AdCash, YourAdExchange, etc. on my Computer

**chessdude** · 2014-12-15, 16:11

I am not even sure how this happened, because generally I keep my computers secure. But when I use my browser, a script prevents the originally visited page script from completing until I click on the page. When I click on the page, a pop up in a new tab opens with either adcash, youradexchange, or openadserving as the destination domains. I noticed a previous thread answered by OCD regarding this same topic. I think I may be victim number 2. Can anyone help?

I've tried every antivirus or malware/adware removal tool I can think of to fix this, and they never find anything considered PUP/malware or adware. I definitely need help fixing this.

Thank You!

Here are the preliminary logs for analysis:

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by Welch (administrator) on WELCH3-PC on 15-12-2014 08:56:38
Running from C:\Users\Welch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JZPYQZOR
Loaded Profiles: Welch & DefaultAppPool (Available profiles: Welch & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
() C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\Grid64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Bluebeam Software, Inc.) C:\Program Files\Bluebeam Software\Bluebeam Vu\Vu\Vu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\excel.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-11-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-11-19] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3724710116-182459274-2640236870-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-11-01] (AMD)
HKU\S-1-5-21-3724710116-182459274-2640236870-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3724710116-182459274-2640236870-1000\...\Run: [Grid] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe [401408 2013-11-01] ()
HKU\S-1-5-21-3724710116-182459274-2640236870-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-3724710116-182459274-2640236870-1000\...\RunOnce: [Adobe Speed Launcher] => 1418462502
HKU\S-1-5-21-3724710116-182459274-2640236870-1000\...\MountPoints2: {aec44cfb-d69e-11e3-9e1d-806e6f6e6963} - D:\DVDSetup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-3724710116-182459274-2640236870-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3724710116-182459274-2640236870-1000] => localhost:21320
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3724710116-182459274-2640236870-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=cmi&cd=2XzuyEtN2Y1L1QzuyEyEzz0AyD0ByCyDtDtDtBtC0FzyzztDtN0D0Tzu0StCtDtCtDtN1L2XzutAtFtBtFtCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCzztC0C0FtByB0FtG0E0BtB0CtGyE0EtCtBtGyD0DtC0FtGyCyBtBtCyE0DzyyEzytD0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyCyB0BtCzyyBtAtGyD0E0E0BtGyEtD0D0CtGzytBtAtAtGyEtBzyyE0DyD0F0D0EyByByD2Q&cr=802272550&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=cmi&cd=2XzuyEtN2Y1L1QzuyEyEzz0AyD0ByCyDtDtDtBtC0FzyzztDtN0D0Tzu0StCtDtCtDtN1L2XzutAtFtBtFtCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCzztC0C0FtByB0FtG0E0BtB0CtGyE0EtCtBtGyD0DtC0FtGyCyBtBtCyE0DzyyEzytD0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyCyB0BtCzyyBtAtGyD0E0E0BtGyEtD0D0CtGzytBtAtAtGyEtBzyyE0DyD0F0D0EyByByD2Q&cr=802272550&ir=
SearchScopes: HKU\S-1-5-21-3724710116-182459274-2640236870-1000 -> {5E9786F2-D3B8-4570-942A-046C66788F73} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3724710116-182459274-2640236870-1000 -> {9881F2A7-4D2F-4A92-A013-DDB5561F76B8} URL = https://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{65B50A6D-40BE-4DE7-B269-E291ED5CEE13}: [NameServer] 5.135.12.56,199.203.35.78

