Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random blank pop ups


  • This topic is locked This topic is locked
60 replies to this topic

#1 foofighter1971

foofighter1971

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 14 March 2015 - 12:10 PM

My computer is experiencing frequent pop ups.  I am not able to tell if there is anything I am doing that triggers it.  If I restart one of the blank pop up windows appears immediately after windows starts.  I have tried running Malwarebytes Anti Malwawre and Spybot (which from what I have now read may not be the best program to use) to no avail.  The pop up is a blank window with - javascript:"\..mshtml.RUNHTMLapplication... - at the top of the window.  I am running Windows.



BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:28 AM

Posted 19 March 2015 - 02:25 PM

Hello foofighter1971, and welcome to Bleeping Computer! :thumbsup:

First of all, we apologize for not replying to your topic sooner! The forum can get busy at times, and the plain truth is that there are many more people who need help, than there are helpers to go around. ...But now that I've taken your topic, I'm going to stay with you until the end! :)

==========

My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

A few things to keep in mind while we are working together:
  • If you have since resolved the original problem you were having, I would appreciate it if you let me know.
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • Please copy and paste all logs here unless otherwise instructed!
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • Please do not run any other tools without my instruction to do so!
==========

Just to let you know, I have moved this topic to the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay. This is so that we can get all the proper logs posted without any issues. :wink:

====================

Okay, now let's get down to business! :)

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

bloopie

#3 foofighter1971

foofighter1971
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 20 March 2015 - 07:36 AM

Thank you for the reply - I will get started tonight after work.



#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:28 AM

Posted 20 March 2015 - 02:51 PM

No problem, and take your time...I may not get to analyze the logs until tomorrow, but you can post them whenever you're ready. :thumbup2:

 

