:\Program Files (x86)\DeealEExpreSss\TXUtNNMGfxDe4g.x64.dll No File
BHO: DealEExPReses -> {B66B6D60-2BEF-4659-A212-700920CA9EAA} -> C:\Program Files (x86)\DealEExPReses\7T9fH9hNcme5Zo.x64.dll No File
BHO-x32: DeealEExpreSss -> {203E97AC-9562-4A53-AB67-7E93186F6413} -> C:\Program Files (x86)\DeealEExpreSss\TXUtNNMGfxDe4g.dll No File
BHO-x32: DealEExPReses -> {B66B6D60-2BEF-4659-A212-700920CA9EAA} -> C:\Program Files (x86)\DealEExPReses\7T9fH9hNcme5Zo.dll No File
Toolbar: HKU\S-1-5-21-1680917060-3121241294-2322712074-1002 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File
FF NewTab: https://search.protectedio.com/?u=31...nst=1438395593
C:\Users\Paige\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf7dlr2.dll
C:\Users\Paige\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzt8eqk.dll
Task: {3DBF1BEA-DD07-4415-ABA2-5D189970EBAA} - System32\Tasks\Malware Cleaner => C:\Users\Paige\AppData\Roaming\EA28.tmp.exe [2015-07-19] () <==== ATTENTION
Task: {53F77FC3-23AA-485E-9701-2FAA4CCB9D52} - System32\Tasks\Binkiland => C:\Users\Paige\AppData\Roaming\BINKIL~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {5E0DC27A-C611-4756-AE62-2A2F32B86333} - System32\Tasks\Security Software => C:\Users\Paige\AppData\Roaming\Updater\winupd.exe [2015-07-19] () <==== ATTENTION
Task: {792D0DC1-4A2B-4CEF-9103-51256C3B9343} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
EmptyTemp:
End

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~~~~`
http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

****
please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt

Juliet

2015-08-08, 12:51

Still need help?

Juliet

2015-08-11, 12:28

Due to the lack of feedback this Topic is closed.