FireFox:
========
FF ProfilePath: C:\Users\Welch\AppData\Roaming\Mozilla\Firefox\Profiles\zun6qucu.default-1413382348369
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.foxnews.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3724710116-182459274-2640236870-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Welch\AppData\Local\Citrix\Plugins\104\npappdetector.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-11-01] (Advanced Micro Devices, Inc.) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 CrypKey License; C:\Windows\system32\crypserv.exe [126976 2011-10-19] (CrypKey (Canada) Ltd.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R1 NetworkX; C:\Windows\System32\ckldrv.sys [30272 2010-03-18] ()
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [64160 2014-04-25] ()
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-15 08:55 - 2014-12-15 08:56 - 00000000 ____D () C:\FRST
2014-12-15 08:49 - 2014-12-15 08:49 - 00002235 _____ () C:\Users\Welch\Desktop\Tweaking.com - Registry Backup.lnk
2014-12-15 08:49 - 2014-12-15 08:49 - 00000000 ____D () C:\Users\Welch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-12-15 08:49 - 2014-12-15 08:49 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-12-12 09:26 - 2014-12-12 09:26 - 00001402 _____ () C:\Windows\PFRO.log
2014-12-11 17:03 - 2014-12-13 03:21 - 00001296 _____ () C:\Windows\error.log
2014-12-11 17:03 - 2014-12-13 03:20 - 00000648 _____ () C:\Windows\errord.log
2014-12-11 17:03 - 2014-12-13 03:20 - 00000224 _____ () C:\Windows\setupact.log
2014-12-11 17:03 - 2014-12-11 17:03 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-11 16:53 - 2014-12-12 11:07 - 00000000 ____D () C:\Users\Welch\Documents\ProcAlyzer Dumps
2014-12-11 16:42 - 2014-11-25 08:46 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141211-164200.backup
2014-12-11 16:26 - 2014-12-11 17:15 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-11 16:26 - 2014-12-11 16:26 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-12-11 16:26 - 2014-12-11 16:26 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-12-11 16:26 - 2014-12-11 16:26 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-12-11 16:26 - 2014-12-11 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-12-11 16:26 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-12-11 16:25 - 2014-12-12 09:04 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-09 15:52 - 2014-12-09 15:52 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-09 15:47 - 2014-12-09 15:48 - 00000000 ____D () C:\Users\Welch\Documents\CCleaner Backup
2014-12-09 15:46 - 2014-12-09 15:46 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-12-09 15:46 - 2014-12-09 15:46 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-09 15:46 - 2014-12-09 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-09 15:46 - 2014-12-09 15:46 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-09 15:35 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-09 15:35 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-09 15:33 - 2014-11-26 19:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-09 15:33 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-09 15:33 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 15:33 - 2014-11-21 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 15:33 - 2014-11-21 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-09 15:33 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 15:33 - 2014-11-21 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-09 15:33 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 15:33 - 2014-11-21 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-09 15:33 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-09 15:33 - 2014-11-21 20:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 15:33 - 2014-11-21 20:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-09 15:33 - 2014-11-21 20:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 15:33 - 2014-11-21 20:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-09 15:33 - 2014-11-21 20:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-09 15:33 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 15:33 - 2014-11-21 20:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-09 15:33 - 2014-11-21 20:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-09 15:33 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-09 15:33 - 2014-11-21 20:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 15:33 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-09 15:33 - 2014-11-21 20:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-09 15:33 - 2014-11-21 20:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-09 15:33 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 15:33 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-09 15:33 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-09 15:33 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-09 15:33 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 15:33 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-09 15:33 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-09 15:33 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-09 15:33 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-09 15:33 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-09 15:33 - 2014-11-21 19:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-09 15:33 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-09 15:33 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 15:33 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-09 15:33 - 2014-11-21 19:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-09 15:33 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 15:33 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-09 15:33 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 15:33 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-09 15:33 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-09 15:33 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-09 15:33 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-09 15:33 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-09 15:33 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 15:33 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-09 15:33 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-09 15:33 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-09 15:33 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 15:33 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-09 15:33 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-09 15:33 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-09 15:33 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-09 15:33 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-09 14:38 - 2014-12-09 14:38 - 00000000 ____D () C:\Users\Welch\AppData\Roaming\ParetoLogic
2014-12-09 14:38 - 2014-12-09 14:38 - 00000000 ____D () C:\Users\Welch\AppData\Roaming\DriverCure
2014-12-09 14:37 - 2014-12-09 14:51 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-12-09 14:21 - 2014-12-03 20:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 14:21 - 2014-12-03 20:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 14:21 - 2014-12-03 20:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 14:21 - 2014-12-03 20:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 14:21 - 2014-12-03 20:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 14:21 - 2014-12-03 20:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 14:21 - 2014-12-03 20:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 14:21 - 2014-12-01 17:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-09 13:58 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 13:57 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 13:57 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 13:52 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-09 13:52 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-09 13:52 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-09 13:52 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 13:52 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-09 13:52 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-09 13:52 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 13:52 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-09 13:52 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-09 13:52 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-09 13:52 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-09 13:52 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 13:51 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 13:51 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-09 09:45 - 2014-12-09 09:45 - 00000000 ____D () C:\Users\Welch\Desktop\Bids Checked