bloopie



#5 foofighter1971

foofighter1971
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 20 March 2015 - 09:58 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Groskreutz Dell (administrator) on GROSKREUTZDELL on 20-03-2015 21:52:38
Running from C:\Users\Groskreutz Dell\Downloads
Loaded Profiles: Groskreutz Dell (Available profiles: UpdatusUser & Groskreutz Dell)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Users\Groskreutz Dell\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit\fitbit.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818856 2011-08-26] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7284328 2011-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-15] (Intel® Corporation)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4146848 2011-08-29] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [495616 2014-05-12] (Greenshot)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [RemoteControl9] => c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [76872 2012-03-27] (cyberlink)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1611160 2011-03-28] (CANON INC.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-09-01] (Research In Motion Limited)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [380088 2012-07-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Client Access Service] => C:\Program Files (x86)\IBM\Client Access\cwbsvstr.exe [14848 2007-12-11] (IBM Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3362336 2014-01-10] (Fitbit, Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [377368 2014-03-11] (Power Software Ltd)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ivijios-x32: C:\Users\Groskreutz Dell\AppData\Local\ivijios.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\Run: [Fitbit Service Monitor] => C:\Program Files (x86)\Fitbit\fitbit-tray.exe [2177056 2012-04-11] (Fitbit, Inc.)
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\Run: [Google Update] => C:\Users\Groskreutz Dell\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-15] (Google Inc.)
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1938112 2014-09-22] (Valve Corporation)
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\Run: [GoToAssist Remote Support Expert] => C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\594\g2ax_start.exe [610376 2013-12-13] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3362336 2014-01-10] (Fitbit, Inc.)
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\Run: [Spotify Web Helper] => C:\Users\Groskreutz Dell\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-14] (Spotify Ltd)
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\Run: [Amazon Music] => C:\Users\Groskreutz Dell\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886272 2015-02-27] ()
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5105288 2014-10-15] (Plex, Inc.)
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\Run: [suxwysoaw] => regsvr32.exe /s "C:\Users\Groskreutz Dell\AppData\Local\The Lord of the Rings Online\suxwysoaw.dll" <===== ATTENTION
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\Run: [ivijios] => rundll32 "C:\Users\Groskreutz Dell\AppData\Local\ivijios.dll",ivijios <===== ATTENTION
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\Run: [VoleReqz] => regsvr32.exe "C:\ProgramData\VoleReqz\VoleReqz.dat"
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\Run: [Svc2dll] => C:\Users\Groskreutz Dell\AppData\Local\svcxdcl32.exe
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\Run: [LarvaKwulu] => regsvr32.exe "C:\ProgramData\LarvaKwulu\LarvaKwulu.dat"
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\Run: [DellSystemDetect] => C:\Users\Groskreutz Dell\AppData\Local\Apps\2.0\5DWL199K.LKT\HCLPBTA2.GGZ\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe [264488 2014-11-01] (Dell)
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\RunOnce: [Uninstall C:\Users\Groskreutz Dell\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Groskreutz Dell\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\RunOnce: [Uninstall C:\Users\Groskreutz Dell\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Groskreutz Dell\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811"
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\MountPoints2: F - F:\Autorun.exe
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\MountPoints2: I - I:\Autorun.exe
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
AppInit_DLLs: C:\PROGRA~2\Amazon\AMAZON~2\AMAZON~2.DLL => C:\Program Files (x86)\Amazon\AmazonSmile1ButtonApp\AmazonSmileExtIE64.dll [155648 2014-02-03] (Amazon Inc.)
AppInit_DLLs: , C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll [119616 2014-05-23] (Amazon Inc.)
AppInit_DLLs-x32: C:\PROGRA~2\Amazon\AMAZON~2\\AMAZON~3.DLL => C:\Program Files (x86)\Amazon\AmazonSmile1ButtonApp\\AmazonSmileExtIE.dll [140288 2014-02-03] (Amazon Inc.)
AppInit_DLLs-x32: , c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [205184 2013-03-15] (NVIDIA Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2992228244-1796215829-932547055-1002\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-2992228244-1796215829-932547055-1002] => http=127.0.0.1:59089;https=127.0.0.1:59089
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
SearchScopes: HKLM -> DefaultScope {D4D60379-D8AE-4C6A-B2BC-8CFA35743316} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {D4D60379-D8AE-4C6A-B2BC-8CFA35743316} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {D4D60379-D8AE-4C6A-B2BC-8CFA35743316} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {D4D60379-D8AE-4C6A-B2BC-8CFA35743316} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2992228244-1796215829-932547055-1002 -> {C4EF8B7E-968B-4166-B8CC-3F0AAB229E28} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120622184537.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll [2013-09-06] (McAfee, Inc.)
BHO-x32: No Name -> {2CEBF6C7-2B40-469B-B5D5-CD3F3676C3C4} ->  No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14] (CANON INC.)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622184537.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14] (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-2992228244-1796215829-932547055-1002 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKU\S-1-5-21-2992228244-1796215829-932547055-1002 -> No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} -  No File
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: HKLM-x32 {A2EBA59E-C601-4AE3-900B-6B61F29500BE} https://widow1.factualdata.com/ocx/print3.ocx
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-05] (Cozi Group, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2012-07-27] (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-07-12] (Google)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [2013-09-06] (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-11-26] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-11-26] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-03-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-03-14] (NVIDIA Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2011-05-26] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2992228244-1796215829-932547055-1002: @nds.com/PCShowPlugin -> C:\Users\Groskreutz Dell\AppData\Local\DIRECTV Player\npPCShowPlugin.dll [2012-04-02] (NDS)
FF Plugin HKU\S-1-5-21-2992228244-1796215829-932547055-1002: @nds.com/PlayerPlugin -> C:\Users\Groskreutz Dell\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2012-04-02] (NDS)
FF Plugin HKU\S-1-5-21-2992228244-1796215829-932547055-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\Groskreutz Dell\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-2992228244-1796215829-932547055-1002: @talk.google.com/O1DPlugin -> C:\Users\Groskreutz Dell\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-2992228244-1796215829-932547055-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Groskreutz Dell\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2992228244-1796215829-932547055-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Groskreutz Dell\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2992228244-1796215829-932547055-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Groskreutz Dell\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
FF Plugin HKU\S-1-5-21-2992228244-1796215829-932547055-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll [2012-07-24] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-2992228244-1796215829-932547055-1002: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Groskreutz Dell\AppData\Roaming\Catalina – Print Savings\npBcsKtTcIO.dll [2013-06-07] (Catalina Marketing Corporation)
FF Plugin HKU\S-1-5-21-2992228244-1796215829-932547055-1002: DISH Anywhere.com/DISH Anywhere Video Player -> C:\Users\Groskreutz Dell\AppData\Roaming\DISH Anywhere\DISH Anywhere Video Player\npNMPCBrowserPlugin.dll [2014-09-01] (Nagravision)
FF Plugin HKU\S-1-5-21-2992228244-1796215829-932547055-1002: NDS.com/PlayerPlugin -> C:\Users\Groskreutz Dell\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2012-04-02] (NDS)
FF Plugin ProgramFiles/Appdata: C:\Users\Groskreutz Dell\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Groskreutz Dell\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Groskreutz Dell\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Groskreutz Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-14]
CHR Extension: (Google Cast) - C:\Users\Groskreutz Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-05-05]
CHR Extension: (YouTube theme: sand) - C:\Users\Groskreutz Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjhmlakbmfkhpdceldddfefloboeehoo [2014-08-01]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Groskreutz Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2014-05-05]
CHR Extension: (Voice Messenger Web) - C:\Users\Groskreutz Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbfjllgocpapeahmekdlcjfnnmimjlbk [2013-12-15]
CHR Extension: (Plex) - C:\Users\Groskreutz Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpniocchabmgenibceglhnfeimmdhdfm [2014-05-05]
CHR Extension: (SlingPlayer for DISH Anywhere) - C:\Users\Groskreutz Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcnpmlegoehfgohpkmjhpohjchokamnn [2014-12-07]
CHR Extension: (DISH Anywhere Video Player Extension) - C:\Users\Groskreutz Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfihmdfalfpnnebhgpmopljbopmkea [2014-11-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Groskreutz Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (No Name) - C:\Users\Groskreutz Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd [2014-12-10]
CHR Extension: (Google Wallet) - C:\Users\Groskreutz Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [915736 2013-07-28] (BitRaider, LLC)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
S2 CLKMSVC10_9EC60124; c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [242448 2012-03-27] (CyberLink)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)
R2 Fitbit; C:\Program Files (x86)\Fitbit\fitbit.exe [770080 2012-04-11] (Fitbit, Inc.) [File not signed]
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1435680 2014-01-10] (Fitbit, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [288768 2011-10-10] (Intel Corporation) [File not signed]
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S3 iBtFltCoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [59904 2011-10-11] (Intel Corporation) [File not signed]
S3 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-03-15] (NVIDIA Corporation)
S3 NvStUSB; C:\Windows\system32\drivers\nvstusb.sys [122472 2011-06-12] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 BRDriver64; \??\C:\programdata\bitraider\BRDriver64.sys [X]
S3 btmaudio; system32\drivers\btmaud.sys [X]
S3 btmaux; system32\DRIVERS\btmaux.sys [X]
S3 CtClsFlt; system32\DRIVERS\CtClsFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-20 21:52 - 2015-03-20 21:53 - 00039909 _____ () C:\Users\Groskreutz Dell\Downloads\FRST.txt
2015-03-20 21:52 - 2015-03-20 21:52 - 00000000 ____D () C:\FRST
2015-03-20 21:51 - 2015-03-20 21:51 - 02095616 _____ (Farbar) C:\Users\Groskreutz Dell\Downloads\FRST64 (2).exe
2015-03-20 21:51 - 2015-03-20 21:51 - 02095616 _____ (Farbar) C:\Users\Groskreutz Dell\Downloads\FRST64 (1).exe
2015-03-20 21:50 - 2015-03-20 21:51 - 02095616 _____ (Farbar) C:\Users\Groskreutz Dell\Downloads\FRST64.exe
2015-03-19 06:13 - 2015-03-19 06:14 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.6
2015-03-16 06:16 - 2015-03-16 06:16 - 00000000 ____D () C:\Users\Groskreutz Dell\AppData\Local\Wide_Angle_Software
2015-03-15 15:41 - 2015-03-19 06:09 - 00000000 ____D () C:\Users\Groskreutz Dell\AppData\Local\Wide Angle Software
2015-03-15 15:40 - 2015-03-15 15:40 - 00002631 _____ () C:\Users\Public\Desktop\Tune Sweeper.lnk
2015-03-15 15:40 - 2015-03-15 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wide Angle Software
2015-03-15 15:40 - 2015-03-15 15:40 - 00000000 ____D () C:\Program Files (x86)\Wide Angle Software
2015-03-15 15:38 - 2015-03-15 15:39 - 06484992 _____ () C:\Users\Groskreutz Dell\Downloads\TuneSweeper4.msi
2015-03-12 20:58 - 2015-03-20 07:25 - 00229888 _____ () C:\Users\Groskreutz Dell\Documents\bills 7-23-07 (Autosaved) (Autosaved) (Autosaved) (Autosaved) (Autosaved).xls
2015-03-11 06:47 - 2015-02-19 23:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 06:47 - 2015-02-19 23:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 06:47 - 2015-02-19 23:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 06:47 - 2015-02-19 23:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 06:47 - 2015-02-19 23:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 06:47 - 2015-02-19 23:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 06:47 - 2015-02-19 23:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 06:47 - 2015-02-19 23:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 06:47 - 2015-02-19 22:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 06:47 - 2015-02-19 22:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 06:47 - 2015-02-02 22:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 06:47 - 2015-02-02 22:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 06:47 - 2015-02-02 22:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 06:47 - 2015-02-02 22:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 06:47 - 2015-02-02 22:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 06:47 - 2015-02-02 22:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 06:47 - 2015-02-02 22:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 06:47 - 2015-02-02 22:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 06:47 - 2015-02-02 22:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 06:47 - 2015-02-02 22:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 06:47 - 2015-02-02 22:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 06:47 - 2015-02-02 22:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 06:47 - 2015-02-02 22:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 06:47 - 2015-02-02 22:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 06:47 - 2015-02-02 22:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 06:47 - 2015-02-02 22:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 06:47 - 2015-02-02 22:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 06:47 - 2015-02-02 22:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 06:47 - 2015-02-02 22:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 06:47 - 2015-02-02 22:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 06:47 - 2015-02-02 22:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 06:47 - 2015-02-02 22:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 06:47 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 06:47 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 06:47 - 2015-02-02 22:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 06:47 - 2015-02-02 22:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 06:47 - 2015-02-02 22:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 06:47 - 2015-02-02 22:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 06:47 - 2015-02-02 22:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 06:47 - 2015-02-02 22:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 06:47 - 2015-02-02 22:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 06:47 - 2015-02-02 22:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 06:47 - 2015-02-02 22:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 06:47 - 2015-02-02 22:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 