Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Infected PC assistance, please

  1. #1
    Junior Member
    Join Date
    Nov 2014
    Posts
    10

    Default Infected PC assistance, please

    Toshiba laptop, suspected infection.
    Following the instructions, I have downloaded and run the FRST tool. Logs are attached below.
    Attempt to run the aswMBR software gives the following error:
    This application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the commands-line sxstrace.exe tool for more detail.

    The software doesn't even appear to load, just gives the error message.
    What is next?

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
    Ran by Phyllis (administrator) on FLISS-PC on 01-07-2015 09:29:11
    Running from C:\Users\Phyllis\Downloads
    Loaded Profiles: Phyllis (Available Profiles: Phyllis)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser not detected!)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
    () C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
    (Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
    (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    () C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
    (Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    (Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJHE.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (AOL Inc.) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
    (AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1354478747\ee\aolsoftware.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
    (AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\shellmon.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe\livecomm.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
    (Microsoft Corporation) C:\Windows\splwow64.exe
    () C:\Program Files (x86)\user extensions\Client.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-12-10] (Realtek Semiconductor)
    HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-19] (SRS Labs, Inc.)
    HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
    HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
    HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
    HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
    HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
    HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
    HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
    HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1354478747\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [1532760 2011-06-14] (Intuit Inc. All rights reserved.)
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [MyScrapNook_12 Browser Plugin Loader 64] => C:\PROGRA~2\MYSCRA~2\bar\1.bin\12brmon64.exe
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
    HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\Run: [GoogleChromeAutoLaunch_6D30DC84AE17C59FB8CC40451744E7AB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-06] (Google Inc.)
    HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.7\AOL.EXE [72312 2012-10-15] (AOL Inc.)
    HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
    HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJHE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\MountPoints2: {3c5fdbdf-2607-11e4-bebc-008cfa249fa0} - "F:\VZW_Software_upgrade_assistant.exe"
    IFEO\bbqleads.exe: [Debugger] TaskList.exe
    IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe
    IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe
    IFEO\bbqquotes.exe: [Debugger] TaskList.exe
    IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
    IFEO\donutleads.exe: [Debugger] TaskList.exe
    IFEO\donutquotes.exe: [Debugger] TaskList.exe
    IFEO\internetenhancer.exe: [Debugger] TaskList.exe
    IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
    IFEO\pastaleads.exe: [Debugger] TaskList.exe
    IFEO\pastaquotes.exe: [Debugger] TaskList.exe
    IFEO\theanswerfinder.exe: [Debugger] TaskList.exe
    IFEO\wajam.exe: [Debugger] TaskList.exe
    IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
    IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
    IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
    IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2014-03-24]
    ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
    Startup: C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-03-15]
    ShortcutTarget: Dropbox.lnk -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2014-10-16]
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
    BootExecute: autocheck autochk * sdnclean64.exe
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
    ProxyServer: [.DEFAULT] => 127.0.0.1:5050
    ProxyEnable: [S-1-5-19] => Internet Explorer proxy is enabled
    ProxyServer: [S-1-5-19] => 127.0.0.1:5050
    ProxyEnable: [S-1-5-20] => Internet Explorer proxy is enabled
    ProxyServer: [S-1-5-20] => 127.0.0.1:5050
    ProxyEnable: [S-1-5-21-2892764592-418514559-672794576-1001] => Internet Explorer proxy is enabled
    ProxyServer: [S-1-5-21-2892764592-418514559-672794576-1001] => http=127.0.0.1:57186;https=127.0.0.1:57186
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
    HKU\S-1-5-21-2892764592-418514559-672794576-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    HKU\S-1-5-21-2892764592-418514559-672794576-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
    HKU\S-1-5-21-2892764592-418514559-672794576-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
    SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
    SearchScopes: HKLM-x32 -> {35e9438f-19d4-4516-b2ac-59ba9241de4d} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^9N^xdm002^YYA^us&si=COK3wKzAtMACFQ5rfgodtZAAdw&ptb=FCDBCF0F-F543-421E-AAF8-B743328E2503&ind=2014082718&n=780c769e&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKLM-x32 -> {F4330669-21DD-4EC9-9229-36A6B961BCE7} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
    SearchScopes: HKU\S-1-5-21-2892764592-418514559-672794576-1001 -> DefaultScope {048D2143-D367-4A45-A69F-DC3A25832DEC} URL =
    SearchScopes: HKU\S-1-5-21-2892764592-418514559-672794576-1001 -> {048D2143-D367-4A45-A69F-DC3A25832DEC} URL =
    SearchScopes: HKU\S-1-5-21-2892764592-418514559-672794576-1001 -> {35e9438f-19d4-4516-b2ac-59ba9241de4d} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^9N^xdm002^YYA^us&si=COK3wKzAtMACFQ5rfgodtZAAdw&ptb=FCDBCF0F-F543-421E-AAF8-B743328E2503&ind=2014082718&n=780c769e&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKU\S-1-5-21-2892764592-418514559-672794576-1001 -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
    BHO: AOL Toolbar Loader -> {3ef64538-8b54-4573-b48f-4d34b0238ab2} -> C:\Program Files\AOL Toolbar\aoltb.dll [2015-02-19] (AOL Inc.)
    BHO: No Name -> {6E89E1D3-C66F-41C4-A648-CD91544E99C3} -> No File
    BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
    BHO-x32: AOL Toolbar Loader -> {3ef64538-8b54-4573-b48f-4d34b0238ab2} -> C:\Program Files (x86)\AOL Toolbar\aoltb.dll [2015-02-19] (AOL Inc.)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-09-11] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-09-11] (Oracle Corporation)
    Toolbar: HKLM - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll No File
    Toolbar: HKLM - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll [2015-02-19] (AOL Inc.)
    Toolbar: HKLM-x32 - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll No File
    Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
    Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll [2015-02-19] (AOL Inc.)
    Toolbar: HKU\S-1-5-21-2892764592-418514559-672794576-1001 -> &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll No File
    DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/J...upClient64.cab
    DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/J...etupClient.cab
    Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll [2011-12-22] (Intuit, Inc.)
    Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\SysWOW64\mscoree.dll [2013-08-21] (Microsoft Corporation)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{37EE4EAA-F923-4C4E-94C4-59DB13A42E09}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{F536BD9A-462E-4927-858A-2809FA0FA4B8}: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll [2014-06-27] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll [2014-06-27] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-02-20] ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-09-11] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-09-11] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-14] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-14] (Google Inc.)
    FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-09-18] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2892764592-418514559-672794576-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Phyllis\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-05-20] (Citrix Online)
    FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
    FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-12-11]