2014-12-04 15:41 - 2014-12-04 15:41 - 00000000 ____D () C:\Users\Welch\Downloads\Stripes 1061 - Baytown TX (Downloaded 2014-08-07 11-57-15 ET)
2014-11-26 09:22 - 2014-12-10 09:05 - 00000000 ___RD () C:\Users\Welch\Dropbox
2014-11-26 09:22 - 2014-11-26 09:22 - 00001040 _____ () C:\Users\Welch\Desktop\Dropbox.lnk
2014-11-26 09:13 - 2014-11-26 09:13 - 00000000 ____D () C:\Users\Welch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-26 08:55 - 2014-12-09 11:45 - 00000000 ____D () C:\Users\Welch\AppData\Roaming\Dropbox
2014-11-25 10:57 - 2014-12-11 17:06 - 00000000 ____D () C:\Program Files (x86)\On-Screen Takeoff 3
2014-11-25 09:08 - 2014-12-03 11:29 - 00000000 ____D () C:\Windows\Minidump
2014-11-24 09:38 - 2014-11-24 09:42 - 20791640 _____ () C:\Users\Welch\Downloads\Red River Hospital - New Facility (Downloaded 2014-11-24 10-37-50 ET).zip
2014-11-20 13:57 - 2012-05-31 23:39 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll
2014-11-20 13:57 - 2012-05-31 23:36 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll
2014-11-20 13:57 - 2012-05-31 23:36 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll
2014-11-20 13:57 - 2012-05-31 23:35 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll
2014-11-20 13:57 - 2012-05-31 23:34 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll
2014-11-20 13:57 - 2012-05-31 23:33 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe
2014-11-20 13:57 - 2012-05-31 22:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll
2014-11-20 13:57 - 2012-05-31 22:37 - 00154624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll
2014-11-20 13:57 - 2012-05-31 22:37 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll
2014-11-20 13:57 - 2012-05-31 22:35 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll
2014-11-20 13:57 - 2012-05-31 22:35 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll
2014-11-20 13:57 - 2012-05-31 22:34 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe
2014-11-20 09:15 - 2014-12-03 09:33 - 00000000 ____D () C:\Users\DefaultAppPool
2014-11-20 09:15 - 2014-11-20 09:15 - 00000020 ___SH () C:\Users\DefaultAppPool\ntuser.ini
2014-11-20 09:15 - 2014-05-08 10:46 - 00002100 _____ () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-11-20 09:15 - 2009-07-13 22:54 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-20 09:15 - 2009-07-13 22:49 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-20 09:00 - 2014-11-20 09:00 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices
2014-11-20 08:59 - 2014-11-20 08:59 - 00000000 ____D () C:\Windows\system32\BestPractices
2014-11-20 08:59 - 2014-11-20 08:59 - 00000000 ____D () C:\inetpub
2014-11-19 03:15 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 03:15 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 03:15 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 03:15 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-17 15:57 - 2014-11-17 16:05 - 29772514 _____ () C:\Users\Welch\Downloads\CVS 10405.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-15 08:55 - 2009-07-13 22:45 - 00032080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-15 08:55 - 2009-07-13 22:45 - 00032080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-15 08:40 - 2014-05-07 14:05 - 01196681 _____ () C:\Windows\WindowsUpdate.log
2014-12-15 08:32 - 2014-05-08 08:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-15 08:20 - 2014-05-15 14:56 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-15 08:09 - 2009-07-13 23:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-12-15 08:00 - 2014-06-02 08:52 - 00000000 ____D () C:\Users\Welch\Desktop\Bid lists
2014-12-15 07:08 - 2014-06-10 10:54 - 00000679 _____ () C:\Windows\BRRBCOM.INI
2014-12-15 00:20 - 2014-05-15 14:56 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-14 03:01 - 2014-06-09 10:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-14 03:00 - 2014-06-09 10:35 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-14 03:00 - 2014-06-09 10:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-13 03:27 - 2009-07-13 23:13 - 00904712 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-13 03:21 - 2009-07-13 20:34 - 00000423 _____ () C:\Windows\win.ini
2014-12-13 03:20 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-12 17:46 - 2014-05-14 08:08 - 00029665 _____ () C:\Users\Welch\Desktop\Vendor List.xlsx
2014-12-12 09:26 - 2014-06-19 10:50 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-12 09:11 - 2014-10-17 09:55 - 00000000 ____D () C:\Users\Welch\Documents\McAfee Vaults
2014-12-11 15:57 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-09 20:32 - 2014-05-08 08:24 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 20:32 - 2014-05-08 08:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-09 20:32 - 2014-05-08 08:24 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-09 18:55 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-12-09 15:52 - 2014-05-07 15:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-09 15:52 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-09 15:52 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-09 15:50 - 2014-05-08 05:50 - 00000000 ____D () C:\Windows\Panther
2014-12-09 15:38 - 2014-05-07 14:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-09 15:35 - 2014-05-07 14:54 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 11:47 - 2014-05-08 08:26 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-09 10:25 - 2014-05-13 10:30 - 00000000 ____D () C:\Users\Welch\Desktop\Justin's Estimates
2014-12-08 14:49 - 2014-05-13 10:30 - 00334336 _____ () C:\Users\Welch\Desktop\BLANK_WORKSHEET.xls
2014-12-05 12:44 - 2014-06-10 09:34 - 00000000 ____D () C:\Users\Welch\Desktop\Bids Emailed Out
2014-12-05 05:04 - 2014-10-07 09:01 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-05 05:04 - 2014-05-08 08:03 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-03 11:29 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-12-03 09:31 - 2014-05-07 14:05 - 00000000 __SHD () C:\Recovery
2014-12-03 09:31 - 2014-05-07 14:05 - 00000000 ____D () C:\Users\Welch
2014-12-03 09:31 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\Recovery
2014-12-03 09:30 - 2011-04-12 02:28 - 00000000 ____D () C:\Windows\CSC
2014-12-02 07:56 - 2014-05-07 14:10 - 00900874 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-11-25 10:58 - 2014-06-10 10:48 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-11-25 10:55 - 2014-05-13 11:44 - 00000000 ____D () C:\Users\Welch\AppData\Local\Downloaded Installations
2014-11-21 03:15 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2014-11-21 03:15 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-11-20 12:31 - 2014-09-18 19:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-20 12:29 - 2014-05-15 14:56 - 00000000 ____D () C:\Users\Welch\AppData\Local\Google
2014-11-19 17:08 - 2009-07-13 20:34 - 00017463 _____ () C:\Windows\system32\Drivers\etc\services
2014-11-19 16:18 - 2014-05-08 10:36 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-15 00:15 - 2014-05-15 14:56 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-15 00:15 - 2014-05-15 14:56 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-15 00:22