06:47 - 2015-02-02 22:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 06:47 - 2015-02-02 22:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 06:47 - 2015-02-02 22:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 06:47 - 2015-02-02 22:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 06:47 - 2015-02-02 22:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 06:47 - 2015-02-02 22:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 06:47 - 2015-02-02 22:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 06:47 - 2015-02-02 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 06:47 - 2015-02-02 22:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 06:47 - 2015-02-02 22:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 06:47 - 2015-02-02 22:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 06:47 - 2015-02-02 22:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 06:47 - 2015-02-02 22:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 06:47 - 2015-02-02 22:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 06:47 - 2015-02-02 22:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 06:47 - 2015-02-02 22:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 06:47 - 2015-02-02 22:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 06:47 - 2015-02-02 22:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 06:47 - 2015-02-02 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 06:47 - 2015-02-02 22:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 06:47 - 2015-02-02 22:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 06:47 - 2015-02-02 22:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 06:47 - 2015-02-02 22:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 06:47 - 2015-02-02 22:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 06:47 - 2015-02-02 22:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 06:47 - 2015-02-02 22:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 06:47 - 2015-02-02 22:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 06:47 - 2015-02-02 22:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 06:47 - 2015-02-02 22:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 06:47 - 2015-02-02 22:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 06:47 - 2015-02-02 22:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 06:47 - 2015-02-02 22:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 06:47 - 2015-02-02 22:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 06:47 - 2015-02-02 22:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 06:47 - 2015-02-02 22:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 06:47 - 2015-02-02 22:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 06:47 - 2015-02-02 22:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 06:47 - 2015-02-02 22:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 06:47 - 2015-02-02 22:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 06:47 - 2015-02-02 22:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 06:47 - 2015-02-02 22:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 06:47 - 2015-02-02 22:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 06:47 - 2015-02-02 22:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 06:47 - 2015-02-02 22:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 06:47 - 2015-02-02 22:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 06:47 - 2015-02-02 22:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 06:47 - 2015-02-02 22:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 06:47 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 06:47 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 06:47 - 2015-02-02 22:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 06:47 - 2015-02-02 22:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 06:47 - 2015-02-02 22:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 06:47 - 2015-02-02 22:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 06:47 - 2015-02-02 22:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 06:47 - 2015-02-02 21:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 06:47 - 2014-10-31 17:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 06:47 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 06:47 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 06:46 - 2015-03-06 00:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 06:46 - 2015-03-06 00:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 06:46 - 2015-03-06 00:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 06:46 - 2015-03-06 00:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 06:46 - 2015-03-06 00:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 06:46 - 2015-03-06 00:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 06:46 - 2015-03-06 00:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 06:46 - 2015-03-06 00:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 06:46 - 2015-03-06 00:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 06:46 - 2015-03-06 00:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 06:46 - 2015-03-06 00:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 06:46 - 2015-03-06 00:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 06:46 - 2015-03-06 00:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 06:46 - 2015-03-06 00:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 06:46 - 2015-03-06 00:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 06:46 - 2015-03-06 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 06:46 - 2015-03-06 00:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 06:46 - 2015-03-06 00:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 06:46 - 2015-03-06 00:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 06:46 - 2015-03-06 00:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 06:46 - 2015-03-06 00:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 06:46 - 2015-03-06 00:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 06:46 - 2015-03-06 00:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 06:46 - 2015-03-06 00:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 06:46 - 2015-03-06 00:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 06:46 - 2015-03-06 00:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 06:46 - 2015-03-06 00:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 06:46 - 2015-03-06 00:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 06:46 - 2015-03-06 00:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 06:46 - 2015-03-06 00:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 06:46 - 2015-03-06 00:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 06:46 - 2015-02-25 22:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 06:46 - 2015-02-23 22:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 06:46 - 2015-02-23 21:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 06:46 - 2015-02-20 20:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 06:46 - 2015-02-20 19:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 06:46 - 2015-02-20 19:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 06:46 - 2015-02-20 19:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 06:46 - 2015-02-20 19:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 06:46 - 2015-02-20 18:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 06:46 - 2015-02-20 18:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 06:46 - 2015-02-19 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 06:46 - 2015-02-19 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 06:46 - 2015-02-19 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 06:46 - 2015-02-19 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 06:46 - 2015-02-19 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 06:46 - 2015-02-19 21:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 06:46 - 2015-02-19 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 06:46 - 2015-02-19 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 06:46 - 2015-02-19 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 06:46 - 2015-02-19 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 06:46 - 2015-02-19 21:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 06:46 - 2015-02-19 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 06:46 - 2015-02-19 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 06:46 - 2015-02-19 21:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 06:46 - 2015-02-19 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 06:46 - 2015-02-19 21:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 06:46 - 2015-02-19 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 06:46 - 2015-02-19 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 06:46 - 2015-02-19 21:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 06:46 - 2015-02-19 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 06:46 - 2015-02-19 21:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 06:46 - 2015-02-19 21:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 06:46 - 2015-02-19 21:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 06:46 - 2015-02-19 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 06:46 - 2015-02-19 21:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 06:46 - 2015-02-19 21:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 06:46 - 2015-02-19 21:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 06:46 - 2015-02-19 20:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 06:46 - 2015-02-19 20:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 06:46 - 2015-02-19 20:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 06:46 - 2015-02-19 20:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 06:46 - 2015-02-19 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 06:46 - 2015-02-19 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 06:46 - 2015-02-19 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 06:46 - 2015-02-19 20:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 06:46 - 2015-02-19 20:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 06:46 - 2015-02-19 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 06:46 - 2015-02-19 20:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 06:46 - 2015-02-19 20:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 06:46 - 2015-02-19 20:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 06:46 - 2015-02-19 20:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 06:46 - 2015-02-19 20:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 06:46 - 2015-02-19 20:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 06:46 - 2015-02-19 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 06:46 - 2015-02-19 20:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 06:46 - 2015-02-19 19:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 06:46 - 2015-02-19 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 06:46 - 2015-02-13 00:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 06:46 - 2015-02-13 00:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 06:46 - 2015-02-02 22:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 06:46 - 2015-02-02 22:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 06:46 - 2015-02-02 22:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 06:46 - 2015-02-02 22:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 06:46 - 2015-01-30 18:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 06:46 - 2015-01-16 21:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 06:46 - 2015-01-16 21:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 06:44 - 2015-02-03 22:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 06:44 - 2015-02-03 21:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-04 14:05 - 2015-03-04 14:06 - 15621448 _____ (Ventis Media Inc. ) C:\Users\Groskreutz Dell\Downloads\MediaMonkey_4.1.6.1736.exe
2015-03-03 16:51 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-03 16:51 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-03 16:51 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-03 16:51 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-03-02 13:27 - 2015-03-02 13:27 - 00002531 _____ () C:\Users\Public\Desktop\TurboTax 2014.lnk
2015-03-02 13:27 - 2015-03-02 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2014
2015-02-26 04:00 - 2015-01-08 18:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-26 04:00 - 2015-01-08 18:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-22 16:16 - 2015-02-22 16:16 - 00639400 _____ (Oracle Corporation) C:\Users\Groskreutz Dell\Downloads\chromeinstall-8u31.exe
2015-02-21 12:58 - 2015-02-21 12:58 - 00001715 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-21 12:58 - 2015-02-21 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-21 12:57 - 2015-02-21 12:58 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-21 12:57 - 2015-02-21 12:58 - 00000000 ____D () C:\Program Files\iTunes
2015-02-21 12:57 - 2015-02-21 12:57 - 00000000 ____D () C:\Program Files\iPod
2015-02-21 12:57 - 2015-02-21 12:57 - 00000000 ____D () C:\Program Files (x86)\iTunes
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-20 21:13 - 2012-01-29 13:25 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-20 21:11 - 2012-01-27 17:20 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2992228244-1796215829-932547055-1002UA.job
2015-03-20 21:09 - 2009-07-13 23:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-20 21:09 - 2009-07-13 23:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-20 21:04 - 2012-01-03 00:00 - 01408849 _____ () C:\Windows\WindowsUpdate.log
2015-03-20 21:03 - 2012-04-09 20:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-20 20:11 - 2012-01-27 17:20 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2992228244-1796215829-932547055-1002Core.job
2015-03-20 20:10 - 2012-01-02 22:40 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-03-20 20:09 - 2015-02-11 11:09 - 00003484 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-03-20 12:13 - 2012-01-29 13:25 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-19 07:11 - 2012-01-19 12:58 - 00000000 ____D () C:\Users\Groskreutz Dell\Documents\TurboTax
2015-03-19 06:20 - 2009-07-14 00:13 - 00819184 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-19 06:14 - 2012-01-02 22:45 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2015-03-19 06:14 - 2012-01-02 22:45 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2015-03-19 06:13 - 2012-01-02 23:57 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-19 06:13 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-19 06:13 - 2009-07-13 23:51 - 00189268 _____ () C:\Windows\setupact.log
2015-03-18 20:28 - 2010-11-20 22:47 - 00536684 _____ () C:\Windows\PFRO.log
2015-03-18 06:36 - 2013-10-22 19:46 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-15 20:53 - 2014-08-24 12:53 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-03-15 20:42 - 2009-07-14 00:08 - 00032560 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-15 20:41 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-15 13:42 - 2009-07-13 23:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-12 04:52 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-03-12 03:34 - 2009-07-13 23:45 - 00496904 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 03:30 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 03:30 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 03:10 - 2013-08-01 20:47 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 03:02 - 2012-01-18 22:54 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-09 13:48 - 2015-02-12 09:41 - 00229888 _____ () C:\Users\Groskreutz Dell\Documents\bills 7-23-07 (Autosaved) (Autosaved) (Autosaved) (Autosaved).xls
2015-03-09 07:00 - 2013-05-21 08:37 - 00010974 _____ () C:\Users\Groskreutz Dell\Documents\vermilion.xlsx
2015-03-07 16:50 - 2012-07-04 13:33 - 00000000 ____D () C:\Program Files (x86)\Handbrake
2015-03-06 09:06 - 2012-07-14 07:32 - 00000000 ____D () C:\Users\Groskreutz Dell\AppData\Roaming\vlc
2015-03-06 09:06 - 2012-07-04 13:02 - 00000000 ____D () C:\Users\Groskreutz Dell\AppData\Roaming\HandBrake
2015-03-04 04:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2015-03-02 13:28 - 2012-01-19 12:54 - 00001385 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-03-02 13:26 - 2012-01-19 12:36 - 00000000 ____D () C:\Program Files (x86)\TurboTax
2015-02-24 04:17 - 2010-11-20 22:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-22 14:49 - 2014-06-25 07:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-21 12:57 - 2012-01-07 16:35 - 00000000 ____D () C:\Program Files\Common Files\Apple
 