    Chrome:
    =======
    CHR HomePage: Default -> https://www.google.ca/
    CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.msn.com/?pc=U147D&ocid=U147DDHP"
    CHR Profile: C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-30]
    CHR Extension: (Entanglement Web App) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-11-30]
    CHR Extension: (Google Docs) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-30]
    CHR Extension: (Google Drive) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-30]
    CHR Extension: (YouTube) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-30]
    CHR Extension: (eBay) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom [2014-11-30]
    CHR Extension: (Google Search) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-30]
    CHR Extension: (Pandora) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-11-30]
    CHR Extension: (Google Sheets) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-30]
    CHR Extension: (The Weather Channel for Chrome) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2014-11-30]
    CHR Extension: (Hangouts) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2014-11-30]
    CHR Extension: (Google Play) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2014-11-30]
    CHR Extension: (Evernote Web) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-11-30]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-19]
    CHR Extension: (Poppit!) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-11-30]
    CHR Extension: (iLivid) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2015-01-30]
    CHR Extension: (Google Wallet) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-30]
    CHR Extension: (Gmail) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-30]
    CHR Profile: C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1
    CHR Extension: (Google Slides) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-17]
    CHR Extension: (Google Docs) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-17]
    CHR Extension: (Google Drive) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-17]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-17]
    CHR Extension: (Groovorio New Tab) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm [2014-12-17]
    CHR Extension: (YouTube) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-17]
    CHR Extension: (Google Search) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-17]
    CHR Extension: (Google Sheets) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-17]
    CHR Extension: (Bookmark Manager) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2014-12-19]
    CHR Extension: (Google Wallet) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-17]
    CHR Extension: (Gmail) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-17]
    CHR HKLM\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - https://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2892764592-418514559-672794576-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - https://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
    S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
    R2 Diagnostics; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [154624 2014-10-27] () [File not signed] <==== ATTENTION
    R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
    R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-08-25] (WildTangent)
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
    R2 Proxy; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [154624 2014-10-27] () [File not signed] <==== ATTENTION
    R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2011-12-22] (Intuit) [File not signed]
    S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2008-08-08] (Intuit Inc.) [File not signed]
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-10] (Realtek Semiconductor)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
    R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-07-01 09:29 - 2015-07-01 09:30 - 00030386 _____ C:\Users\Phyllis\Downloads\FRST.txt
    2015-07-01 09:09 - 2015-07-01 09:09 - 02112512 _____ (Farbar) C:\Users\Phyllis\Downloads\FRST64.exe
    2015-07-01 08:56 - 2015-07-01 08:56 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-FLISS-PC-Windows-8.1-(64-bit).dat
    2015-07-01 08:54 - 2015-07-01 08:54 - 04720448 _____ C:\Users\Phyllis\Downloads\tweaking.com_registry_backup_setup (1).exe
    2015-07-01 08:54 - 2015-07-01 08:54 - 00002262 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2015-07-01 08:54 - 2015-07-01 08:54 - 00000000 ____D C:\RegBackup
    2015-07-01 08:54 - 2015-07-01 08:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2015-07-01 08:54 - 2015-07-01 08:54 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
    2015-07-01 08:51 - 2015-07-01 08:51 - 04720448 _____ C:\Users\Phyllis\Downloads\tweaking.com_registry_backup_setup.exe
    2015-07-01 07:37 - 2015-07-01 08:49 - 00000000 ____D C:\Program Files (x86)\user extensions
    2015-06-23 11:26 - 2015-06-23 11:26 - 00095119 _____ C:\Users\Phyllis\Downloads\CHK_859_052413_062215.QFX
    2015-06-20 15:20 - 2015-06-20 15:20 - 00000000 ____D C:\Users\Phyllis\AppData\Local\GWX
    2015-06-18 15:36 - 2015-06-29 17:34 - 00000688 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2892764592-418514559-672794576-1001.job
    2015-06-18 15:36 - 2015-06-18 15:36 - 00003692 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-2892764592-418514559-672794576-1001
    2015-06-15 09:05 - 2015-06-15 09:05 - 00000000 ____D C:\Users\Phyllis\Downloads\CRDT RPT
    2015-06-09 12:29 - 2015-06-09 12:29 - 00284832 _____ C:\WINDOWS\Minidump\060915-34328-01.dmp
    2015-06-09 11:13 - 2015-05-27 07:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2015-06-09 11:13 - 2015-05-27 07:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2015-06-09 11:13 - 2015-05-25 06:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
    2015-06-09 11:13 - 2015-05-25 06:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2015-06-09 11:13 - 2015-05-22 06:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2015-06-09 11:13 - 2015-05-21 06:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2015-06-09 11:13 - 2015-05-21 06:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2015-06-09 11:13 - 2015-05-21 06:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2015-06-09 11:13 - 2015-05-21 06:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2015-06-09 11:13 - 2015-05-21 06:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2015-06-09 11:13 - 2015-05-21 06:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2015-06-09 11:13 - 2015-04-24 19:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
    2015-06-09 11:13 - 2015-04-24 19:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
    2015-06-09 11:13 - 2015-04-16 15:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
    2015-06-09 11:13 - 2015-04-15 23:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
    2015-06-09 11:13 - 2015-04-13 15:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
    2015-06-09 11:13 - 2015-04-13 15:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
    2015-06-09 11:13 - 2015-04-09 17:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
    2015-06-09 11:13 - 2015-04-09 17:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
    2015-06-09 11:13 - 2015-04-08 15:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
    2015-06-09 11:13 - 2015-04-08 15:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
    2015-06-09 11:13 - 2015-04-01 15:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
    2015-06-09 11:13 - 2015-04-01 15:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
    2015-06-09 11:13 - 2015-03-31 21:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
    2015-06-09 11:13 - 2015-03-31 21:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
    2015-06-09 11:13 - 2015-03-31 21:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
    2015-06-09 11:13 - 2015-03-31 21:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
    2015-06-09 11:13 - 2015-03-31 20:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
    2015-06-09 11:13 - 2015-03-31 20:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
    2015-06-09 11:13 - 2015-03-31 20:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
    2015-06-09 11:13 - 2015-03-31 19:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
    2015-06-09 11:13 - 2015-03-31 19:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
    2015-06-09 11:13 - 2015-03-31 19:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
    2015-06-09 11:13 - 2015-03-31 19:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
    2015-06-09 11:13 - 2015-03-31 19:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
    2015-06-09 11:13 - 2015-03-31 19:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
    2015-06-09 11:13 - 2015-03-19 20:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
    2015-06-09 11:13 - 2015-03-19 20:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
    2015-06-09 11:13 - 2015-03-19 19:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
    2015-06-09 11:13 - 2015-03-19 19:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2015-06-09 11:13 - 2015-03-01 18:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
    2015-06-09 11:13 - 2015-03-01 18:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
    2015-06-09 11:12 - 2015-05-22 20:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2015-06-09 11:12 - 2015-05-22 20:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
    2015-06-09 11:12 - 2015-05-22 20:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2015-06-09 11:12 - 2015-05-22 20:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2015-06-09 11:12 - 2015-05-22 20:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2015-06-09 11:12 - 2015-05-22 19:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2015-06-09 11:12 - 2015-05-22 19:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2015-06-09 11:12 - 2015-05-22 19:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2015-06-09 11:12 - 2015-05-22 19:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
    2015-06-09 11:12 - 2015-05-22 19:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2015-06-09 11:12 - 2015-05-22 19:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2015-06-09 11:12 - 2015-05-22 19:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2015-06-09 11:12 - 2015-05-22 19:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2015-06-09 11:12 - 2015-05-22 19:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2015-06-09 11:12 - 2015-05-22 19:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
    2015-06-09 11:12 - 2015-05-22 19:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2015-06-09 11:12 - 2015-05-22 19:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2015-06-09 11:12 - 2015-05-22 19:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2015-06-09 11:12 - 2015-05-22 12:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2015-06-09 11:12 - 2015-05-22 12:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2015-06-09 11:12 - 2015-05-22 12:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
    2015-06-09 11:12 - 2015-05-22 11:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2015-06-09 11:12 - 2015-05-22 11:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
    2015-06-09 11:12 - 2015-05-22 11:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2015-06-09 11:12 - 2015-05-22 11:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2015-06-09 11:12 - 2015-05-22 11:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2015-06-09 11:12 - 2015-05-22 11:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
    2015-06-09 11:12 - 2015-05-22 11:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2015-06-09 11:12 - 2015-05-22 11:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2015-06-09 11:12 - 2015-05-22 11:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
    2015-06-09 11:12 - 2015-05-22 11:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2015-06-09 11:12 - 2015-05-22 11:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2015-06-09 11:12 - 2015-05-22 11:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2015-06-09 11:12 - 2015-05-22 10:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2015-06-09 11:12 - 2015-05-22 10:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2015-06-09 11:12 - 2015-05-22 10:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
    2015-06-09 11:12 - 2015-05-22 10:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2015-06-09 11:12 - 2015-05-22 10:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2015-06-09 11:12 - 2015-05-21 09:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2015-06-08 10:58 - 2015-06-08 10:59 - 00000000 ____D C:\Users\Phyllis\Desktop\SWIM STEP

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-07-01 09:29 - 2015-04-02 20:59 - 00000000 ____D C:\FRST
    2015-07-01 09:29 - 2014-05-20 14:09 - 00000592 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2892764592-418514559-672794576-1001.job
    2015-07-01 09:19 - 2013-11-13 01:45 - 01182611 _____ C:\WINDOWS\WindowsUpdate.log
    2015-07-01 09:01 - 2012-12-02 13:00 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-07-01 09:00 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\sru
    2015-07-01 09:00 - 2012-12-02 13:03 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2892764592-418514559-672794576-1001
    2015-07-01 08:32 - 2014-06-27 07:30 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-07-01 07:37 - 2013-12-09 15:55 - 00003934 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{17C8D484-C225-452C-9A37-17C1C75A4BE3}
    2015-06-30 13:23 - 2014-03-24 13:11 - 00000000 ____D C:\Users\Phyllis\Desktop\QB FILES
    2015-06-30 13:13 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
    2015-06-29 16:53 - 2013-11-13 09:31 - 00000000 ___DO C:\Users\Phyllis\SkyDrive
    2015-06-29 16:51 - 2013-08-22 07:46 - 00315615 _____ C:\WINDOWS\setupact.log
    2015-06-29 16:51 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2015-06-29 16:51 - 2012-12-02 13:00 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-06-29 16:50 - 2013-09-29 20:55 - 00104304 _____ C:\WINDOWS\PFRO.log
    2015-06-29 16:50 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
    2015-06-29 08:54 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness
    2015-06-24 14:50 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp
    2015-06-24 14:33 - 2014-06-07 12:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
    2015-06-19 20:02 - 2014-12-12 11:09 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2015-06-19 20:02 - 2014-12-12 11:09 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2015-06-19 10:09 - 2013-11-13 01:30 - 00000000 ____D C:\Users\Phyllis
    2015-06-18 15:36 - 2014-05-20 14:09 - 00003596 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-2892764592-418514559-672794576-1001
    2015-06-15 08:50 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\rescache
    2015-06-09 12:29 - 2015-03-02 16:44 - 633630134 _____ C:\WINDOWS\MEMORY.DMP
    2015-06-09 12:29 - 2015-03-02 16:44 - 00000000 ____D C:\WINDOWS\Minidump
    2015-06-09 12:12 - 2013-08-22 07:44 - 00499704 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2015-06-09 12:07 - 2014-12-12 11:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2015-06-09 12:07 - 2014-07-12 10:49 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
    2015-06-09 12:07 - 2013-08-22 08:36 - 00000000 ___RD C:\WINDOWS\ToastData
    2015-06-09 12:07 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
    2015-06-09 11:38 - 2013-07-30 16:51 - 00000000 ____D C:\WINDOWS\system32\MRT
    2015-06-09 11:21 - 2012-12-13 04:10 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-06-09 11:19 - 2012-12-14 16:17 - 00000000 ____D C:\ProgramData\Microsoft Help
    2015-06-08 10:59 - 2013-09-29 21:04 - 00867660 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2015-06-04 13:39 - 2014-11-19 16:21 - 00001024 _____ C:\.rnd

    ==================== Files in the root of some directories =======

    2013-03-22 17:39 - 2013-03-22 17:39 - 0037681 _____ () C:\Users\Phyllis\AppData\Roaming\Comma Separated Values (Windows).ADR
    2014-11-30 12:19 - 2014-12-01 10:19 - 0000063 _____ () C:\Users\Phyllis\AppData\Roaming\WB.CFG
    2014-10-22 08:49 - 2014-10-22 08:50 - 0234768 _____ () C:\Users\Phyllis\AppData\Local\aff_setup.exe
    2014-10-22 08:49 - 2014-10-22 08:49 - 0000064 _____ () C:\Users\Phyllis\AppData\Local\ee5e50e89e154a1da709cd7363ac771c
    2014-03-24 13:38 - 2015-01-02 14:27 - 0000614 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

    Some files in TEMP:
    ====================
    C:\Users\Phyllis\AppData\Local\Temp\install_temp.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-06-29 17:15

    ==================== End of log ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
    Ran by Phyllis at 2015-07-01 09:30:29
    Running from C:\Users\Phyllis\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2892764592-418514559-672794576-500 - Administrator - Disabled)
    Guest (S-1-5-21-2892764592-418514559-672794576-501 - Limited - Disabled)
    Phyllis (S-1-5-21-2892764592-418514559-672794576-1001 - Administrator - Enabled) => C:\Users\Phyllis