==================== End Of Log ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01
Ran by Welch at 2014-12-15 08:57:12
Running from C:\Users\Welch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JZPYQZOR
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Enabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
AccXES (HKLM-x32\...\AccXES) (Version: 15.0.4.6 - Xerox Corporation)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{76E8353E-9CE9-ED86-8631-7FBE17A17C31}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Bluebeam Vu 12 x64 (HKLM-x32\...\InstallShield_{E8E5EDE8-E5E7-4CC8-9B1C-49A6BF479063}) (Version: 12.1.0 - Bluebeam Software)
Bluebeam Vu 12 x64 (Version: 12.1.0 - Bluebeam Software) Hidden
Brother MFL-Pro Suite MFC-9340CDW (HKLM-x32\...\{E98A9C92-E767-475B-8BC6-8780A86DDC72}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-3724710116-182459274-2640236870-1000\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 100 Mobile L411 (HKLM\...\{2F05CC40-BD08-42B3-AC6E-6E740B344729}) (Version: 14.0 - HP)
HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
L411 (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
L411_Help (x32 Version: 1.000.000.000 - Hewlett-Packard) Hidden
L411_Software_Min (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft OLE DB Provider for Visual FoxPro (HKLM-x32\...\{200212F5-36B0-403A-950F-80B989132A10}) (Version: 8.00.0000.3117 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3724710116-182459274-2640236870-1000\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Scansoft PDF Professional (x32 Version: - ) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3724710116-182459274-2640236870-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Welch\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3724710116-182459274-2640236870-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Welch\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3724710116-182459274-2640236870-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Welch\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3724710116-182459274-2640236870-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Welch\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3724710116-182459274-2640236870-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Welch\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3724710116-182459274-2640236870-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Welch\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3724710116-182459274-2640236870-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Welch\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3724710116-182459274-2640236870-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Welch\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3724710116-182459274-2640236870-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Welch\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3724710116-182459274-2640236870-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Welch\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3724710116-182459274-2640236870-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Welch\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3724710116-182459274-2640236870-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Welch\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3724710116-182459274-2640236870-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Welch\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3724710116-182459274-2640236870-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Welch\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