==================== Files in the root of some directories =======
 
2012-04-01 16:38 - 2012-04-14 08:46 - 0000462 _____ () C:\Users\Groskreutz Dell\AppData\Roaming\Rim.Desktop.Exception.log
2012-04-01 16:38 - 2012-04-01 16:38 - 0001153 _____ () C:\Users\Groskreutz Dell\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-04-01 16:38 - 2012-04-14 08:46 - 0000462 _____ () C:\Users\Groskreutz Dell\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-11-09 03:49 - 2014-11-09 03:49 - 0000448 ____H () C:\Users\Groskreutz Dell\AppData\Roaming\麽鎒駓覜
2012-01-09 16:26 - 2014-02-23 20:19 - 0070144 ____H () C:\Users\Groskreutz Dell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-04 10:29 - 2012-11-04 10:29 - 0000103 ____H () C:\Users\Groskreutz Dell\AppData\Local\fusioncache.dat
2014-05-05 21:26 - 2014-05-05 21:26 - 1745608 ____H (AnyProtect.com) C:\Users\Groskreutz Dell\AppData\Local\nsgFF05.tmp
2014-11-09 03:49 - 2014-11-09 10:58 - 0000424 _____ () C:\ProgramData\@system.temp
2014-11-09 03:50 - 2014-11-09 10:59 - 0000160 ____H () C:\ProgramData\@system3.att
2012-01-19 12:54 - 2015-03-02 13:28 - 0001385 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Files to move or delete:
====================
C:\Users\Groskreutz Dell\g2ax_expert_downloadhelper_win32_x86.exe
 