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
    ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
    Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
    AOL Sync 1.0.0 (HKLM-x32\...\AOL Sync) (Version: 1.0.0 - )
    AOL Toolbar (HKLM-x32\...\AOL Toolbar) (Version: - AOL Inc.)
    AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.)
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.6 - Atheros Communications Inc.)
    Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Cache utility (HKU\.DEFAULT\...\Cache utility) (Version: 1 - Cache utility)
    Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DealAlly (HKU\.DEFAULT\...\DealAlly) (Version: 1 - Jet Applications)
    Display settings (HKU\.DEFAULT\...\Display settings) (Version: 1 - Display settings)
    Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version: - AOL Inc.) <==== ATTENTION
    Dropbox (HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
    Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
    EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
    Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
    Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
    Epson E-Web Print (HKLM-x32\...\{682A3328-9621-4BAD-91FA-873A076610C4}) (Version: 1.21.0000 - SEIKO EPSON CORPORATION)
    Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
    Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
    EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    EPSON WF-3540 Series Printer Uninstall (HKLM\...\EPSON WF-3540 Series) (Version: - SEIKO EPSON Corporation)
    EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
    Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
    FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Full Tilt Poker.Net (HKLM-x32\...\{E07B7A31-E160-466D-A003-3BB7B8989D52}) (Version: 5.6.20.WIN.FullTilt.NET - )
    GeniusBox 2.0 (HKLM-x32\...\GeniusBox) (Version: 2.0 - GeniusBox 2.0)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
    Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    GoToMeeting 7.2.1.2856 (HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\GoToMeeting) (Version: 7.2.1.2856 - CitrixOnline)
    Hoist Search (HKU\.DEFAULT\...\Hoist Search) (Version: 1 - Hoist Search)
    Inbox Toolbar (HKLM-x32\...\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1) (Version: 2.0.1.110 - Xacti, LLC)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
    iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)
    Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
    Juniper Networks Network Connect 7.4.0 (HKLM-x32\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.26411 - Juniper Networks)
    Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\Juniper_Setup_Client) (Version: 7.4.4.38461 - Juniper Networks, Inc.)
    Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
    Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
    Juniper Terminal Services Client (HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\Juniper_Term_Services) (Version: 7.1.12.21827 - Juniper Networks)
    Maptech Chartbook Companion CD (with Offshore Navigator Lite) (HKLM-x32\...\Offshore Navigator Lite) (Version: - )
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.162.0 - Microsoft Corporation)
    Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
    Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    Origin (HKLM-x32\...\Origin) (Version: 8.6.3.49 - Electronic Arts, Inc.)
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.5000 - SRS Labs, Inc.)
    QuickBooks (x32 Version: 19.0.4014.705 - Intuit Inc.) Hidden
    QuickBooks Pro 2009 (HKLM-x32\...\{9A2F0810-3622-4E86-9072-973FBE1679C5}) (Version: 19.0.4014.705 - Intuit Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
    Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
    Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)
    Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
    TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
    Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
    Toshiba Book Place (HKLM-x32\...\{C31337DE-0CDC-45A9-9A32-F099AC78D557}) (Version: 3.0.9490 - K-NFB Reading Technology, Inc.)
    TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
    TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
    TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425.01 - Toshiba Corporation)
    TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
    TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
    TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
    TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
    TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
    TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0013 - Toshiba Corporation)
    TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
    TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
    TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
    TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
    TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
    TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version: - )
    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
    WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
    WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.14 - WildTangent) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Phyllis\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Phyllis\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Phyllis\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Phyllis\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Phyllis\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

    ==================== Restore Points =========================

    09-06-2015 11:15:14 Windows Update
    16-06-2015 19:44:20 Scheduled Checkpoint
    24-06-2015 14:32:21 Installed Software Updater

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 06:25 - 2015-03-18 13:31 - 00450771 ____R C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0163A60A-7DAB-4175-A7C0-99D65A3F54B9} - System32\Tasks\G2MUploadTask-S-1-5-21-2892764592-418514559-672794576-1001 => C:\Users\Phyllis\AppData\Local\Citrix\GoToMeeting\2856\g2mupload.exe [2015-06-18] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {1943847C-FBE2-48FB-BDB8-57D89B05D7DD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {2A158861-BFC5-40C5-B726-B9C82C91AE4F} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\Phyllis\AppData\Local\GeniusBox\client.exe" <==== ATTENTION
    Task: {2B06538C-D045-4EAC-81F5-083D3A45979C} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated)
    Task: {3365089A-FE20-40B5-BBC4-6164EE661838} - System32\Tasks\Validate Installation => C:\Users\Phyllis\AppData\Local\GeniusBox\updater.exe [2014-10-21] ()
    Task: {3507FB48-A79C-4EC1-859A-620896307FFE} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.8.0.32\SymErr.exe
    Task: {39B2B9F9-2894-493E-8057-7D38AFEF0098} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02] (Google Inc.)
    Task: {4A586DDA-3C66-4519-9C3F-B664C3700E7E} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.8.0.32\SymErr.exe
    Task: {70A1086B-4DEC-4204-9D39-B12A120F4AA4} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
    Task: {7F7E40E3-7F08-45A2-9C14-82F715B95B93} - System32\Tasks\TidyNetwork Update => C:\Users\Phyllis\AppData\Local\TidyNetwork\petnupdate.exe
    Task: {803233EC-0D4E-4FC5-B1AB-6AE12D5015E1} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
    Task: {8F06AB3C-97FF-4CDC-B537-493AECE56316} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-27] (Adobe Systems Incorporated)
    Task: {9E50A75A-7515-42E2-8C9A-7201E3524228} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-11-02] (Microsoft)
    Task: {A8CC2786-A45B-4A1C-AB4D-3BDBBAAA2749} - System32\Tasks\RunTool => C:\Users\Phyllis\AppData\Local\d5a66b5f-40a9-41d5-8ed7-ea50462ae8db\install_temp.exe [2015-03-06] () <==== ATTENTION
    Task: {B312054A-0FE9-453A-8DA0-8200F2CC727E} - System32\Tasks\Check Updates => C:\Users\Phyllis\AppData\Local\GeniusBox\updater.exe [2014-10-21] ()
    Task: {B4BFEE7E-908D-477F-BC58-D41DE4F160FF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02] (Google Inc.)
    Task: {D06C9E0A-ED6D-49AB-9114-2B373F56ED84} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {D7E35D50-0DB2-498B-AB2D-8BA7C363E461} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)
    Task: {E32F07BA-F98A-4A3E-B3C3-5AA3640C89D4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-09] (Microsoft Corporation)
    Task: {F2114DE3-8651-47E7-84B9-9A1EAA2BB63D} - System32\Tasks\G2MUpdateTask-S-1-5-21-2892764592-418514559-672794576-1001 => C:\Users\Phyllis\AppData\Local\Citrix\GoToMeeting\2856\g2mupdate.exe [2015-06-18] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {F21EBE57-3B6A-423B-A1D0-905E378B42BD} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)
    Task: {FF6BC345-C2AA-496B-8EBD-0B35D9B313AA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2892764592-418514559-672794576-1001.job => C:\Users\Phyllis\AppData\Local\Citrix\GoToMeeting\2856\g2mupdate.exe
    Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2892764592-418514559-672794576-1001.job => C:\Users\Phyllis\AppData\Local\Citrix\GoToMeeting\2856\g2mupload.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2014-10-27 14:31 - 2014-10-27 14:31 - 00154624 _____ () C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
    2013-09-21 04:22 - 2013-09-21 04:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
    2012-07-18 18:38 - 2012-07-18 18:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
    2012-08-13 19:13 - 2012-08-13 19:13 - 00018344 _____ () C:\Program Files\Toshiba\Teco\TecoMUI.dll
    2015-06-27 10:11 - 2015-06-27 10:11 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe\ErrorReporting.dll
    2015-07-01 07:37 - 2015-07-01 08:49 - 00078848 _____ () C:\Program Files (x86)\user extensions\Client.exe
    2014-10-27 14:31 - 2014-10-27 14:31 - 00071168 _____ () C:\Program Files (x86)\Common Files\Diagnostics\node\sys.node
    2015-04-04 10:40 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2015-04-04 10:40 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2015-04-04 10:40 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2015-04-04 10:40 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2015-04-04 10:40 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2015-06-29 16:52 - 2015-06-29 16:52 - 00098816 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32api.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00110080 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\pywintypes27.dll
    2015-06-29 16:52 - 2015-06-29 16:52 - 00364544 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\pythoncom27.dll
    2015-06-29 16:52 - 2015-06-29 16:52 - 00045568 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\_socket.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 01160704 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\_ssl.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00320512 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32com.shell.shell.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00713216 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\_hashlib.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 01175040 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\wx._core_.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00805888 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\wx._gdi_.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00811008 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\wx._windows_.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 01062400 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\wx._controls_.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00735232 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\wx._misc_.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00128512 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\_elementtree.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00127488 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\pyexpat.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00557056 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\pysqlite2._sqlite.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00087552 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\_ctypes.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00119808 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32file.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00108544 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32security.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00007168 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\hashobjs_ext.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00167936 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32gui.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00018432 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32event.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00038912 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32inet.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00011264 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32crypt.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00070656 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\wx._html2.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00027136 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\_multiprocessing.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00035840 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32process.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00686080 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\unicodedata.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00122368 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\wx._wizard.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00024064 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32pipe.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00025600 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32pdh.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00525640 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\windows._lib_cacheinvalidation.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00010240 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\select.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00017408 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32profile.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00022528 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32ts.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00078336 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\wx._animate.pyd
    2012-10-30 01:00 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
    2012-10-15 09:45 - 2012-10-15 09:45 - 00048640 _____ () C:\Program Files (x86)\AOL Desktop 9.7\zlib.dll
    2015-03-18 13:53 - 2015-03-06 23:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
    2015-03-18 13:53 - 2015-03-06 23:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll
    2015-03-18 13:53 - 2015-03-06 23:13 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll
    2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\Phyllis\SkyDrive:ms-properties
    AlternateDataStreams: C:\Users\Phyllis\Downloads\RE Suspicious sign in prevented.eml:OECustomProperty

    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7867 more restricted sites.