09-12-2014 21:33:27 Windows Update
11-12-2014 23:05:03 Removed On-Screen Takeoff.
12-12-2014 15:04:42 System Repair (Spybot - Search & Destroy+AV 2.4, administrator p
13-12-2014 09:00:12 Windows Update
14-12-2014 09:00:11 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2014-12-11 16:42 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02AF0367-9145-4FC1-AFE4-E0750387DC78} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {126C8109-06FA-44CB-96C9-A4F85967A1A9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {12D234DA-B8A2-484E-AD08-3401EBBEB0D0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {261EEE8F-71DC-477C-9E35-21BE3FD3B39C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-15] (Google Inc.)
Task: {3F04F183-D3AE-476F-814A-0BD7B97A47D0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {3F30AB1F-15DC-46A4-BD6B-4F2B5CB929AF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-15] (Google Inc.)
Task: {3FBCB880-5541-41DC-BDE3-B8981FB499AA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {5AE28D8A-CC78-4BF8-9CEF-AF98938FC555} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {7A3B4E37-9B06-4E48-9E26-C268A992D669} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {A01AC9C5-A1F2-48A7-8635-380B899A0E61} - System32\Tasks\{DC85850A-738D-42CA-B275-5EE6E9D07E24} => pcalua.exe -a "C:\Users\Welch\Documents\Xerox_Wide_Format_with_FreeFlow_Accxes_Print_Drivers_15_0_5_SIGNED\Xerox Wide Format with FreeFlow Accxes Print Drivers 15.0.5 SIGNED\XFAInstaller.exe" -d "C:\Users\Welch\Documents\Xerox_Wide_Format_with_FreeFlow_Accxes_Print_Drivers_15_0_5_SIGNED\Xerox Wide Format with FreeFlow Accxes Print Drivers 15.0.5 SIGNED"
Task: {B83C51D1-8F9D-4865-8FC1-9A31E4E4AF85} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {E6B73C81-CB9B-49BC-BB66-49CBA26E9EB3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E7F6CCAF-9DFE-4585-AE2C-DB436EB014A9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {F31B46B6-BBB5-4613-9821-E340252A6E52} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-01 10:46 - 2013-11-01 10:46 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-07-26 04:59 - 2013-07-26 04:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-07-26 04:59 - 2013-07-26 04:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-11-01 10:46 - 2013-11-01 10:46 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-05-08 10:36 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-06-10 10:54 - 2005-04-21 22:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2014-08-28 02:46 - 2014-09-23 07:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-11-01 10:35 - 2013-11-01 10:35 - 00401408 _____ () C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe
2013-11-01 10:46 - 2013-11-01 10:46 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-11-11 17:38 - 2014-11-11 17:38 - 25573376 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Bluebeam.Revu\49afc5151b9680730b4a1479b6016075\Bluebeam.Revu.ni.dll
2014-05-08 15:44 - 2014-05-08 15:44 - 00371712 _____ () C:\Windows\system32\Bluebeam JPX Library.dll
2014-12-11 16:26 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-12-11 16:26 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-12-11 16:26 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-12-11 16:26 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-12-11 16:26 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-06-10 10:53 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-06-19 10:56 - 2014-11-18 04:58 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2014-06-19 10:56 - 2014-11-18 04:58 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-08-28 02:36 - 2014-10-14 10:29 - 01032352 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-3724710116-182459274-2640236870-500 - Administrator - Disabled)
Guest (S-1-5-21-3724710116-182459274-2640236870-501 - Limited - Enabled)
Welch (S-1-5-21-3724710116-182459274-2640236870-1000 - Administrator - Enabled) => C:\Users\Welch