 
Some content of TEMP:
====================
C:\Users\Groskreutz Dell\AppData\Local\Temp\2EB4.exe
C:\Users\Groskreutz Dell\AppData\Local\Temp\APNSetup.exe
C:\Users\Groskreutz Dell\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Groskreutz Dell\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Groskreutz Dell\AppData\Local\Temp\Quarantine.exe
C:\Users\Groskreutz Dell\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Groskreutz Dell\AppData\Local\Temp\sqlite3.dll
C:\Users\Groskreutz Dell\AppData\Local\Temp\vlc-2.1.5-win32.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\fnzavqh.dll
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-15 00:36
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Groskreutz Dell at 2015-03-20 21:53:34
Running from C:\Users\Groskreutz Dell\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Akamai NetSession Interface (HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon 1Button App (HKLM-x32\...\{4D875057-4353-4B8F-93E5-8C3DC7F34EA9}) (Version: 1.0.8 - Amazon)
Amazon Cloud Drive (HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\23ab716f18849b6f) (Version: 2.4.2013.3290 - Amazon)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC)
AmazonSmile 1Button App (HKLM-x32\...\{D775E291-9D15-4AAE-B75C-ECBD32B82B86}) (Version: 1.0.0 - Amazon)
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version:  - Frictional Games)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.6.3 - BitRaider, LLC)
BlackBerry Desktop Software 6.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 6.1.0.36 - Research In Motion Ltd.)
BlackBerry Desktop Software 6.1 (x32 Version: 6.1.0.36 - Research In Motion Ltd.) Hidden
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Blurity version 1.5.171 (HKLM-x32\...\{E296676F-4FE5-42B8-AF08-014D274EA1A1}_is1) (Version: 1.5.171 - Nesota LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Botanicula (HKLM-x32\...\Steam App 207690) (Version:  - Amanita Design)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - Canon Inc.)
Canon MG5300 series User Registration (HKLM-x32\...\Canon MG5300 series User Registration) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Catalina Savings Printer (HKLM\...\{21C069A6-6934-4EF1-92C9-CC6CFF1416A0}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
Cisco AnyConnect VPN Client (HKLM-x32\...\{92083A9A-549D-4057-88E8-223EA08563FA}) (Version: 2.4.1012 - Cisco Systems, Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.3.0.55 - Citrix Systems, Inc.)
Combined Community Codec Pack 2011-11-11 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.11.11.0 - CCCP Project)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
CyberLink PowerDVD 9.6 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.6.1.5127 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.52 - Dell)
Dell System Detect (HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\73f463568823ebbe) (Version: 5.12.0.3 - Dell)
Dell System Detect Bootstrapper (HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\8e3135b376bd523e) (Version: 5.1.0.41 - Dell)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
DIRECTV Player (HKLM-x32\...\{5F3783B7-F809-45A7-8A92-A44B441FDA7C}) (Version: 4.00 - DIRECTV)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DISH Anywhere Video Player (HKLM-x32\...\{80940219-E895-4311-B541-3FB8E7AFD392}) (Version: 2.18.0 - DISH Anywhere)
DISH Anywhere Video Player Installer (x32 Version: 0.0.0.42 - Sling Media) Hidden
DishAnywhereDesktop (HKLM-x32\...\{08a64f52-18b8-47f8-a98c-ada6d5696dca}) (Version: 0.0.0.42 - Sling Media)
DraftDominator Version 15.0j (HKLM-x32\...\DraftDominator_is1) (Version:  - )
DVD43 Plug-in v1.0.0.5 (HKLM-x32\...\DVD43 Plug-in_is1) (Version:  - )
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
ffdshow v1.2.4475 [2012-07-12] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4475.0 - )
Fitbit Base Station (Driver Removal) (HKLM-x32\...\FITBIT&10C4&84C4) (Version:  - Fitbit)
Fitbit Connect (HKLM-x32\...\{6A7C2B2E-36A3-4EF5-96C6-708CD090A3AD}) (Version: 1.0.1.5127 - Fitbit Inc.)
Fitbit v2.1.0.8 (HKLM-x32\...\Fitbit Data Uploader_is1) (Version: 2.1.0.8 - Fitbit, Inc.)
Flixster (HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\404b9336c7552828) (Version: 1.9.0.205 - Flixster)
GameRanger (HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\GameRanger) (Version:  - GameRanger Technologies)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{79361740-EAE3-11E2-9911-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)
GoToAssist Expert 1.6.0.594 (HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\GoToAssist Remote Support Expert) (Version: 1.6.0.594 - Citrix Online)
Greenshot 1.1.9.13 (HKLM\...\Greenshot_is1) (Version: 1.1.9.13 - Greenshot)
HandBrake 0.9.6 (HKLM-x32\...\HandBrake) (Version: 0.9.6 - )
IBM System i Access for Windows V6R1M0 (HKLM\...\{164EB883-354E-4290-AD76-67CEE65403A3}) (Version: 06.01.0001 - IBM)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2455 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LineupDominator Version 10.0a Full (HKLM-x32\...\LineupDominator_is1) (Version:  - )
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Marvel Puzzle Quest: Dark Reign (HKLM-x32\...\Steam App 234330) (Version:  - )
Mask of Eternity (HKLM-x32\...\Mask of Eternity) (Version:  - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.8 - McAfee, Inc.)
McPixel (HKLM-x32\...\Steam App 220860) (Version:  - Sos)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
MFL Import Version 5.0a (HKLM-x32\...\MFL Import_is1) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\OneDriveSetup.exe) (Version: 17.0.4029.0217 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nuclear Throne (HKLM-x32\...\Steam App 242680) (Version:  - Vlambeer)
NVIDIA 3D Vision Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Graphics Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Plex Media Server (HKLM-x32\...\{5ea93dc7-0906-47a6-8033-d26ed443f0a8}) (Version: 0.9.1101 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1101 - Plex, Inc.) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.9 - Power Software Ltd)
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.54.0 - PS3 Media Server)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.22 - Dell Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6449 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.44 - Piriform)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Self-service Plug-in (x32 Version: 3.3.0.27839 - Citrix Systems, Inc.) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version:  - )
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SlingPlayer for Web (HKLM-x32\...\{46994DA0-6572-4A02-9354-FC49ACE8C104}) (Version: 2.4.089 - Sling Media)
Smilebox (HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\Smilebox) (Version: 1.1.1.1 - Smilebox, Inc.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.22 - Piriform)
Spotify (HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Star Wars Galactic Battlegrounds: Saga (HKLM-x32\...\{10133CDD-50B9-4783-B336-8B48F3653715}) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.22.0 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM-x32\...\{943A8D28-80D6-41DC-AE94-81FEB42041BF}) (Version: 4.5.1.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
The Showdown Effect (HKLM-x32\...\Steam App 204080) (Version:  - Arrowhead Game Studios)
Thomas Was Alone (HKLM-x32\...\Steam App 220780) (Version:  - Mike Bithell)
TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
Tune Sweeper 4 (HKLM-x32\...\{3D4B1A4E-F0F4-438D-9DCE-5CBBFD9277F7}) (Version: 4.06 - Wide Angle Software)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Unity Web Player (HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VUDU To Go (HKLM-x32\...\com.vudu.air.Downloader) (Version: 2.1.5 - Vudu)
VUDU To Go (x32 Version: 2.1.5 - Vudu) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
XBMC (HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\XBMC) (Version:  - Team XBMC)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2992228244-1796215829-932547055-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Groskreutz Dell\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2992228244-1796215829-932547055-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Groskreutz Dell\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2992228244-1796215829-932547055-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Groskreutz Dell\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2992228244-1796215829-932547055-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Groskreutz Dell\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2992228244-1796215829-932547055-1002_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-2992228244-1796215829-932547055-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Groskreutz Dell\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2992228244-1796215829-932547055-1002_Classes\CLSID\{caffac23-bb21-4945-8574-40cf5a940ad0}\InprocServer32 -> C:\Users\Groskreutz Dell\AppData\Roaming\Catalina – Print Savings\npBcsKtTcIO.dll (Catalina Marketing Corporation)
CustomCLSID: HKU\S-1-5-21-2992228244-1796215829-932547055-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Groskreutz Dell\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2992228244-1796215829-932547055-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Groskreutz Dell\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2992228244-1796215829-932547055-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Groskreutz Dell\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2992228244-1796215829-932547055-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Groskreutz Dell\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2992228244-1796215829-932547055-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Groskreutz Dell\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
12-03-2015 03:00:14 Windows Update
15-03-2015 15:39:55 Installed Tune Sweeper 4
17-03-2015 03:46:56 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {01FA0D8B-8769-4328-8D06-006A22BDC0ED} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {1403808F-4CD4-46D0-A14F-360FCFC80ABC} - System32\Tasks\{D880F4CC-ACBE-2CB3-D4BC-08CBCA2346B4} => C:\Windows\system32\unidar.dll/s "C:\Windows\system32\unidar.dll"
Task: {1737FFC2-0730-40BF-90AC-AAA506FABE95} - System32\Tasks\{EB625D00-F8C4-41A7-81D2-A9F94DD5A420} => Iexplore.exe http://ui.skype.com/ui/0/5.5.0.124.259/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1618
Task: {1AB07B3D-EE4D-4D6D-AC1E-99F9927F3DDF} - System32\Tasks\{C416F941-F3FE-4B80-8DDA-F6E6B071AD9A} => C:\Users\Groskreutz Dell\AppData\Roaming\Smilebox\SmileboxStarter.exe [2012-09-04] (Smilebox, Inc.)
Task: {3A12E4CB-A85A-49F6-A848-FCE6A42767E8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {436FABFC-4810-4B20-B174-4555E95C6AB6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {49487C15-3C47-4379-A073-5AF187AC46C7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2992228244-1796215829-932547055-1002Core => C:\Users\Groskreutz Dell\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-15] (Google Inc.)
Task: {5D830F39-EFB3-439B-92FB-58FEFAF59574} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {5DDA1A2B-DA8F-43D4-9BF7-8B0DA78AF0D5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-02-10] (Microsoft Corporation)
Task: {5EDFD28B-5521-442B-A6AC-9CEA42FEACB8} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {6E0DBBBA-3AE7-47B3-9A35-B4B37078B72D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {7E229A0F-1DCA-4804-92D9-A4BD61770D22} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {890A3897-25B8-4E2E-9D81-55E08C30A974} - System32\Tasks\Amazon Music Helper => C:\Users\Groskreutz Dell\AppData\Local\Amazon Music\Amazon Music Helper.exe [2015-02-27] ()
Task: {9297C52C-25E1-48B0-913B-72E8E428332A} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {93ED4B7E-FE86-46B1-92C0-D55A36603713} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2992228244-1796215829-932547055-1002UA => C:\Users\Groskreutz Dell\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-15] (Google Inc.)
Task: {997F4A38-DBB1-4962-A64A-ECAB5E29102D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {A2A6F623-58EE-47A5-B3AA-31D6252D70BB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {A918D1EC-C046-402C-862B-B69E00F2EBE4} - System32\Tasks\{7ACCBB13-1FFB-4492-810E-C1622984C3B4} => pcalua.exe -a "C:\Users\Groskreutz Dell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SSOPZPX9\GameRangerSetup.exe" -d "C:\Users\Groskreutz Dell\Desktop"
Task: {AD8B13A0-BD9B-4569-873E-A7C377563D14} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {B7315D19-29BA-4F48-BD06-AEE418F816C3} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {BA39C128-1A57-4191-8BDB-2ED0407FB73B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {BC110D03-1521-4486-AC88-F2270182AFED} - System32\Tasks\{D4DF297C-5DA8-4012-800C-B542F1C22337} => C:\Users\Groskreutz Dell\AppData\Roaming\Smilebox\SmileboxStarter.exe [2012-09-04] (Smilebox, Inc.)
Task: {BE282893-F763-4060-80EE-BFCA21007709} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {C0601E43-395B-4570-BCD0-22634EF10D3D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {D340F70F-0FFD-44C7-843A-A5640C2331D0} - System32\Tasks\{A2F4C12E-3EF9-4656-BB9C-206EF85CE5D6} => C:\Users\Groskreutz Dell\AppData\Roaming\Smilebox\SmileboxStarter.exe [2012-09-04] (Smilebox, Inc.)
Task: {DC5D2E0A-12F1-4C20-BB39-767B6C35447A} - System32\Tasks\{7F79C3C0-F79C-4089-A378-8C1A5DEB1240} => C:\Users\Groskreutz Dell\AppData\Roaming\Smilebox\SmileboxStarter.exe [2012-09-04] (Smilebox, Inc.)
Task: {E9534D31-CAC4-458C-9752-6CAF05002E7F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {EE3EEF1B-D185-4A67-9735-8EB3770E21DC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2992228244-1796215829-932547055-1002Core.job => C:\Users\Groskreutz Dell\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2992228244-1796215829-932547055-1002UA.job => C:\Users\Groskreutz Dell\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-04-15 11:36 - 2013-03-14 23:16 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-09-15 18:46 - 2011-09-15 18:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-07 08:57 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-18 06:34 - 2015-01-27 10:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-06-14 12:02 - 2015-02-27 17:44 - 05886272 ____H () C:\Users\Groskreutz Dell\AppData\Local\Amazon Music\Amazon Music Helper.exe
2012-01-02 23:22 - 2011-07-19 17:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-01-02 22:26 - 2010-12-17 11:25 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2011-09-15 18:46 - 2011-09-15 18:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2010-11-17 11:35 - 2010-11-17 11:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2012-01-02 22:41 - 2011-09-22 11:14 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2015-01-20 23:35 - 2015-01-20 23:35 - 00306984 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2010-11-24 23:44 - 2010-11-24 23:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2014-08-24 12:53 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-24 12:53 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-24 12:53 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-03-18 06:34 - 2015-01-27 09:13 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-03-11 14:19 - 2015-03-07 01:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
2015-03-11 14:19 - 2015-03-07 01:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll
2015-03-11 14:19 - 2015-03-07 01:13 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll
2015-03-11 14:19 - 2015-03-07 01:13 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Groskreutz Dell\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.10.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2992228244-1796215829-932547055-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2992228244-1796215829-932547055-1005 - Limited - Enabled)
Groskreutz Dell (S-1-5-21-2992228244-1796215829-932547055-1002 - Administrator - Enabled) => C:\Users\Groskreutz Dell
Guest (S-1-5-21-2992228244-1796215829-932547055-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2992228244-1796215829-932547055-1007 - Limited - Enabled)
UpdatusUser (S-1-5-21-2992228244-1796215829-932547055-1000 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/20/2015 02:48:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1997
 
Error: (03/20/2015 02:48:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1997
 
Error: (03/20/2015 02:48:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/20/2015 02:48:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998
 
Error: (03/20/2015 02:48:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 998
 
Error: (03/20/2015 02:48:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/19/2015 11:38:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (03/19/2015 11:38:08 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (03/19/2015 11:37:38 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/19/2015 02:25:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5148
 
 
System errors:
=============
Error: (03/20/2015 08:09:45 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR3.
 