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2892764592-418514559-672794576-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Phyllis\Desktop\pix 53 carver\SeaquesteredMarineSide (1).jpg
    DNS Servers: 192.168.1.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk"
    HKLM\...\StartupApproved\Run: => "RtHDVCpl"
    HKLM\...\StartupApproved\Run32: => "Adobe ARM"
    HKLM\...\StartupApproved\Run32: => "HostManager"
    HKLM\...\StartupApproved\Run32: => "APSDaemon"
    HKLM\...\StartupApproved\Run32: => "iTunesHelper"
    HKLM\...\StartupApproved\Run32: => "BingDesktop"
    HKLM\...\StartupApproved\Run32: => "Intuit SyncManager"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
    HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\StartupApproved\Run: => "AOL Fast Start"
    HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_6D30DC84AE17C59FB8CC40451744E7AB"
    HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\StartupApproved\Run: => "Google Update"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [UDP Query User{98168707-AA5B-452F-A613-D067EA35FE50}C:\program files (x86)\microsoft office\office12\groove.exe] => (Block) C:\program files (x86)\microsoft office\office12\groove.exe
    FirewallRules: [TCP Query User{F9988F25-6824-4C14-8235-A2A8F15B4C07}C:\program files (x86)\microsoft office\office12\groove.exe] => (Block) C:\program files (x86)\microsoft office\office12\groove.exe
    FirewallRules: [{D0D39E67-5FB3-48F9-80A2-B01E25CDD65C}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\AOLBrowser\aolbrowser.exe
    FirewallRules: [{926DCDF0-D16F-4CCB-B793-FD8107957073}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\AOLBrowser\aolbrowser.exe
    FirewallRules: [{1AA4E022-12B7-4B08-AEC0-BED414C43BC5}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
    FirewallRules: [{89386268-7B92-463B-B7DF-E8CABA2EFCB4}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
    FirewallRules: [{FE6BC02A-1F44-4F5D-909D-0C8564E5FCAF}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
    FirewallRules: [{D53C9DFF-3272-447D-9546-7E0681CDB137}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{1839EB9C-DCB1-4069-B6A4-53D56871A281}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{6564FC84-C5BE-4A39-A5EC-B82ECF9440E3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{A2421E26-1457-4393-AAAA-8F50CC2852BD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{64068A51-F4C5-4CC5-8408-43EE58A88ADF}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
    FirewallRules: [{963F96AA-0CBF-4BAA-B9ED-38DFF980CB18}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
    FirewallRules: [{3F45AB4D-B5A4-4397-B396-F8AD23D8650B}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
    FirewallRules: [{2345F2FA-7958-4D27-BF41-FD6B37DFA190}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
    FirewallRules: [{AAE8B27C-8251-4FA2-925E-8CEEC0F014B3}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
    FirewallRules: [{71A85861-8900-41C0-965E-B2B09CC980ED}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
    FirewallRules: [{EA2FDF7C-01D9-474D-9E9F-47CFAB473D4B}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
    FirewallRules: [{61BBD4A5-5F28-4047-B7E3-ADD72B5EE036}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
    FirewallRules: [{D919DD88-0EF3-4BD4-8BD3-C4132C1F0562}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
    FirewallRules: [{D2F73A73-AE97-4DD2-ABEA-BE549E99B7BD}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
    FirewallRules: [{1FCF534E-26FC-4D01-A6D2-F78753C074CE}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1354478747\ee\aolsoftware.exe
    FirewallRules: [{C8A83E8C-8F82-4929-871B-CCD7ADC10561}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1354478747\ee\aolsoftware.exe
    FirewallRules: [{79EBD8CE-5F0D-4B5A-B9CB-D389903034BA}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
    FirewallRules: [{474E2BB3-6F66-4493-87DB-78ECA6020E8F}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
    FirewallRules: [{5013F375-E4B4-49AC-BB34-3572B738319D}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
    FirewallRules: [{0BA91AB0-EB33-48C7-AB72-29C498D38F33}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
    FirewallRules: [{C0DAEA4B-3980-4122-A680-3676149F260E}] => (Allow) LPort=1900
    FirewallRules: [{D735D71A-BF7C-4585-AD10-C13C9F5702D3}] => (Allow) LPort=2869
    FirewallRules: [{B13C748B-2446-4AFD-A916-91C3CE2ACBB3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [TCP Query User{6FB1A62D-9AE8-4B3D-9059-2D728F844E07}C:\users\phyllis\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\phyllis\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [UDP Query User{55D0AE06-9A02-436E-A226-37EC453A1030}C:\users\phyllis\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\phyllis\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [{ED6E6646-924D-48FC-A57D-3B73E9D8A1C7}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
    FirewallRules: [{CD64282F-58A5-49A1-A9BD-200D9529324C}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
    FirewallRules: [{B0FBA136-98BC-4A93-8974-30A13086DB29}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
    FirewallRules: [{D49AE64C-1F75-45B7-AF0E-1B116D46B33B}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
    FirewallRules: [TCP Query User{55C6AB12-3D71-42C3-AC4E-111D1B37B405}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [UDP Query User{1AA642E3-72D4-4EE8-B69A-66C2E8F7CBE3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [{9712696F-EA77-4D8C-8496-67B349C32BC1}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7b\waol.exe
    FirewallRules: [{E1F0C470-0613-4357-8EA9-64A6C88F875B}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7b\waol.exe
    FirewallRules: [{4F2016E5-BFAC-4FD0-8B53-55746BEE48CB}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7b\aolbrowser.exe
    FirewallRules: [{6E58273B-7D80-4CEB-84AF-BF7B122DE0CC}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7b\aolbrowser.exe
    FirewallRules: [{26C0E845-1103-422A-803A-CEB09C3FAB82}] => (Allow) C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{8AFF4797-B98B-4E99-9B8E-4654ABC2AF6C}] => (Allow) C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{673BA428-4396-4B92-A268-0DE0D30C426A}] => (Allow) C:\Program Files (x86)\TOSHIBA\System Setting\TOSHIBASystemSetting.exe
    FirewallRules: [{5CC3A0A9-D308-4EB2-88E6-EC04F3CDD719}] => (Allow) C:\Program Files (x86)\TOSHIBA\System Setting\TOSHIBASystemSetting.exe
    FirewallRules: [{AC8E64B6-BE85-43BF-8711-C02A78CED2D4}] => (Allow) C:\Program Files (x86)\TOSHIBA\System Setting\TOSHIBASystemSetting.exe
    FirewallRules: [{FC0126F8-E01F-4921-831D-D6CDAD7A4F59}] => (Allow) C:\Program Files (x86)\TOSHIBA\System Setting\TOSHIBASystemSetting.exe
    FirewallRules: [{64F54A0F-BE87-47EE-A1D9-7DB2D5604310}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2014\32bit\TurboTax.exe
    FirewallRules: [{04A56819-9881-4843-BF72-7D038E2E8D9E}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2014\32bit\TurboTax.exe
    FirewallRules: [{ED37534C-1EA5-418B-A0D1-33A0F4213B21}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2014\32bit\TurboTax.exe
    FirewallRules: [{F308671B-CE04-4EFF-898A-50D5712617D2}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2014\32bit\TurboTax.exe
    FirewallRules: [{222647D9-C985-4529-9B62-383AB99893DC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{805DBC66-592B-44F6-B4D1-6466BDC3FFFF}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7c\waol.exe
    FirewallRules: [{88662074-B82A-4555-AF78-4AC45598D7AC}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7c\waol.exe
    FirewallRules: [{A789F4C2-9AE5-43DC-AC81-17D99757449A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
    FirewallRules: [{22CC9CA0-96E1-4206-8231-9F481E379576}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{DDEC92A3-CE27-452D-ADFA-62456F913DCA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{D40ACD08-E3D1-41CA-9A20-07897199F643}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{18DB1E04-660E-4414-A3FB-0199E0699A9D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{67267434-E4ED-46E3-9308-4EAE1DC46EE4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/30/2015 01:14:20 PM) (Source: QuickBooks) (EventID: 4) (User: )
    Description: An unexpected error has occured in "QuickBooks":
    Returning NULL QBWinInstance Handle

    Error: (06/30/2015 01:14:20 PM) (Source: QuickBooks) (EventID: 4) (User: )
    Description: An unexpected error has occured in "QuickBooks":
    Returning NULL QBWinInstance Handle

    Error: (06/30/2015 01:14:20 PM) (Source: QuickBooks) (EventID: 4) (User: )
    Description: An unexpected error has occured in "QuickBooks":
    Returning NULL QBWinInstance Handle

    Error: (06/30/2015 01:14:20 PM) (Source: QuickBooks) (EventID: 4) (User: )
    Description: An unexpected error has occured in "QuickBooks":
    Returning NULL QBWinInstance Handle

    Error: (06/29/2015 05:26:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program LiveComm.exe version 17.5.9600.20905 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: a34

    Start Time: 01d0b2c68b1d17ad

    Termination Time: 4294967295

    Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe\LiveComm.exe

    Report Id: a62386a6-1ebe-11e5-bee5-008cfa249fa0

    Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe

    Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

    Error: (06/29/2015 04:52:48 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
    at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
    at System.Timers.Timer.set_Enabled(Boolean value)
    at SnappCloud.ActivationReminder.AraClient.PostInit()
    at SnappCloud.ActivationReminder.Program.Main(String[] args)

    Error: (06/29/2015 09:00:09 AM) (Source: QuickBooks) (EventID: 4) (User: )
    Description: An unexpected error has occured in "QuickBooks":
    Returning NULL QBWinInstance Handle

    Error: (06/29/2015 09:00:09 AM) (Source: QuickBooks) (EventID: 4) (User: )
    Description: An unexpected error has occured in "QuickBooks":
    Returning NULL QBWinInstance Handle

    Error: (06/29/2015 09:00:09 AM) (Source: QuickBooks) (EventID: 4) (User: )
    Description: An unexpected error has occured in "QuickBooks":
    Returning NULL QBWinInstance Handle

    Error: (06/29/2015 09:00:09 AM) (Source: QuickBooks) (EventID: 4) (User: )
    Description: An unexpected error has occured in "QuickBooks":
    Returning NULL QBWinInstance Handle


    System errors:
    =============
    Error: (06/23/2015 02:50:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WlanSvc service.

    Error: (06/23/2015 00:14:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.

    Error: (06/23/2015 00:14:20 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WlanSvc service.

    Error: (06/23/2015 00:13:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

    Error: (06/23/2015 00:13:20 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the fhsvc service.

    Error: (06/23/2015 11:28:37 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

    Error: (06/19/2015 10:08:54 AM) (Source: DCOM) (EventID: 10010) (User: FLISS-PC)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (06/19/2015 10:08:54 AM) (Source: DCOM) (EventID: 10010) (User: FLISS-PC)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (06/19/2015 10:08:49 AM) (Source: DCOM) (EventID: 10010) (User: FLISS-PC)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (06/19/2015 10:08:49 AM) (Source: DCOM) (EventID: 10010) (User: FLISS-PC)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


    Microsoft Office:
    =========================
    Error: (03/16/2013 09:55:35 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 20 seconds with 0 seconds of active time. This session ended with a crash.


    CodeIntegrity Errors:
    ===================================
    Date: 2015-06-29 17:20:07.179
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-24 15:38:02.332
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-24 15:38:02.098
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-24 15:38:01.879
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-24 15:38:01.535
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-24 15:38:01.316
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-24 15:38:01.098
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-24 15:38:00.332
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-24 15:38:00.097
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-24 15:37:59.863
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
    Percentage of memory in use: 57%
    Total physical RAM: 3980.22 MB
    Available physical RAM: 1686.99 MB
    Total Pagefile: 8076.22 MB
    Available Pagefile: 4787.89 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.83 MB

    ==================== Drives ================================

    Drive c: (TI10653400C) (Fixed) (Total:585.71 GB) (Free:509.06 GB) NTFS
    Drive f: (passport 1) (Fixed) (Total:931.48 GB) (Free:900.2 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 596.2 GB) (Disk ID: 00000000)

    Partition: GPT Partition Type.

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: D3FA1866)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End of log ============================

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,987

    Default

    Welcome

    Running from C:\Users\Phyllis\Downloads

    It's best we move Farbar's to desktop.

    Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT
    Go to an open spot on your desktop, right click and select PASTE
    You should now have Farbar Recovery Scan Tool on your desktop.


    Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
    To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)





    start
    CloseProcesses:
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
    IFEO\bbqleads.exe: [Debugger] TaskList.exe
    IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe
    IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe
    IFEO\bbqquotes.exe: [Debugger] TaskList.exe
    IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
    IFEO\donutleads.exe: [Debugger] TaskList.exe
    IFEO\donutquotes.exe: [Debugger] TaskList.exe
    IFEO\internetenhancer.exe: [Debugger] TaskList.exe
    IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
    IFEO\pastaleads.exe: [Debugger] TaskList.exe
    IFEO\pastaquotes.exe: [Debugger] TaskList.exe
    IFEO\theanswerfinder.exe: [Debugger] TaskList.exe
    IFEO\wajam.exe: [Debugger] TaskList.exe
    IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
    IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
    IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
    IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
    SearchScopes: HKLM-x32 -> {35e9438f-19d4-4516-b2ac-59ba9241de4d} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^9N^xdm002^YYA^us&si=COK3wKzAtMACFQ5rfgodtZAAdw&ptb=FCDBCF0F-F543-421E-AAF8-B743328E2503&ind=2014082718&n=780c769e&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKLM-x32 -> {F4330669-21DD-4EC9-9229-36A6B961BCE7} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
    SearchScopes: HKU\S-1-5-21-2892764592-418514559-672794576-1001 -> DefaultScope {048D2143-D367-4A45-A69F-DC3A25832DEC} URL =
    SearchScopes: HKU\S-1-5-21-2892764592-418514559-672794576-1001 -> {048D2143-D367-4A45-A69F-DC3A25832DEC} URL =
    SearchScopes: HKU\S-1-5-21-2892764592-418514559-672794576-1001 -> {35e9438f-19d4-4516-b2ac-59ba9241de4d} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^9N^xdm002^YYA^us&si=COK3wKzAtMACFQ5rfgodtZAAdw&ptb=FCDBCF0F-F543-421E-AAF8-B743328E2503&ind=2014082718&n=780c769e&psa=&st=sb&searchfor={searchTerms}
    BHO: No Name -> {6E89E1D3-C66F-41C4-A648-CD91544E99C3} -> No File
    Toolbar: HKLM - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll No File
    Toolbar: HKLM-x32 - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll No File
    Toolbar: HKU\S-1-5-21-2892764592-418514559-672794576-1001 -> &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll No File
    C:\Users\Phyllis\AppData\Local\Temp\install_temp.exe
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Phyllis\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Phyllis\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Phyllis\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Phyllis\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
    Task: {803233EC-0D4E-4FC5-B1AB-6AE12D5015E1} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
    Task: {A8CC2786-A45B-4A1C-AB4D-3BDBBAAA2749} - System32\Tasks\RunTool => C:\Users\Phyllis\AppData\Local\d5a66b5f-40a9-41d5-8ed7-ea50462ae8db\install_temp.exe [2015-03-06] () <==== ATTENTION
    EmptyTemp:
    End
    Open FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    - Save ALL Tools to your Desktop-

    All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

    Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
    Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the
    "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
    Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
    and the click the "Select Folder" button. Click OK to get out of the Options menu.
    Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and
    select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
    NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

    ~~~~~~~~~~~~~~~~

    AdwCleaner
    • Please download AdwCleaner and save the file to your Desktop.
    • Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
    • Follow the prompts.
    • Click Scan.
    • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
    • Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
    • Follow the prompts and allow your computer to reboot.
    • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

    -- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

    ~~~~~~~~~~~~~~

    Please download Malwarebytes Anti-Malware and save it to your desktop.
    • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
    • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
    • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
    • You will be prompted to update Malwarebytes...click on the Update Now button.
    • The THREAT SCAN will automatically begin.
    • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
    • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
    • After rebooting the computer, copy and paste the mbam.log in your next reply.

    To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
    • Open Malwarebytes Anti-Malware.
    • Click the History Tab at the top and select Application Logs.
    • Select (check) the box next to Scan Log. Choose the most current scan.
    • Click the View button.
    • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
    • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
    • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

    To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)



    When the scan is finished and the log pops up...select Copy to Clipboard

    Please paste the log back into this thread for review

    Exit Malwarebytes

    ~~~~

    please post
    Fixlog.txt
    C:\AdwCleaner.txt
    Malwarebytes log
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Junior Member
    Join Date
    Nov 2014
    Posts
    10

    Default

    Here are the results:
    Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
    Ran by Phyllis at 2015-07-01 09:30:29
    Running from C:\Users\Phyllis\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2892764592-418514559-672794576-500 - Administrator - Disabled)
    Guest (S-1-5-21-2892764592-418514559-672794576-501 - Limited - Disabled)
    Phyllis (S-1-5-21-2892764592-418514559-672794576-1001 - Administrator - Enabled) => C:\Users\Phyllis

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
    ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
    Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
    AOL Sync 1.0.0 (HKLM-x32\...\AOL Sync) (Version: 1.0.0 - )
    AOL Toolbar (HKLM-x32\...\AOL Toolbar) (Version: - AOL Inc.)
    AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.)
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.6 - Atheros Communications Inc.)
    Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Cache utility (HKU\.DEFAULT\...\Cache utility) (Version: 1 - Cache utility)
    Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DealAlly (HKU\.DEFAULT\...\DealAlly) (Version: 1 - Jet Applications)
    Display settings (HKU\.DEFAULT\...\Display settings) (Version: 1 - Display settings)
    Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version: - AOL Inc.) <==== ATTENTION
    Dropbox (HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
    Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
    EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
    Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
    Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
    Epson E-Web Print (HKLM-x32\...\{682A3328-9621-4BAD-91FA-873A076610C4}) (Version: 1.21.0000 - SEIKO EPSON CORPORATION)
    Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
    Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
    EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    EPSON WF-3540 Series Printer Uninstall (HKLM\...\EPSON WF-3540 Series) (Version: - SEIKO EPSON Corporation)
    EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
    Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
    FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Full Tilt Poker.Net (HKLM-x32\...\{E07B7A31-E160-466D-A003-3BB7B8989D52}) (Version: 5.6.20.WIN.FullTilt.NET - )
    GeniusBox 2.0 (HKLM-x32\...\GeniusBox) (Version: 2.0 - GeniusBox 2.0)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
    Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    GoToMeeting 7.2.1.2856 (HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\GoToMeeting) (Version: 7.2.1.2856 - CitrixOnline)
    Hoist Search (HKU\.DEFAULT\...\Hoist Search) (Version: 1 - Hoist Search)
    Inbox Toolbar (HKLM-x32\...\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1) (Version: 2.0.1.110 - Xacti, LLC)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
    iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)
    Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
    Juniper Networks Network Connect 7.4.0 (HKLM-x32\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.26411 - Juniper Networks)
    Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\Juniper_Setup_Client) (Version: 7.4.4.38461 - Juniper Networks, Inc.)
    Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
    Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
    Juniper Terminal Services Client (HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\Juniper_Term_Services) (Version: 7.1.12.21827 - Juniper Networks)
    Maptech Chartbook Companion CD (with Offshore Navigator Lite) (HKLM-x32\...\Offshore Navigator Lite) (Version: - )
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.162.0 - Microsoft Corporation)
    Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
    Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    Origin (HKLM-x32\...\Origin) (Version: 8.6.3.49 - Electronic Arts, Inc.)
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.5000 - SRS Labs, Inc.)
    QuickBooks (x32 Version: 19.0.4014.705 - Intuit Inc.) Hidden
    QuickBooks Pro 2009 (HKLM-x32\...\{9A2F0810-3622-4E86-9072-973FBE1679C5}) (Version: 19.0.4014.705 - Intuit Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
    Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
    Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)
    Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
    TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
    Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
    Toshiba Book Place (HKLM-x32\...\{C31337DE-0CDC-45A9-9A32-F099AC78D557}) (Version: 3.0.9490 - K-NFB Reading Technology, Inc.)
    TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
    TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
    TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425.01 - Toshiba Corporation)
    TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
    TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
    TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
    TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
    TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
    TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0013 - Toshiba Corporation)
    TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
    TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
    TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
    TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
    TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
    TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version: - )
    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
    WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
    WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.14 - WildTangent) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Phyllis\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Phyllis\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Phyllis\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Phyllis\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Phyllis\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

    ==================== Restore Points =========================

    09-06-2015 11:15:14 Windows Update
    16-06-2015 19:44:20 Scheduled Checkpoint
    24-06-2015 14:32:21 Installed Software Updater