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/14/2014 07:00:00 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (12/13/2014 03:20:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/12/2014 01:48:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SDWelcome.exe version 2.4.40.130 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: aa8

Start Time: 01d01620323db3d7

Termination Time: 0

Application Path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe

Report Id: c88167f6-8237-11e4-aa73-448a5b650021

Error: (12/12/2014 09:27:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/12/2014 08:08:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2014 05:12:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2014 05:04:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2014 04:51:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SDFiles.exe version 2.4.40.135 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: fe8

Start Time: 01d01593ce1d8a49

Termination Time: 16

Application Path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe

Report Id: 95d51290-8187-11e4-b1cf-448a5b650021

Error: (12/11/2014 03:56:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1c50

Start Time: 01d0158b5a628fa9

Termination Time: 20

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (12/11/2014 03:29:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 18e4

Start Time: 01d0157ef1cdf47b

Termination Time: 22

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

System errors:
=============
Error: (12/13/2014 03:17:59 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {548E275F-0290-40E7-B454-738B0C61DE60}

Error: (12/13/2014 03:17:01 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (12/12/2014 09:12:41 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (12/12/2014 08:06:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/12/2014 03:01:56 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (12/11/2014 05:20:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/11/2014 05:20:50 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (12/11/2014 05:20:50 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (12/11/2014 05:15:08 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084McNaiAnn{C90134D2-4AE9-407A-919A-4A2EF09C6C51}

Error: (12/11/2014 05:15:08 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084McNaiAnn{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Microsoft Office Sessions:
=========================
Error: (12/14/2014 07:00:00 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (12/13/2014 03:20:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/12/2014 01:48:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SDWelcome.exe2.4.40.130aa801d01620323db3d70C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exec88167f6-8237-11e4-aa73-448a5b650021

Error: (12/12/2014 09:27:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/12/2014 08:08:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2014 05:12:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2014 05:04:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2014 04:51:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SDFiles.exe2.4.40.135fe801d01593ce1d8a4916C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe95d51290-8187-11e4-b1cf-448a5b650021

Error: (12/11/2014 03:56:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.174961c5001d0158b5a628fa920C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (12/11/2014 03:29:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1749618e401d0157ef1cdf47b22C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

CodeIntegrity Errors:
===================================
Date: 2014-12-15 08:32:52.688
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-12-15 08:24:49.249
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-12-15 08:11:54.973
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-12-15 07:55:30.692
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-12-15 07:27:29.970
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-12-15 07:04:42.331
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD A8-6600K APU with Radeon(tm) HD Graphics
Percentage of memory in use: 45%
Total physical RAM: 7365.45 MB
Available physical RAM: 4000.96 MB
Total Pagefile: 14729.09 MB
Available Pagefile: 10828.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:874.4 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 3C43E0D3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Thank you for your assistance.

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2014-12-15 09:17:16
-----------------------------
09:17:16.534 OS Version: Windows x64 6.1.7601 Service Pack 1
09:17:16.534 Number of processors: 4 586 0x1301
09:17:16.534 ComputerName: WELCH3-PC UserName: Welch
09:17:17.494 Initialize success
09:17:17.494 VM: initialized successfully
09:17:17.494 VM: Amd CPU supported
09:36:12.395 AVAST engine defs: 14121500
09:37:23.535 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000065
09:37:23.535 Disk 0 Vendor: TOSHIBA_ MS2O Size: 953869MB BusType: 11
09:37:23.625 Disk 0 MBR read successfully
09:37:23.625 Disk 0 MBR scan
09:37:23.625 Disk 0 Windows 7 default MBR code
09:37:23.625 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:37:23.635 Disk 0 default boot code
09:37:23.645 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
09:37:23.675 Disk 0 scanning C:\Windows\system32\drivers
09:37:29.645 Service scanning
09:37:36.585 Service MSICDSetup D:\CDriver64.sys **LOCKED** 21
09:37:37.495 Service NTIOLib_1_0_C D:\NTIOLib_X64.sys **LOCKED** 21
09:37:44.785 Modules scanning
09:37:44.785 Disk 0 trace - called modules:
09:37:44.815 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
09:37:44.825 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d79060]
09:37:44.825 3 CLASSPNP.SYS[fffff880018d243f] -> nt!IofCallDriver -> [0xfffffa8007954ac0]
09:37:44.825 5 amd_xata.sys[fffff88000c8dd00] -> nt!IofCallDriver -> \Device\00000065[0xfffffa8007710060]
09:37:45.655 AVAST engine scan C:\Windows
09:37:47.315 AVAST engine scan C:\Windows\system32
09:40:06.875 AVAST engine scan C:\Windows\system32\drivers
09:40:14.605 AVAST engine scan C:\Users\Welch
09:44:20.006 AVAST engine scan C:\ProgramData
09:44:35.756 Disk 0 statistics 4266446/0/0 @ 6.12 MB/s
09:44:35.756 Scan finished successfully
09:46:01.526 Disk 0 MBR has been saved successfully to "C:\Users\Welch\Desktop\MBR.dat"
09:46:01.526 The log file has been saved successfully to "C:\Users\Welch\Desktop\aswMBR.txt"