Error: (03/19/2015 08:51:54 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (03/19/2015 06:17:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (03/19/2015 06:17:29 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (03/19/2015 06:15:52 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (03/19/2015 06:15:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
%%1053
 
Error: (03/19/2015 06:15:25 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (03/19/2015 06:14:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
%%1053
 
Error: (03/19/2015 06:14:08 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (03/19/2015 06:07:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (03/20/2015 02:48:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1997
 
Error: (03/20/2015 02:48:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1997
 
Error: (03/20/2015 02:48:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/20/2015 02:48:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998
 
Error: (03/20/2015 02:48:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 998
 
Error: (03/20/2015 02:48:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/19/2015 11:38:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Program Files (x86)\Cozi Express\CoziExpress.exe
 
Error: (03/19/2015 11:38:08 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8
 
Error: (03/19/2015 11:37:38 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
 
Error: (03/19/2015 02:25:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5148
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2760QM CPU @ 2.40GHz
Percentage of memory in use: 36%
Total physical RAM: 8086.17 MB
Available physical RAM: 5116.88 MB
Total Pagefile: 16170.52 MB
Available Pagefile: 12397.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:105.25 GB) NTFS
Drive d: () (Fixed) (Total:465.76 GB) (Free:326.79 GB) NTFS
Drive h: (Seagate Backup Plus Drive) (Fixed) (Total:1863.01 GB) (Free:402.79 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:19.53 GB) (Free:10.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8BF6178C)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: C64C6F99)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

I do not have the Windows CD/DVD.  Thanks.



#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:28 AM

Posted 21 March 2015 - 11:23 AM

Hello again,
 
The help is my pleasure! :thumbup2:
 
Your machine is infected with Poweliks, one of the latest malware vectors that doesn't actually use files/folders. This infection exists only in the registry, and runs from there as well. In addition to Poweliks, there is quite a bit of other malware residing on your system (an open proxy, many malware files loading, many loading points, etc.)...but not to worry, this is all fixable!

 

I would suggest that you backup any important files you need to save before you continue, just in case. I'm not expecting you to lose anything at all, but this is just to be careful because on very rare occasion, things can go wrong.
 
Also, you may want to make sure FRST64.exe is located on the Desktop. The fixlist you're going to download and save (in step 2 below), must be saved in the same location as FRST64.exe is located.
From your log:

2015-03-20 21:51 - 2015-03-20 21:51 - 02095616 _____ (Farbar) C:\Users\Groskreutz Dell\Downloads\FRST64 (2).exe
2015-03-20 21:51 - 2015-03-20 21:51 - 02095616 _____ (Farbar) C:\Users\Groskreutz Dell\Downloads\FRST64 (1).exe
2015-03-20 21:50 - 2015-03-20 21:51 - 02095616 _____ (Farbar) C:\Users\Groskreutz Dell\Downloads\FRST64.exe

It looks like you downloaded FRST a few times and they're all in the Downloads folder...and FRST is also being run from the Downloads folder (also from your log):

Running from C:\Users\Groskreutz Dell\Downloads

 
So either, you can download the fixlist to the downloads folder and keep going back to that for using this tool...or you can move a copy of FRST64.exe to the desktop and it will be easily found that way and easily removed once we're done with the cleaning. :wink:  Once you move FRST64.exe to the desktop, you may also remove the ones found in the downloads folder.
 
Okay, now let's move on to phase one of removal! :)
 
==========
 
Step :step1:

Warning!!:
 
I do not see an antivirus program running on your computer! I would highly suggest you run an antivirus program, but this must wait until we remove the malware from your system first.
 
I will let you know when it's time to install one, and I will provide you with some suggestions (including free antivirus suggestions). :wink:
 
==========

Step :step2:

We need to run a fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Attached File  fixlist.txt   17.81KB   3 downloads
  • Run FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

==========

Step :step3:

I see you have MalwareBytes Antimalware (aka MBAM) installed on your computer. Please update MBAM, run a HyperScan, then post the resultant log in your next reply.

==========
 

In your next reply, please include the following:

  • The Fixlog.txt from FRST
  • The MBAM log
  • Please let me know how the computer is running after the above fixes!!

bloopie



#7 foofighter1971

foofighter1971
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 21 March 2015 - 12:40 PM

I have both the FRST64.exe file and fixlist.txt files on my desktop.  Before I run FRST64.exe, is this correct? 



#8 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:28 AM

Posted 21 March 2015 - 02:01 PM

Yes, that is correct. :wink:

You may go ahead with the fix.

bloopie

#9 foofighter1971

foofighter1971
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 21 March 2015 - 05:54 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Groskreutz Dell at 2015-03-21 17:28:52 Run:1
Running from C:\Users\Groskreutz Dell\Desktop
Loaded Profiles: Groskreutz Dell (Available profiles: UpdatusUser & Groskreutz Dell)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
CreateRestorePoint:
RemoveProxy:
HKLM-x32\...\Run: [] => [X]
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
Winlogon\Notify\ivijios-x32: C:\Users\Groskreutz Dell\AppData\Local\ivijios.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\Run: [suxwysoaw] => regsvr32.exe /s "C:\Users\Groskreutz Dell\AppData\Local\The Lord of the Rings Online\suxwysoaw.dll" <===== ATTENTION
C:\Users\Groskreutz Dell\AppData\Local\The Lord of the Rings Online\suxwysoaw.dll
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\Run: [ivijios] => rundll32 "C:\Users\Groskreutz Dell\AppData\Local\ivijios.dll",ivijios <===== ATTENTION
C:\Users\Groskreutz Dell\AppData\Local\ivijios.dll
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\Run: [VoleReqz] => regsvr32.exe "C:\ProgramData\VoleReqz\VoleReqz.dat"
C:\ProgramData\VoleReqz\VoleReqz.dat
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\Run: [Svc2dll] => C:\Users\Groskreutz Dell\AppData\Local\svcxdcl32.exe
C:\Users\Groskreutz Dell\AppData\Local\svcxdcl32.exe
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\Run: [LarvaKwulu] => regsvr32.exe "C:\ProgramData\LarvaKwulu\LarvaKwulu.dat"
C:\ProgramData\LarvaKwulu\LarvaKwulu.dat
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\Run: [DellSystemDetect] => C:\Users\Groskreutz Dell\AppData\Local\Apps\2.0\5DWL199K.LKT\HCLPBTA2.GGZ\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe [264488 2014-11-01] (Dell)
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\RunOnce: [Uninstall C:\Users\Groskreutz Dell\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Groskreutz Dell\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\RunOnce: [Uninstall C:\Users\Groskreutz Dell\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Groskreutz Dell\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811"
C:\Users\Groskreutz Dell\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112
C:\Users\Groskreutz Dell\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\MountPoints2: F - F:\Autorun.exe
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...\MountPoints2: I - I:\Autorun.exe
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2992228244-1796215829-932547055-1002\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-2992228244-1796215829-932547055-1002] => http=127.0.0.1:59089;https=127.0.0.1:59089
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
SearchScopes: HKLM -> DefaultScope {D4D60379-D8AE-4C6A-B2BC-8CFA35743316} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {D4D60379-D8AE-4C6A-B2BC-8CFA35743316} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {D4D60379-D8AE-4C6A-B2BC-8CFA35743316} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {D4D60379-D8AE-4C6A-B2BC-8CFA35743316} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2992228244-1796215829-932547055-1002 -> {C4EF8B7E-968B-4166-B8CC-3F0AAB229E28} URL = 
BHO-x32: No Name -> {2CEBF6C7-2B40-469B-B5D5-CD3F3676C3C4} ->  No File
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622184537.dll No File
Toolbar: HKU\S-1-5-21-2992228244-1796215829-932547055-1002 -> No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin HKU\S-1-5-21-2992228244-1796215829-932547055-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Groskreutz Dell\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
FF Plugin HKU\S-1-5-21-2992228244-1796215829-932547055-1002: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Groskreutz Dell\AppData\Roaming\Catalina – Print Savings\npBcsKtTcIO.dll [2013-06-07] (Catalina Marketing Corporation)
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Groskreutz Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx [Not Found]
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)
C:\Program Files (x86)\Coupons\CouponPrinterService.exe
2015-03-20 21:52 - 2015-03-20 21:53 - 00039909 _____ () C:\Users\Groskreutz Dell\Downloads\FRST.txt
2015-03-20 21:51 - 2015-03-20 21:51 - 02095616 _____ (Farbar) C:\Users\Groskreutz Dell\Downloads\FRST64 (2).exe
2015-03-20 21:51 - 2015-03-20 21:51 - 02095616 _____ (Farbar) C:\Users\Groskreutz Dell\Downloads\FRST64 (1).exe
2012-04-01 16:38 - 2012-04-14 08:46 - 0000462 _____ () C:\Users\Groskreutz Dell\AppData\Roaming\Rim.Desktop.Exception.log
2012-04-01 16:38 - 2012-04-01 16:38 - 0001153 _____ () C:\Users\Groskreutz Dell\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-04-01 16:38 - 2012-04-14 08:46 - 0000462 _____ () C:\Users\Groskreutz Dell\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-11-09 03:49 - 2014-11-09 03:49 - 0000448 ____H () C:\Users\Groskreutz Dell\AppData\Roaming\麽鎒駓覜
C:\Users\Groskreutz Dell\g2ax_expert_downloadhelper_win32_x86.exe
C:\Users\Groskreutz Dell\AppData\Local\Temp\2EB4.exe
C:\Users\Groskreutz Dell\AppData\Local\Temp\APNSetup.exe
C:\Users\Groskreutz Dell\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Groskreutz Dell\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Groskreutz Dell\AppData\Local\Temp\Quarantine.exe
C:\Users\Groskreutz Dell\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Groskreutz Dell\AppData\Local\Temp\sqlite3.dll
C:\Users\Groskreutz Dell\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Windows\System32\fnzavqh.dll
CustomCLSID: HKU\S-1-5-21-2992228244-1796215829-932547055-1002_Classes\CLSID\{caffac23-bb21-4945-8574-40cf5a940ad0}\InprocServer32 -> C:\Users\Groskreutz Dell\AppData\Roaming\Catalina – Print Savings\npBcsKtTcIO.dll (Catalina Marketing Corporation)
CustomCLSID: HKU\S-1-5-21-2992228244-1796215829-932547055-1002_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
 