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 06:25 - 2015-03-18 13:31 - 00450771 ____R C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0163A60A-7DAB-4175-A7C0-99D65A3F54B9} - System32\Tasks\G2MUploadTask-S-1-5-21-2892764592-418514559-672794576-1001 => C:\Users\Phyllis\AppData\Local\Citrix\GoToMeeting\2856\g2mupload.exe [2015-06-18] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {1943847C-FBE2-48FB-BDB8-57D89B05D7DD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {2A158861-BFC5-40C5-B726-B9C82C91AE4F} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\Phyllis\AppData\Local\GeniusBox\client.exe" <==== ATTENTION
    Task: {2B06538C-D045-4EAC-81F5-083D3A45979C} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated)
    Task: {3365089A-FE20-40B5-BBC4-6164EE661838} - System32\Tasks\Validate Installation => C:\Users\Phyllis\AppData\Local\GeniusBox\updater.exe [2014-10-21] ()
    Task: {3507FB48-A79C-4EC1-859A-620896307FFE} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.8.0.32\SymErr.exe
    Task: {39B2B9F9-2894-493E-8057-7D38AFEF0098} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02] (Google Inc.)
    Task: {4A586DDA-3C66-4519-9C3F-B664C3700E7E} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.8.0.32\SymErr.exe
    Task: {70A1086B-4DEC-4204-9D39-B12A120F4AA4} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
    Task: {7F7E40E3-7F08-45A2-9C14-82F715B95B93} - System32\Tasks\TidyNetwork Update => C:\Users\Phyllis\AppData\Local\TidyNetwork\petnupdate.exe
    Task: {803233EC-0D4E-4FC5-B1AB-6AE12D5015E1} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
    Task: {8F06AB3C-97FF-4CDC-B537-493AECE56316} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-27] (Adobe Systems Incorporated)
    Task: {9E50A75A-7515-42E2-8C9A-7201E3524228} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-11-02] (Microsoft)
    Task: {A8CC2786-A45B-4A1C-AB4D-3BDBBAAA2749} - System32\Tasks\RunTool => C:\Users\Phyllis\AppData\Local\d5a66b5f-40a9-41d5-8ed7-ea50462ae8db\install_temp.exe [2015-03-06] () <==== ATTENTION
    Task: {B312054A-0FE9-453A-8DA0-8200F2CC727E} - System32\Tasks\Check Updates => C:\Users\Phyllis\AppData\Local\GeniusBox\updater.exe [2014-10-21] ()
    Task: {B4BFEE7E-908D-477F-BC58-D41DE4F160FF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02] (Google Inc.)
    Task: {D06C9E0A-ED6D-49AB-9114-2B373F56ED84} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {D7E35D50-0DB2-498B-AB2D-8BA7C363E461} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)
    Task: {E32F07BA-F98A-4A3E-B3C3-5AA3640C89D4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-09] (Microsoft Corporation)
    Task: {F2114DE3-8651-47E7-84B9-9A1EAA2BB63D} - System32\Tasks\G2MUpdateTask-S-1-5-21-2892764592-418514559-672794576-1001 => C:\Users\Phyllis\AppData\Local\Citrix\GoToMeeting\2856\g2mupdate.exe [2015-06-18] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {F21EBE57-3B6A-423B-A1D0-905E378B42BD} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)
    Task: {FF6BC345-C2AA-496B-8EBD-0B35D9B313AA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2892764592-418514559-672794576-1001.job => C:\Users\Phyllis\AppData\Local\Citrix\GoToMeeting\2856\g2mupdate.exe
    Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2892764592-418514559-672794576-1001.job => C:\Users\Phyllis\AppData\Local\Citrix\GoToMeeting\2856\g2mupload.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2014-10-27 14:31 - 2014-10-27 14:31 - 00154624 _____ () C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
    2013-09-21 04:22 - 2013-09-21 04:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
    2012-07-18 18:38 - 2012-07-18 18:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
    2012-08-13 19:13 - 2012-08-13 19:13 - 00018344 _____ () C:\Program Files\Toshiba\Teco\TecoMUI.dll
    2015-06-27 10:11 - 2015-06-27 10:11 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe\ErrorReporting.dll
    2015-07-01 07:37 - 2015-07-01 08:49 - 00078848 _____ () C:\Program Files (x86)\user extensions\Client.exe
    2014-10-27 14:31 - 2014-10-27 14:31 - 00071168 _____ () C:\Program Files (x86)\Common Files\Diagnostics\node\sys.node
    2015-04-04 10:40 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2015-04-04 10:40 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2015-04-04 10:40 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2015-04-04 10:40 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2015-04-04 10:40 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2015-06-29 16:52 - 2015-06-29 16:52 - 00098816 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32api.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00110080 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\pywintypes27.dll
    2015-06-29 16:52 - 2015-06-29 16:52 - 00364544 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\pythoncom27.dll
    2015-06-29 16:52 - 2015-06-29 16:52 - 00045568 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\_socket.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 01160704 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\_ssl.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00320512 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32com.shell.shell.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00713216 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\_hashlib.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 01175040 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\wx._core_.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00805888 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\wx._gdi_.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00811008 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\wx._windows_.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 01062400 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\wx._controls_.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00735232 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\wx._misc_.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00128512 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\_elementtree.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00127488 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\pyexpat.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00557056 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\pysqlite2._sqlite.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00087552 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\_ctypes.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00119808 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32file.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00108544 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32security.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00007168 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\hashobjs_ext.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00167936 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32gui.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00018432 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32event.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00038912 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32inet.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00011264 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32crypt.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00070656 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\wx._html2.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00027136 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\_multiprocessing.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00035840 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32process.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00686080 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\unicodedata.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00122368 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\wx._wizard.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00024064 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32pipe.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00025600 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32pdh.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00525640 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\windows._lib_cacheinvalidation.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00010240 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\select.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00017408 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32profile.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00022528 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32ts.pyd
    2015-06-29 16:52 - 2015-06-29 16:52 - 00078336 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\wx._animate.pyd
    2012-10-30 01:00 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
    2012-10-15 09:45 - 2012-10-15 09:45 - 00048640 _____ () C:\Program Files (x86)\AOL Desktop 9.7\zlib.dll
    2015-03-18 13:53 - 2015-03-06 23:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
    2015-03-18 13:53 - 2015-03-06 23:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll
    2015-03-18 13:53 - 2015-03-06 23:13 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll
    2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\Phyllis\SkyDrive:ms-properties
    AlternateDataStreams: C:\Users\Phyllis\Downloads\RE Suspicious sign in prevented.eml:OECustomProperty

    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7867 more restricted sites.

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2892764592-418514559-672794576-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Phyllis\Desktop\pix 53 carver\SeaquesteredMarineSide (1).jpg
    DNS Servers: 192.168.1.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk"
    HKLM\...\StartupApproved\Run: => "RtHDVCpl"
    HKLM\...\StartupApproved\Run32: => "Adobe ARM"
    HKLM\...\StartupApproved\Run32: => "HostManager"
    HKLM\...\StartupApproved\Run32: => "APSDaemon"
    HKLM\...\StartupApproved\Run32: => "iTunesHelper"
    HKLM\...\StartupApproved\Run32: => "BingDesktop"
    HKLM\...\StartupApproved\Run32: => "Intuit SyncManager"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
    HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\StartupApproved\Run: => "AOL Fast Start"
    HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_6D30DC84AE17C59FB8CC40451744E7AB"
    HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\StartupApproved\Run: => "Google Update"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [UDP Query User{98168707-AA5B-452F-A613-D067EA35FE50}C:\program files (x86)\microsoft office\office12\groove.exe] => (Block) C:\program files (x86)\microsoft office\office12\groove.exe
    FirewallRules: [TCP Query User{F9988F25-6824-4C14-8235-A2A8F15B4C07}C:\program files (x86)\microsoft office\office12\groove.exe] => (Block) C:\program files (x86)\microsoft office\office12\groove.exe
    FirewallRules: [{D0D39E67-5FB3-48F9-80A2-B01E25CDD65C}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\AOLBrowser\aolbrowser.exe
    FirewallRules: [{926DCDF0-D16F-4CCB-B793-FD8107957073}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\AOLBrowser\aolbrowser.exe
    FirewallRules: [{1AA4E022-12B7-4B08-AEC0-BED414C43BC5}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
    FirewallRules: [{89386268-7B92-463B-B7DF-E8CABA2EFCB4}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
    FirewallRules: [{FE6BC02A-1F44-4F5D-909D-0C8564E5FCAF}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
    FirewallRules: [{D53C9DFF-3272-447D-9546-7E0681CDB137}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{1839EB9C-DCB1-4069-B6A4-53D56871A281}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{6564FC84-C5BE-4A39-A5EC-B82ECF9440E3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{A2421E26-1457-4393-AAAA-8F50CC2852BD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{64068A51-F4C5-4CC5-8408-43EE58A88ADF}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
    FirewallRules: [{963F96AA-0CBF-4BAA-B9ED-38DFF980CB18}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
    FirewallRules: [{3F45AB4D-B5A4-4397-B396-F8AD23D8650B}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
    FirewallRules: [{2345F2FA-7958-4D27-BF41-FD6B37DFA190}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
    FirewallRules: [{AAE8B27C-8251-4FA2-925E-8CEEC0F014B3}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
    FirewallRules: [{71A85861-8900-41C0-965E-B2B09CC980ED}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
    FirewallRules: [{EA2FDF7C-01D9-474D-9E9F-47CFAB473D4B}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
    FirewallRules: [{61BBD4A5-5F28-4047-B7E3-ADD72B5EE036}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
    FirewallRules: [{D919DD88-0EF3-4BD4-8BD3-C4132C1F0562}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
    FirewallRules: [{D2F73A73-AE97-4DD2-ABEA-BE549E99B7BD}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
    FirewallRules: [{1FCF534E-26FC-4D01-A6D2-F78753C074CE}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1354478747\ee\aolsoftware.exe
    FirewallRules: [{C8A83E8C-8F82-4929-871B-CCD7ADC10561}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1354478747\ee\aolsoftware.exe
    FirewallRules: [{79EBD8CE-5F0D-4B5A-B9CB-D389903034BA}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
    FirewallRules: [{474E2BB3-6F66-4493-87DB-78ECA6020E8F}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
    FirewallRules: [{5013F375-E4B4-49AC-BB34-3572B738319D}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
    FirewallRules: [{0BA91AB0-EB33-48C7-AB72-29C498D38F33}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
    FirewallRules: [{C0DAEA4B-3980-4122-A680-3676149F260E}] => (Allow) LPort=1900
    FirewallRules: [{D735D71A-BF7C-4585-AD10-C13C9F5702D3}] => (Allow) LPort=2869
    FirewallRules: [{B13C748B-2446-4AFD-A916-91C3CE2ACBB3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [TCP Query User{6FB1A62D-9AE8-4B3D-9059-2D728F844E07}C:\users\phyllis\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\phyllis\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [UDP Query User{55D0AE06-9A02-436E-A226-37EC453A1030}C:\users\phyllis\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\phyllis\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [{ED6E6646-924D-48FC-A57D-3B73E9D8A1C7}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
    FirewallRules: [{CD64282F-58A5-49A1-A9BD-200D9529324C}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
    FirewallRules: [{B0FBA136-98BC-4A93-8974-30A13086DB29}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
    FirewallRules: [{D49AE64C-1F75-45B7-AF0E-1B116D46B33B}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
    FirewallRules: [TCP Query User{55C6AB12-3D71-42C3-AC4E-111D1B37B405}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [UDP Query User{1AA642E3-72D4-4EE8-B69A-66C2E8F7CBE3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [{9712696F-EA77-4D8C-8496-67B349C32BC1}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7b\waol.exe
    FirewallRules: [{E1F0C470-0613-4357-8EA9-64A6C88F875B}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7b\waol.exe
    FirewallRules: [{4F2016E5-BFAC-4FD0-8B53-55746BEE48CB}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7b\aolbrowser.exe
    FirewallRules: [{6E58273B-7D80-4CEB-84AF-BF7B122DE0CC}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7b\aolbrowser.exe
    FirewallRules: [{26C0E845-1103-422A-803A-CEB09C3FAB82}] => (Allow) C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{8AFF4797-B98B-4E99-9B8E-4654ABC2AF6C}] => (Allow) C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{673BA428-4396-4B92-A268-0DE0D30C426A}] => (Allow) C:\Program Files (x86)\TOSHIBA\System Setting\TOSHIBASystemSetting.exe
    FirewallRules: [{5CC3A0A9-D308-4EB2-88E6-EC04F3CDD719}] => (Allow) C:\Program Files (x86)\TOSHIBA\System Setting\TOSHIBASystemSetting.exe
    FirewallRules: [{AC8E64B6-BE85-43BF-8711-C02A78CED2D4}] => (Allow) C:\Program Files (x86)\TOSHIBA\System Setting\TOSHIBASystemSetting.exe
    FirewallRules: [{FC0126F8-E01F-4921-831D-D6CDAD7A4F59}] => (Allow) C:\Program Files (x86)\TOSHIBA\System Setting\TOSHIBASystemSetting.exe
    FirewallRules: [{64F54A0F-BE87-47EE-A1D9-7DB2D5604310}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2014\32bit\TurboTax.exe
    FirewallRules: [{04A56819-9881-4843-BF72-7D038E2E8D9E}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2014\32bit\TurboTax.exe
    FirewallRules: [{ED37534C-1EA5-418B-A0D1-33A0F4213B21}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2014\32bit\TurboTax.exe
    FirewallRules: [{F308671B-CE04-4EFF-898A-50D5712617D2}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2014\32bit\TurboTax.exe
    FirewallRules: [{222647D9-C985-4529-9B62-383AB99893DC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{805DBC66-592B-44F6-B4D1-6466BDC3FFFF}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7c\waol.exe
    FirewallRules: [{88662074-B82A-4555-AF78-4AC45598D7AC}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7c\waol.exe
    FirewallRules: [{A789F4C2-9AE5-43DC-AC81-17D99757449A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
    FirewallRules: [{22CC9CA0-96E1-4206-8231-9F481E379576}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{DDEC92A3-CE27-452D-ADFA-62456F913DCA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{D40ACD08-E3D1-41CA-9A20-07897199F643}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{18DB1E04-660E-4414-A3FB-0199E0699A9D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{67267434-E4ED-46E3-9308-4EAE1DC46EE4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/30/2015 01:14:20 PM) (Source: QuickBooks) (EventID: 4) (User: )
    Description: An unexpected error has occured in "QuickBooks":
    Returning NULL QBWinInstance Handle