**Juliet** · 2014-12-16, 00:29

Do you connect to the internet by the below Proxy settings?
ProxyEnable: [S-1-5-21-3724710116-182459274-2640236870-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3724710116-182459274-2640236870-1000] => localhost:21320

~~~~~~~~~~~

Running from C:\Users\Welch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JZPYQZOR

We can't use FRST running from this directory. We
ll have to download it again and have it saved to desktop.

- Save ALL Tools to your Desktop-

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.

Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.

Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser.

Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
Internet Explorer - Click the Tools menu in the upper right-corner of the browser.

Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

~~~~~~~~~~~~~~

Farbar Recovery Scan Tool (FRST) Scan

Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) andsave the file to your Desktop.
Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.

Don't click on scan or run, we'll proceed to the fix.

**
NEXT

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=cmi&cd=2XzuyEtN2Y1L1QzuyEyEzz0AyD0ByCyDtDtDtBtC0FzyzztDtN0D0Tzu0StCtDtCtDtN1L2XzutAtFtBtFtCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCzztC0C0FtByB0FtG0E0BtB0CtGyE0EtCtBtGyD0DtC0FtGyCyBtBtCyE0DzyyEzytD0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyCyB0BtCzyyBtAtGyD0E0E0BtGyEtD0D0CtGzytBtAtAtGyEtBzyyE0DyD0F0D0EyByByD2Q&cr=802272550&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=cmi&cd=2XzuyEtN2Y1L1QzuyEyEzz0AyD0ByCyDtDtDtBtC0FzyzztDtN0D0Tzu0StCtDtCtDtN1L2XzutAtFtBtFtCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCzztC0C0FtByB0FtG0E0BtB0CtGyE0EtCtBtGyD0DtC0FtGyCyBtBtCyE0DzyyEzytD0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyCyB0BtCzyyBtAtGyD0E0E0BtGyEtD0D0CtGzytBtAtAtGyEtBzyyE0DyD0F0D0EyByByD2Q&cr=802272550&ir=
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Task: {02AF0367-9145-4FC1-AFE4-E0750387DC78} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {7A3B4E37-9B06-4E48-9E26-C268A992D669} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {B83C51D1-8F9D-4865-8FC1-9A31E4E4AF85} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: {F31B46B6-BBB5-4613-9821-E340252A6E52} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
EmptyTemp:
Hosts:
End

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt

**Juliet** · 2014-12-16, 00:30

Also, do this next:

Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

Proceed with the reset once done.

Internet Explorer: How to reset Internet Explorer settings
Firefox:Reset Firefox
Chrome: Chrome - Reset browser settings

**chessdude** · 2014-12-16, 15:42

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01
Ran by Welch at 2014-12-16 08:37:56 Run:6
Running from C:\Users\Welch\Desktop
Loaded Profile: Welch (Available profiles: Welch)
Boot Mode: Safe Mode (minimal)
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=cmi&cd=2XzuyEtN2Y1L1QzuyEyEzz0AyD0ByCyDtDtDtBtC0FzyzztDtN0D0Tzu0StCtDtCtDtN1L2XzutAtFtBtFtCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCzztC0C0FtByB0FtG0E0BtB0CtGyE0EtCtBtGyD0DtC0FtGyCyBtBtCyE0DzyyEzytD0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyCyB0BtCzyyBtAtGyD0E0E0BtGyEtD0D0CtGzytBtAtAtGyEtBzyyE0DyD0F0D0EyByByD2Q&cr=802272550&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=cmi&cd=2XzuyEtN2Y1L1QzuyEyEzz0AyD0ByCyDtDtDtBtC0FzyzztDtN0D0Tzu0StCtDtCtDtN1L2XzutAtFtBtFtCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCzztC0C0FtByB0FtG0E0BtB0CtGyE0EtCtBtGyD0DtC0FtGyCyBtBtCyE0DzyyEzytD0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyCyB0BtCzyyBtAtGyD0E0E0BtGyEtD0D0CtGzytBtAtAtGyEtBzyyE0DyD0F0D0EyByByD2Q&cr=802272550&ir=
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Task: {02AF0367-9145-4FC1-AFE4-E0750387DC78} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {7A3B4E37-9B06-4E48-9E26-C268A992D669} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {B83C51D1-8F9D-4865-8FC1-9A31E4E4AF85} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: {F31B46B6-BBB5-4613-9821-E340252A6E52} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02AF0367-9145-4FC1-AFE4-E0750387DC78}" => Key not found.
C:\Windows\System32\Tasks\LaunchSignup not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A3B4E37-9B06-4E48-9E26-C268A992D669}" => Key not found.
C:\Windows\System32\Tasks\APSnotifierPP3 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B83C51D1-8F9D-4865-8FC1-9A31E4E4AF85}" => Key not found.
C:\Windows\System32\Tasks\APSnotifierPP1 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => Key not found.
"C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F31B46B6-BBB5-4613-9821-E340252A6E52}" => Key not found.
C:\Windows\System32\Tasks\APSnotifierPP2 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2" => Key not found.
C:\Windows\Tasks\APSnotifierPP1.job not found.
C:\Windows\Tasks\APSnotifierPP2.job not found.
C:\Windows\Tasks\APSnotifierPP3.job not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 476.4 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