*****************
 
"HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" => Key deleted successfully.
Restore point was successfully created.
 
========= RemoveProxy: =========
 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
 
 
========= End of RemoveProxy: =========
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ivijios" => Key deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\Software\Microsoft\Windows\CurrentVersion\Run\\suxwysoaw => value deleted successfully.
"C:\Users\Groskreutz Dell\AppData\Local\The Lord of the Rings Online\suxwysoaw.dll" => File/Directory not found.
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\Software\Microsoft\Windows\CurrentVersion\Run\\ivijios => value deleted successfully.
"C:\Users\Groskreutz Dell\AppData\Local\ivijios.dll" => File/Directory not found.
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\Software\Microsoft\Windows\CurrentVersion\Run\\VoleReqz => value deleted successfully.
C:\ProgramData\VoleReqz\VoleReqz.dat => Moved successfully.
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Svc2dll => value deleted successfully.
"C:\Users\Groskreutz Dell\AppData\Local\svcxdcl32.exe" => File/Directory not found.
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\Software\Microsoft\Windows\CurrentVersion\Run\\LarvaKwulu => value deleted successfully.
"C:\ProgramData\LarvaKwulu\LarvaKwulu.dat" => File/Directory not found.
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\Software\Microsoft\Windows\CurrentVersion\Run\\DellSystemDetect => value deleted successfully.
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Groskreutz Dell\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112 => value deleted successfully.
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Groskreutz Dell\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811 => value deleted successfully.
"C:\Users\Groskreutz Dell\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112" => File/Directory not found.
"C:\Users\Groskreutz Dell\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811" => File/Directory not found.
"HKU\S-1-5-21-2992228244-1796215829-932547055-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => Key deleted successfully.
"HKU\S-1-5-21-2992228244-1796215829-932547055-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I" => Key deleted successfully.
"HKU\S-1-5-21-2992228244-1796215829-932547055-1002\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-2992228244-1796215829-932547055-1002\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-2992228244-1796215829-932547055-1002\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found. 
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D4D60379-D8AE-4C6A-B2BC-8CFA35743316}" => Key deleted successfully.
HKCR\CLSID\{D4D60379-D8AE-4C6A-B2BC-8CFA35743316} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D4D60379-D8AE-4C6A-B2BC-8CFA35743316}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D4D60379-D8AE-4C6A-B2BC-8CFA35743316} => Key not found. 
"HKU\S-1-5-21-2992228244-1796215829-932547055-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A0B44D9C-F922-46AA-B26E-443D1CEF7394}" => Key deleted successfully.
HKCR\CLSID\{A0B44D9C-F922-46AA-B26E-443D1CEF7394} => Key not found. 
"HKU\S-1-5-21-2992228244-1796215829-932547055-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C4EF8B7E-968B-4166-B8CC-3F0AAB229E28}" => Key deleted successfully.
HKCR\CLSID\{C4EF8B7E-968B-4166-B8CC-3F0AAB229E28} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2CEBF6C7-2B40-469B-B5D5-CD3F3676C3C4}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2CEBF6C7-2B40-469B-B5D5-CD3F3676C3C4} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}" => Key deleted successfully.
HKU\S-1-5-21-2992228244-1796215829-932547055-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4F524A2D-5350-4500-76A7-7A786E7484D7} => value deleted successfully.
HKCR\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7} => Key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKU\S-1-5-21-2992228244-1796215829-932547055-1002\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0" => Key deleted successfully.
C:\Users\Groskreutz Dell\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll not found.
"HKU\S-1-5-21-2992228244-1796215829-932547055-1002\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator" => Key deleted successfully.
C:\Users\Groskreutz Dell\AppData\Roaming\Catalina – Print Savings\npBcsKtTcIO.dll => Moved successfully.
C:\Users\Groskreutz Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf" => Key deleted successfully.
CouponPrinterService => Service stopped successfully.
CouponPrinterService => Service deleted successfully.
C:\Program Files (x86)\Coupons\CouponPrinterService.exe => Moved successfully.
"C:\Users\Groskreutz Dell\Downloads\FRST.txt" => File/Directory not found.
"C:\Users\Groskreutz Dell\Downloads\FRST64 (2).exe" => File/Directory not found.
"C:\Users\Groskreutz Dell\Downloads\FRST64 (1).exe" => File/Directory not found.
C:\Users\Groskreutz Dell\AppData\Roaming\Rim.Desktop.Exception.log => Moved successfully.
C:\Users\Groskreutz Dell\AppData\Roaming\Rim.Desktop.HttpServerSetup.log => Moved successfully.
C:\Users\Groskreutz Dell\AppData\Roaming\Rim.DesktopHelper.Exception.log => Moved successfully.
C:\Users\Groskreutz Dell\AppData\Roaming\麽鎒駓覜 => Moved successfully.
C:\Users\Groskreutz Dell\g2ax_expert_downloadhelper_win32_x86.exe => Moved successfully.
C:\Users\Groskreutz Dell\AppData\Local\Temp\2EB4.exe => Moved successfully.
C:\Users\Groskreutz Dell\AppData\Local\Temp\APNSetup.exe => Moved successfully.
C:\Users\Groskreutz Dell\AppData\Local\Temp\jre-8u31-windows-au.exe => Moved successfully.
C:\Users\Groskreutz Dell\AppData\Local\Temp\MSETUP4.EXE => Moved successfully.
C:\Users\Groskreutz Dell\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Groskreutz Dell\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll => Moved successfully.
C:\Users\Groskreutz Dell\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Groskreutz Dell\AppData\Local\Temp\vlc-2.1.5-win32.exe => Moved successfully.
C:\Windows\System32\fnzavqh.dll => Moved successfully.
"HKU\S-1-5-21-2992228244-1796215829-932547055-1002_Classes\CLSID\{caffac23-bb21-4945-8574-40cf5a940ad0}" => Key deleted successfully.
HKU\S-1-5-21-2992228244-1796215829-932547055-1002_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} => Key not found. 
 