    Error: (06/30/2015 01:14:20 PM) (Source: QuickBooks) (EventID: 4) (User: )
    Description: An unexpected error has occured in "QuickBooks":
    Returning NULL QBWinInstance Handle

    Error: (06/30/2015 01:14:20 PM) (Source: QuickBooks) (EventID: 4) (User: )
    Description: An unexpected error has occured in "QuickBooks":
    Returning NULL QBWinInstance Handle

    Error: (06/30/2015 01:14:20 PM) (Source: QuickBooks) (EventID: 4) (User: )
    Description: An unexpected error has occured in "QuickBooks":
    Returning NULL QBWinInstance Handle

    Error: (06/29/2015 05:26:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program LiveComm.exe version 17.5.9600.20905 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: a34

    Start Time: 01d0b2c68b1d17ad

    Termination Time: 4294967295

    Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe\LiveComm.exe

    Report Id: a62386a6-1ebe-11e5-bee5-008cfa249fa0

    Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe

    Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

    Error: (06/29/2015 04:52:48 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
    at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
    at System.Timers.Timer.set_Enabled(Boolean value)
    at SnappCloud.ActivationReminder.AraClient.PostInit()
    at SnappCloud.ActivationReminder.Program.Main(String[] args)

    Error: (06/29/2015 09:00:09 AM) (Source: QuickBooks) (EventID: 4) (User: )
    Description: An unexpected error has occured in "QuickBooks":
    Returning NULL QBWinInstance Handle

    Error: (06/29/2015 09:00:09 AM) (Source: QuickBooks) (EventID: 4) (User: )
    Description: An unexpected error has occured in "QuickBooks":
    Returning NULL QBWinInstance Handle

    Error: (06/29/2015 09:00:09 AM) (Source: QuickBooks) (EventID: 4) (User: )
    Description: An unexpected error has occured in "QuickBooks":
    Returning NULL QBWinInstance Handle

    Error: (06/29/2015 09:00:09 AM) (Source: QuickBooks) (EventID: 4) (User: )
    Description: An unexpected error has occured in "QuickBooks":
    Returning NULL QBWinInstance Handle


    System errors:
    =============
    Error: (06/23/2015 02:50:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WlanSvc service.

    Error: (06/23/2015 00:14:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.

    Error: (06/23/2015 00:14:20 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WlanSvc service.

    Error: (06/23/2015 00:13:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

    Error: (06/23/2015 00:13:20 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the fhsvc service.

    Error: (06/23/2015 11:28:37 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

    Error: (06/19/2015 10:08:54 AM) (Source: DCOM) (EventID: 10010) (User: FLISS-PC)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (06/19/2015 10:08:54 AM) (Source: DCOM) (EventID: 10010) (User: FLISS-PC)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (06/19/2015 10:08:49 AM) (Source: DCOM) (EventID: 10010) (User: FLISS-PC)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (06/19/2015 10:08:49 AM) (Source: DCOM) (EventID: 10010) (User: FLISS-PC)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


    Microsoft Office:
    =========================
    Error: (03/16/2013 09:55:35 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 20 seconds with 0 seconds of active time. This session ended with a crash.


    CodeIntegrity Errors:
    ===================================
    Date: 2015-06-29 17:20:07.179
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-24 15:38:02.332
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-24 15:38:02.098
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-24 15:38:01.879
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-24 15:38:01.535
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-24 15:38:01.316
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-24 15:38:01.098
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-24 15:38:00.332
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-24 15:38:00.097
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-24 15:37:59.863
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
    Percentage of memory in use: 57%
    Total physical RAM: 3980.22 MB
    Available physical RAM: 1686.99 MB
    Total Pagefile: 8076.22 MB
    Available Pagefile: 4787.89 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.83 MB

    ==================== Drives ================================

    Drive c: (TI10653400C) (Fixed) (Total:585.71 GB) (Free:509.06 GB) NTFS
    Drive f: (passport 1) (Fixed) (Total:931.48 GB) (Free:900.2 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 596.2 GB) (Disk ID: 00000000)

    Partition: GPT Partition Type.

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: D3FA1866)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End of log ============================Fix result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
    Ran by Phyllis at 2015-07-02 19:19:21 Run:2
    Running from C:\Users\Phyllis\Desktop
    Loaded Profiles: Phyllis (Available Profiles: Phyllis)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    CloseProcesses:
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
    IFEO\bbqleads.exe: [Debugger] TaskList.exe
    IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe
    IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe
    IFEO\bbqquotes.exe: [Debugger] TaskList.exe
    IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
    IFEO\donutleads.exe: [Debugger] TaskList.exe
    IFEO\donutquotes.exe: [Debugger] TaskList.exe
    IFEO\internetenhancer.exe: [Debugger] TaskList.exe
    IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
    IFEO\pastaleads.exe: [Debugger] TaskList.exe
    IFEO\pastaquotes.exe: [Debugger] TaskList.exe
    IFEO\theanswerfinder.exe: [Debugger] TaskList.exe
    IFEO\wajam.exe: [Debugger] TaskList.exe
    IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
    IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
    IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
    IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
    SearchScopes: HKLM-x32 -> {35e9438f-19d4-4516-b2ac-59ba9241de4d} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^9N^xdm002^YYA^us&si=COK3wKzAtMACFQ5rfgodtZAAdw&ptb=FCDBCF0F-F543-421E-AAF8-B743328E2503&ind=2014082718&n=780c769e&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKLM-x32 -> {F4330669-21DD-4EC9-9229-36A6B961BCE7} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
    SearchScopes: HKU\S-1-5-21-2892764592-418514559-672794576-1001 -> DefaultScope {048D2143-D367-4A45-A69F-DC3A25832DEC} URL =
    SearchScopes: HKU\S-1-5-21-2892764592-418514559-672794576-1001 -> {048D2143-D367-4A45-A69F-DC3A25832DEC} URL =
    SearchScopes: HKU\S-1-5-21-2892764592-418514559-672794576-1001 -> {35e9438f-19d4-4516-b2ac-59ba9241de4d} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^9N^xdm002^YYA^us&si=COK3wKzAtMACFQ5rfgodtZAAdw&ptb=FCDBCF0F-F543-421E-AAF8-B743328E2503&ind=2014082718&n=780c769e&psa=&st=sb&searchfor={searchTerms}
    BHO: No Name -> {6E89E1D3-C66F-41C4-A648-CD91544E99C3} -> No File
    Toolbar: HKLM - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll No File
    Toolbar: HKLM-x32 - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll No File
    Toolbar: HKU\S-1-5-21-2892764592-418514559-672794576-1001 -> &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll No File
    C:\Users\Phyllis\AppData\Local\Temp\install_temp.exe
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Phyllis\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Phyllis\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Phyllis\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Phyllis\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
    Task: {803233EC-0D4E-4FC5-B1AB-6AE12D5015E1} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
    Task: {A8CC2786-A45B-4A1C-AB4D-3BDBBAAA2749} - System32\Tasks\RunTool => C:\Users\Phyllis\AppData\Local\d5a66b5f-40a9-41d5-8ed7-ea50462ae8db\install_temp.exe [2015-03-06] () <==== ATTENTION
    EmptyTemp:
    End
    *****************

    Processes closed successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1 => key not found.
    HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2 => key not found.
    HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3 => key not found.
    HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bbqleads.exe => key not found.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bbqleadsapplication.exe => key not found.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bbqleadsservice.exe => key not found.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bbqquotes.exe => key not found.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ContentExplorer.exe => key not found.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\donutleads.exe => key not found.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\donutquotes.exe => key not found.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\internetenhancer.exe => key not found.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\internetenhancerservice.exe => key not found.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pastaleads.exe => key not found.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pastaquotes.exe => key not found.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\theanswerfinder.exe => key not found.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wajam.exe => key not found.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wajaminternetenhancer.exe => key not found.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WajamInternetEnhancerApp.exe => key not found.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WajamInternetEnhancerAppservice.exe => key not found.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wajaminternetenhancerservice.exe => key not found.
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1 => key not found.
    HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2 => key not found.
    HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3 => key not found.
    HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
    HKLM\SOFTWARE\Policies\Google => key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6} => key not found.
    HKCR\CLSID\{CC865B26-C31D-4D23-B17B-96548EEF03F6} => key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d} => key not found.
    HKCR\Wow6432Node\CLSID\{35e9438f-19d4-4516-b2ac-59ba9241de4d} => key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{F4330669-21DD-4EC9-9229-36A6B961BCE7} => key not found.
    HKCR\Wow6432Node\CLSID\{F4330669-21DD-4EC9-9229-36A6B961BCE7} => key not found.
    HKU\S-1-5-21-2892764592-418514559-672794576-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
    HKU\S-1-5-21-2892764592-418514559-672794576-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{048D2143-D367-4A45-A69F-DC3A25832DEC} => key not found.
    HKCR\CLSID\{048D2143-D367-4A45-A69F-DC3A25832DEC} => key not found.
    HKU\S-1-5-21-2892764592-418514559-672794576-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d} => key not found.
    HKCR\CLSID\{35e9438f-19d4-4516-b2ac-59ba9241de4d} => key not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E89E1D3-C66F-41C4-A648-CD91544E99C3} => key not found.
    HKCR\CLSID\{6E89E1D3-C66F-41C4-A648-CD91544E99C3} => key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => value not found.
    HKCR\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => value not found.
    HKCR\Wow6432Node\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => key not found.
    HKU\S-1-5-21-2892764592-418514559-672794576-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => value not found.
    HKCR\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => key not found.
    "C:\Users\Phyllis\AppData\Local\Temp\install_temp.exe" => File/Folder not found.
    HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208} => key not found.
    HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1} => key not found.
    HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8} => key not found.
    HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E} => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{803233EC-0D4E-4FC5-B1AB-6AE12D5015E1} => key not found.
    C:\Windows\System32\Tasks\Optimizer Pro Schedule not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8CC2786-A45B-4A1C-AB4D-3BDBBAAA2749} => key not found.
    C:\Windows\System32\Tasks\RunTool not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunTool => key not found.
    EmptyTemp: => 975.4 MB temporary data Removed.