**chessdude** · 2014-12-16, 15:59

# AdwCleaner v4.105 - Report created 16/12/2014 at 08:56:42
# Updated 08/12/2014 by Xplode
# Database : 2014-12-13.4 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Welch - WELCH3-PC
# Running from : C:\Users\Welch\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
Folder Deleted : C:\Users\Welch\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Welch\AppData\Roaming\ap_logs
Folder Deleted : C:\Users\Welch\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Welch\AppData\Roaming\ParetoLogic
File Deleted : C:\Users\Welch\AppData\Roaming\Mozilla\Firefox\Profiles\dng8mxi4.default\user.js

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\DriverRestore
Key Deleted : HKCU\Software\StormWatch
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : [x64] HKLM\SOFTWARE\System Optimizer Pro

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Mozilla Firefox v

[dng8mxi4.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=cmi&cd=2XzuyEtN2Y1L1QzuyEyEzz0AyD0ByCyDtDtDtBtC0FzyzztDtN0D0Tzu0StCtDtCtDtN1L2XzutAtFtBtFtCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B[...]
[dng8mxi4.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=cmi&cd=2XzuyEtN2Y1L1QzuyEyEzz0AyD0ByCyDtDtDtBtC0FzyzztDtN0D0Tzu0StCtDtCtDtN1L2XzutAtFtBtFtCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G[...]
[dng8mxi4.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
[dng8mxi4.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
[dng8mxi4.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=cmi&cd=2XzuyEtN2Y1L1QzuyEyEzz0AyD0ByCyDtDtDtBtC0FzyzztDtN0D0Tzu0StCtDtCtDtN1L2XzutAtFtBtFtCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L[...]

*************************

AdwCleaner[R0].txt - [3256 octets] - [16/12/2014 08:55:15]
AdwCleaner[S0].txt - [2992 octets] - [16/12/2014 08:56:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3052 octets] ##########

**Juliet** · 2014-12-16, 16:40

JRT.txt

Browser reset?

Do you connect to the internet by the below Proxy settings?
ProxyEnable: [S-1-5-21-3724710116-182459274-2640236870-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3724710116-182459274-2640236870-1000] => localhost:21320

**chessdude** · 2014-12-16, 18:21

Originally Posted by Juliet

JRT.txt

Browser reset?

Do you connect to the internet by the below Proxy settings?
ProxyEnable: [S-1-5-21-3724710116-182459274-2640236870-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3724710116-182459274-2640236870-1000] => localhost:21320

The local host is the SpyBot S&D proxy for live scanning purposes for all downloads.

**Juliet** · 2014-12-16, 21:37

We're you able to run junkware-removal-tool (JRT.txt)

Did you do the Browser reset?

How's your computer now?

**chessdude** · 2014-12-16, 21:51

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Professional x64
Ran by Welch on Tue 12/16/2014 at 14:47:57.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 12/16/2014 at 14:49:06.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

**chessdude** · 2014-12-16, 23:13

No change in behavior with web surfing. Script causes overlay of page visited and until I click somewhere on the page, ANYWHERE, it will not allow the original script to continue.

Thread: AdCash, YourAdExchange, etc. on my Computer

Thread Tools

Display

AdCash, YourAdExchange, etc. on my Computer

JRT.txt

Problem persists

Tags for this Thread

Posting Permissions