==== End of Fixlog 17:29:46 ====
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/21/2015
Scan Time: 5:32:53 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.03.21.06
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Groskreutz Dell
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 404382
Time Elapsed: 20 min, 0 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 5
PUP.Optional.CrossRider.A, C:\Users\Groskreutz Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd, , [d753fc4cec9e86b00beb88f1d52efa06], 
PUP.Optional.CrossRider.A, C:\Users\Groskreutz Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\0.1_0, , [d753fc4cec9e86b00beb88f1d52efa06], 
PUP.Optional.CrossRider.A, C:\Users\Groskreutz Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\0.1_0\_metadata, , [d753fc4cec9e86b00beb88f1d52efa06], 
PUP.Optional.NewPlayer.A, C:\Users\Groskreutz Dell\AppData\Local\com\NewPlayer.exe_Url_o4dtzvfairwgx2aefcjiiv2m5z1q0lha, , [002a11375a30e05683c34a5cbb480af6], 
PUP.Optional.NewPlayer.A, C:\Users\Groskreutz Dell\AppData\Local\com\NewPlayer.exe_Url_o4dtzvfairwgx2aefcjiiv2m5z1q0lha\2.1.1.7, , [002a11375a30e05683c34a5cbb480af6], 
 
Files: 3
PUP.Optional.CrossRider.A, C:\Users\Groskreutz Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\0.1_0\_metadata\computed_hashes.json, , [d753fc4cec9e86b00beb88f1d52efa06], 
PUP.Optional.CrossRider.A, C:\Users\Groskreutz Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\0.1_0\_metadata\verified_contents.json, , [d753fc4cec9e86b00beb88f1d52efa06], 
PUP.Optional.NewPlayer.A, C:\Users\Groskreutz Dell\AppData\Local\com\NewPlayer.exe_Url_o4dtzvfairwgx2aefcjiiv2m5z1q0lha\2.1.1.7\user.config, , [002a11375a30e05683c34a5cbb480af6], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#10 foofighter1971

foofighter1971
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 21 March 2015 - 06:03 PM

It appears that the pop ups have stopped - thank you.



#11 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:28 AM

Posted 21 March 2015 - 06:14 PM

I'm glad to hear things are looking better, and it looks like we've taken care of the bad stuff successfully! You are doing very well! :clapping:

Now, we've got to check for some other leftovers that didn't show up in the initial log. :)

Okay, please run this tool for me next and post the resultant log:

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
bloopie

P.S.--I will remove my cross-posted question to keep the topic clean.

#12 foofighter1971

foofighter1971
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 21 March 2015 - 07:11 PM

# AdwCleaner v4.112 - Logfile created 21/03/2015 at 19:03:16
# Updated 09/03/2015 by Xplode
# Database : 2015-03-21.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Groskreutz Dell - GROSKREUTZDELL
# Running from : C:\Users\Groskreutz Dell\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Windows\DtcInstall.log
File Found : C:\Windows\TSSysprep.log
Folder Found : C:\Program Files (x86)\Coupons
Folder Found : C:\Program Files (x86)\Coupons
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Found : C:\Users\GROSKR~1\AppData\Local\Temp\apn
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : HKLM\SOFTWARE\Taronja
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17689
 
 
-\\ Google Chrome v41.0.2272.101
 
 
-\\ Chromium v
 
*************************
 
AdwCleaner[R0].txt - [7298 bytes] - [01/12/2014 09:07:19]
AdwCleaner[R1].txt - [1999 bytes] - [21/03/2015 19:03:16]
AdwCleaner[S0].txt - [7419 bytes] - [01/12/2014 09:09:14]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2117 bytes] ##########


#13 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:28 AM

Posted 21 March 2015 - 08:09 PM

Hello again,

It looks like you just ran this program in December of 2014, so this log is pretty clean. It's safe to run the Clean function with this tool. Once that's done, then we'll run one last scan with an online scanner (ESET) to make sure there are no file infectors on board. Just to let you know, this scan may take some time.

After this last scan with ESET, we'll remove what it found (if needed), and then we'll get you an Antivirus Program installed and you'll be ready to go again! :wink: Instructions for all are below:

Step :step1:

Double click on AdwCleaner.exe to run the tool again. Vista/Windows 7/8 users right-click and select Run As Administrator

  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished, this time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

==========

Step :step2:

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection and the size of your hard drive.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Now click on: EOLS4.gif

==========

Please post both requested logs for me in your next reply, and let me know if you had any trouble with the above steps!

Also, please confirm that your machine is still running okay! If there are any changes to the performance of the machine at any point from here on, please let me know!

bloopie


Edited by bloopie, 21 March 2015 - 08:11 PM.
Edited to correct a typo


#14 foofighter1971

foofighter1971
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 22 March 2015 - 07:25 AM

C:\AdwCleaner\Quarantine\C\Program Files\Web Assistant\DGChrome.exe.vir    a variant of Win32/Toolbar.Perion.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Web Assistant\InstallerHelper.dll.vir    a variant of Win32/Toolbar.BitCocktail.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Web Assistant\source.crx.vir    Win32/Toolbar.Perion.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Web Assistant\Firefox\chrome\content\main.js.vir    Win32/Toolbar.Perion.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3289847\plugins\TBVerifier.dll.vir    Win32/Toolbar.Conduit.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Uninstaller\Uninstall.exe.vir    a variant of MSIL/DomaIQ.A potentially unwanted application
C:\FRST\Quarantine\C\ProgramData\VoleReqz\VoleReqz.dat.xBAD    a variant of Win32/Kryptik.CWRY trojan
C:\FRST\Quarantine\C\Users\Groskreutz Dell\AppData\Local\Temp\APNSetup.exe.xBAD    a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe    a variant of Win32/HiddenStart.A potentially unsafe application
C:\ProgramData\Spybot - Search & Destroy\Recovery\VuuPC2.zip    Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\VuuPC3.zip    Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\VuuPC4.zip    Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\VuuPC2.zip    Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\VuuPC3.zip    Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\VuuPC4.zip    Win32/Bagle.gen.zip worm
C:\Users\Groskreutz Dell\AppData\Local\nsgFF05.tmp    Win32/AnyProtect.E potentially unwanted application
C:\Users\Groskreutz Dell\AppData\Local\Google\Chrome\User Data\Default\Default\aagabhjkljcnmhgdglbagpmdipelnjee\background.html    Win32/BHO.OEI trojan
C:\Users\Groskreutz Dell\AppData\Local\Google\Chrome\User Data\Default\Default\aagabhjkljcnmhgdglbagpmdipelnjee\ContentScript.js    Win32/TrojanDownloader.Tracur.AD trojan
C:\Users\Groskreutz Dell\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000    a variant of Win32/DomaIQ.AZ potentially unwanted application
C:\Users\Groskreutz Dell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1POURLF6\Gq8Js.exe    Win32/Boaxxe.BR trojan
C:\Users\Groskreutz Dell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\3ba5fb36-61bf2182    multiple threats
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[1]    a variant of Win32/Toolbar.Perion.A potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[1]    a variant of Win32/Toolbar.Perion.A potentially unwanted application
 

# AdwCleaner v4.112 - Logfile created 21/03/2015 at 19:16:51
# Updated 09/03/2015 by Xplode
# Database : 2015-03-21.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Groskreutz Dell - GROSKREUTZDELL
# Running from : C:\Users\Groskreutz Dell\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\Program Files (x86)\Coupons
Folder Deleted : C:\Users\GROSKR~1\AppData\Local\Temp\apn
File Deleted : C:\Windows\DtcInstall.log
File Deleted : C:\Windows\TSSysprep.log

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : HKLM\SOFTWARE\Taronja
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Google Chrome v41.0.2272.101


-\\ Chromium v


*************************

AdwCleaner[R0].txt - [7298 bytes] - [01/12/2014 09:07:19]
AdwCleaner[R1].txt - [2204 bytes] - [21/03/2015 19:03:16]
AdwCleaner[S0].txt - [7419 bytes] - [01/12/2014 09:09:14]
AdwCleaner[S1].txt - [2031 bytes] - [21/03/2015 19:16:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2090  bytes] ##########
 

 

Everything seems to be running OK



#15 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:28 AM

Posted 22 March 2015 - 11:46 AM

Hello again (sorry for the delay this a.m.),

Excellent, glad to hear that! :)

Now we'll be removing a few things found by ESET with one last FRST fix. Then I'd like to see one more fresh FRST scan, and we'll talk about antivirus, and finally remove our tools to conclude. Sound good? :)

I'm going to work on the next steps right now, and I should be back in a little while (about 10 minutes)!

bloopie




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users