    The system needed a reboot..

    ==== End of Fixlog 19:20:47 ====

    # AdwCleaner v4.207 - Logfile created 02/07/2015 at 19:51:24
    # Updated 21/06/2015 by Xplode
    # Database : 2015-07-02.1 [Server]
    # Operating system : Windows 8.1 (x64)
    # Username : Phyllis - FLISS-PC
    # Running from : C:\Users\Phyllis\Desktop\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Found : C:\Program Files (x86)\AOL Toolbar
    Folder Found : C:\ProgramData\AOL Toolbar

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
    Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] -
    Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 127.0.0.1:5050
    Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
    Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] -
    Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 127.0.0.1:5050
    Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
    Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]
    Value Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
    Value Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17840


    -\\ Google Chrome v43.0.2357.130

    [C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
    [C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tight3_14_33&cd=2XzuyEtN2Y1L1QzutBtDyCzzzy0D0EyByC0D0D0ByDyBzyyEtN0D0Tzu0StCtDyDyEtN1L2XzutAtFyCtFtCtFtDtN1L1Czu2Z1L1N1M2Z1VtCyE1VtCzztN1L1G1B1V1N2Y1L1Qzu2SyD0D0E0BzyyEtCyEtGtAyDyEtCtGyBtAyEzztGtDtB0FtAtGyCyDyBzy0A0C0C0A0FyD0Azy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0F0F0A0EtDyEyDtGyC0AyD0FtGyE0CtA0DtG0A0EyCzztG0AyDyCtByDtDyCyEtC0AyEtB2Q&cr=1317675576&ir=
    [C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^9N^xdm002^YYA^us&si=COK3wKzAtMACFQ5rfgodtZAAdw&ptb=FCDBCF0F-F543-421E-AAF8-B743328E2503&ind=2014082718&n=780c769e&psa=&st=sb&searchfor={searchTerms}
    [C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://dts.search.ask.com/web?q={searchTerms}&v=1.1_608&d=533_108&apn_ptnrs=%5EAG5&o=APN10644A&tpr=1&gct=hp&ts=1424571128559

    *************************

    AdwCleaner[R0].txt - [11750 bytes] - [02/07/2015 19:32:31]
    AdwCleaner[R1].txt - [3327 bytes] - [02/07/2015 19:51:24]
    AdwCleaner[S0].txt - [10816 bytes] - [02/07/2015 19:35:57]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [3446 bytes] ##########

  4. #4
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,987

    Default

    You posted the Additional.txt from the first FRST logs that were created.

    Did you allow ADWCleaner to remove/quarantine what it found?

    Were you able to run Malwarebytes?

    How's your computer now?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Junior Member
    Join Date
    Nov 2014
    Posts
    10

    Default

    Yes, I ran all three items. Malware did clean about 1500 items, and I did run the third one. Had some issues recovering the log for that one.
    Computer runs better, no sign of the ads_everywhere.

    Thanks

    Ed

  6. #6
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,987

    Default

    What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
    Most reliable and thorough.
    The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
    This scanner can take quite a bit of time to run, depending of course how full your computer is.


    ESET Online Scan
    Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.


    Please run a free online scan with the ESET Online Scanner

    US Link: http://www.eset.com/us/online-scanner/
    EU Link: http://www.eset.eu/online-scanner/

    Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
    Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan.
    • Click the blue Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
    • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
    • Click on Advanced Settings
    • Make sure that the option Remove found threats is unticked.
    • Ensure these options are ticked
      • Scan archives
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

    • Under "Current Scan Targets" > click "change" and ensure all your drives are selected
    • Click Start
    • Wait for the scan to finish
    • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
    • Save that text file on your desktop. Attach the log as a reply to your next reply..
    • Close the ESET online scan, and let me know how things are now.


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #7
    Junior Member
    Join Date
    Nov 2014
    Posts
    10

    Default

    ESET Run. Log is attached below.

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DealAlly\node\conf.js.vir Win32/UnlimitedDownloads.D potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DealAlly\node\service.exe.vir a variant of Win32/UnlimitedDownloads.F potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DealAlly\node\sys.node.vir a variant of Win32/UnlimitedDownloads.I potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Hoist Search\node\conf.js.vir Win32/UnlimitedDownloads.D potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Hoist Search\node\service.exe.vir a variant of Win32/UnlimitedDownloads.F potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Hoist Search\node\sys.node.vir a variant of Win32/UnlimitedDownloads.I potentially unwanted application
    C:\AdwCleaner\Quarantine\C\ProgramData\Browser\prompt.exe.vir a variant of MSIL/Adware.PullUpdate.H application
    C:\AdwCleaner\Quarantine\C\Users\Phyllis\AppData\Local\GeniusBox\Client.exe.vir a variant of MSIL/Adware.iBryte.I application
    C:\AdwCleaner\Quarantine\C\Users\Phyllis\AppData\Local\GeniusBox\Tasks.exe.vir a variant of MSIL/Adware.iBryte.X application
    C:\AdwCleaner\Quarantine\C\Users\Phyllis\AppData\Local\GeniusBox\Uninstall.exe.vir a variant of MSIL/Adware.iBryte.X application
    C:\AdwCleaner\Quarantine\C\Users\Phyllis\AppData\Local\GeniusBox\Updater.exe.vir a variant of MSIL/Adware.iBryte.X application
    C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application
    C:\Program Files (x86)\Common Files\Cache utility\node\conf.js Win32/UnlimitedDownloads.D potentially unwanted application
    C:\Program Files (x86)\Common Files\Cache utility\node\service.exe a variant of Win32/UnlimitedDownloads.F potentially unwanted application
    C:\Program Files (x86)\Common Files\Cache utility\node\sys.node a variant of Win32/UnlimitedDownloads.I potentially unwanted application
    C:\Program Files (x86)\Common Files\Display settings\node\conf.js Win32/UnlimitedDownloads.D potentially unwanted application
    C:\Program Files (x86)\Common Files\Display settings\node\service.exe a variant of Win32/UnlimitedDownloads.F potentially unwanted application
    C:\Program Files (x86)\Common Files\Display settings\node\sys.node a variant of Win32/UnlimitedDownloads.I potentially unwanted application
    C:\Users\Phyllis\Downloads\MapsSetup.exe NSIS/TrojanDownloader.Adload.AD trojan
    C:\Users\Phyllis\Downloads\setup.exe Win32/Systweak.K potentially unwanted application

  8. #8
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,987

    Default

    Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
    To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

    start
    CreateRestorePoint:
    CloseProcesses:
    C:\Program Files (x86)\Common Files\Cache utility\node\conf.js
    C:\Program Files (x86)\Common Files\Cache utility\node\service.exe
    C:\Program Files (x86)\Common Files\Cache utility\node\sys.node
    C:\Program Files (x86)\Common Files\Display settings\node\conf.js
    C:\Program Files (x86)\Common Files\Display settings\node\service.exe
    C:\Program Files (x86)\Common Files\Display settings\node\sys.node
    C:\Users\Phyllis\Downloads\MapsSetup.exe
    C:\Users\Phyllis\Downloads\setup.exe
    EmptyTemp:
    End
    Open FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Please post this log when finished.

    How's your computer now?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #9
    Junior Member
    Join Date
    Nov 2014
    Posts
    10

    Default

    Ran software as directed, results from Fixlog attached.
    Computer is running much better with the ads gone.
    Many thanks for you help.



    Fix result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
    Ran by Phyllis at 2015-07-05 09:12:35 Run:3
    Running from C:\Users\Phyllis\Desktop
    Loaded Profiles: Phyllis (Available Profiles: Phyllis)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    C:\Program Files (x86)\Common Files\Cache utility\node\conf.js
    C:\Program Files (x86)\Common Files\Cache utility\node\service.exe
    C:\Program Files (x86)\Common Files\Cache utility\node\sys.node
    C:\Program Files (x86)\Common Files\Display settings\node\conf.js
    C:\Program Files (x86)\Common Files\Display settings\node\service.exe
    C:\Program Files (x86)\Common Files\Display settings\node\sys.node
    C:\Users\Phyllis\Downloads\MapsSetup.exe
    C:\Users\Phyllis\Downloads\setup.exe
    EmptyTemp:
    End
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    C:\Program Files (x86)\Common Files\Cache utility\node\conf.js => moved successfully.
    C:\Program Files (x86)\Common Files\Cache utility\node\service.exe => moved successfully.
    C:\Program Files (x86)\Common Files\Cache utility\node\sys.node => moved successfully.
    C:\Program Files (x86)\Common Files\Display settings\node\conf.js => moved successfully.
    C:\Program Files (x86)\Common Files\Display settings\node\service.exe => moved successfully.
    C:\Program Files (x86)\Common Files\Display settings\node\sys.node => moved successfully.
    C:\Users\Phyllis\Downloads\MapsSetup.exe => moved successfully.
    C:\Users\Phyllis\Downloads\setup.exe => moved successfully.
    EmptyTemp: => 187.7 MB temporary data Removed.


    The system needed a reboot..

    ==== End of Fixlog 09:13:24 ====

  10. #10
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,987

    Default

    Your good to go!

    DelFix
    • Please download DelFix or from Here and save the file to your Desktop.
    • Double-click DelFix.exe to run the programme.
    • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Click the Run button.
    • -- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).


    ~~~~~~


    The following programmes come highly recommended in the security community.
    • AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
    • CryptoPrevent places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
    • Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
    • Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
    • NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
    • Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
    • Secuina PSI will scan your computer for vulnerable softwarethat is outdated, and automatically find the latest update for you.
    • SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
    • Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.


    Want to help others? Join the ClassRoom and learn how.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •