Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Desktop computer is being prevented from connecting to internet [Solve


  • This topic is locked This topic is locked

#1
Whenwilljack

Whenwilljack

    New Member

  • Member
  • Pip
  • 3 posts

Hi all,

 

Recently my desktop has been having some virus/ Trojan issues. It started with frequent pop-ups for random stuff, seemingly all originating from the same place (tr355.com I believe). I thought I had this under control but now I can't connect to the internet despite my computer saying I'm connected. I'm pretty sure the machine is compromised.

 

My system is Windows 7 64-bit and I run MS Essentials and Spybot. I also have Malwarebytes but since this problem started I have not been able to open the program nor uninstall it which may or may not be connected (error message says DNSAPI.dll is missing).

 

Please find my FRST logs below and thanks in advance for any help you can provide:

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-10-2015 01
Ran by Jason (administrator) on JASON-PC (15-10-2015 22:12:56)
Running from F:\
Loaded Profiles: Jason (Available Profiles: Jason & UpdatusUser & Yasmin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Alcatel-Lucent) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Joyent, Inc) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5015040 2012-02-09] (VIA)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2397426977-320329473-1663795368-1000\...\MountPoints2: {53b99dad-c8c6-11e3-993b-60a44c38a055} - F:\setup_vmb_lite.exe /checkApplicationPresence
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-09-25] (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{9ABD9D69-1B8D-4136-8A4D-C764ADF807A0}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{C3222356-2B83-465B-8111-3D9F5371C4AF}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-2397426977-320329473-1663795368-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
HKU\S-1-5-21-2397426977-320329473-1663795368-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-09-11] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-09-12] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-12] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-23] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-10-31] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2012-10-05] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2397426977-320329473-1663795368-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Jason\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-08-22] (Citrix Online)
FF Plugin HKU\S-1-5-21-2397426977-320329473-1663795368-1000: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [No File]

Chrome:
=======
CHR HomePage: Default -> hxxps://uk.search.yahoo.com/?type=926458&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxps://uk.search.yahoo.com/?type=926458&fr=yo-yhp-ch",null,null,null,null,null,null,null,null,null,null,null,null,null,"hxxp://www.google.com/"
CHR Profile: C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-29]
CHR Extension: (Google Docs) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-29]
CHR Extension: (Google Drive) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-29]
CHR Extension: (YouTube) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-29]
CHR Extension: (Google Search) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-29]
CHR Extension: (Google Sheets) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-29]
CHR Extension: (Google Docs Offline) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (Avast Online Security) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-08-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-29]
CHR Extension: (Gmail) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BT Help Wizard; C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467256 2013-11-11] (Alcatel-Lucent)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-11] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2014-08-27] (Emsisoft GmbH)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-08-27] (Emsisoft GmbH)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-15 22:12 - 2015-10-15 22:13 - 00000000 ____D C:\FRST
2015-10-12 23:18 - 2015-10-15 22:11 - 00000962 _____ C:\Windows\setupact.log
2015-10-12 23:18 - 2015-10-12 23:18 - 00000000 _____ C:\Windows\setuperr.log
2015-10-12 23:17 - 2015-10-15 07:46 - 00065257 _____ C:\Windows\WindowsUpdate.log
2015-10-08 23:11 - 2015-10-08 23:11 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.txt
2015-10-05 10:51 - 2015-10-05 10:51 - 00001413 _____ C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-02 02:25 - 2015-10-05 10:15 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-29 14:25 - 2015-09-29 14:25 - 00232057 _____ C:\Users\Jason\Downloads\TENANT DETAILS.pages
2015-09-23 11:21 - 2015-09-23 11:21 - 18819272 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-09-17 00:51 - 2015-09-17 00:54 - 00000000 ____D C:\EEK
2015-09-17 00:51 - 2015-09-17 00:51 - 00000743 _____ C:\Users\Jason\Desktop\Start Emsisoft Emergency Kit.lnk
2015-09-17 00:38 - 2015-09-17 00:50 - 164525784 _____ C:\Users\Jason\Downloads\EmsisoftEmergencyKit.exe
2015-09-16 20:39 - 2015-09-15 20:02 - 01798976 _____ (Malwarebytes) C:\Users\Jason\Desktop\JRT.exe
2015-09-16 19:10 - 2015-10-05 15:43 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-16 19:10 - 2015-09-16 19:11 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-16 19:10 - 2015-09-16 19:10 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-16 19:10 - 2015-09-16 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-16 19:10 - 2015-09-16 19:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-16 19:10 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-16 19:10 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-16 18:21 - 2015-10-13 07:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-16 18:21 - 2015-09-23 11:21 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-16 18:21 - 2015-09-23 11:21 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-16 18:21 - 2015-09-23 11:21 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-16 18:20 - 2015-09-16 18:20 - 00000000 ____D C:\Windows\system32\Macromed
2015-09-16 18:19 - 2015-09-16 20:39 - 00000000 ____D C:\Users\Jason\AppData\Local\LeapFrogConnect
2015-09-16 18:19 - 2015-09-16 18:19 - 00000946 _____ C:\Users\Public\Desktop\LeapFrog Connect.lnk
2015-09-16 18:19 - 2015-09-16 18:19 - 00000000 ____D C:\Program Files\DIFX
2015-09-16 18:18 - 2015-09-16 18:18 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-09-16 18:18 - 2015-09-16 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeapFrog Connect
2015-09-16 18:14 - 2015-09-16 18:18 - 00000000 ____D C:\Program Files (x86)\LeapFrog
2015-09-16 18:14 - 2015-09-16 18:14 - 00000000 ____D C:\ProgramData\Leapfrog
2015-09-16 18:13 - 2015-09-16 18:14 - 12924536 _____ (LeapFrog Enterprises, Inc.) C:\Users\Jason\Downloads\LeapFrogConnectSetup_LeapReader.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-15 22:10 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-15 07:39 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-15 07:39 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-13 07:23 - 2015-06-16 10:12 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2397426977-320329473-1663795368-1000UA.job
2015-10-12 23:23 - 2015-06-16 10:12 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2397426977-320329473-1663795368-1000Core.job
2015-10-12 23:17 - 2015-08-05 14:30 - 00000000 ____D C:\Windows\pss
2015-10-05 12:29 - 2015-01-28 15:21 - 00000000 ____D C:\Users\Jason\Desktop\Yas other
2015-10-05 10:58 - 2013-08-07 01:11 - 00000000 ____D C:\Windows\Panther
2015-10-05 10:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2015-10-05 10:17 - 2013-08-06 20:20 - 00000000 ____D C:\Users\Jason
2015-10-05 10:15 - 2014-02-08 22:59 - 00000000 ____D C:\Users\Yasmin
2015-10-05 10:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2015-10-05 10:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2015-10-02 12:11 - 2014-10-02 16:26 - 00049664 _____ C:\Users\Jason\Desktop\Tenant Log.xls
2015-10-02 09:51 - 2013-08-09 15:19 - 00000000 ___RD C:\Users\Jason\Dropbox
2015-10-02 09:51 - 2013-08-09 15:16 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Dropbox
2015-09-30 13:37 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-09-29 22:03 - 2015-01-20 15:08 - 00018129 _____ C:\Users\Jason\Desktop\JDRenovations-2015.xlsx
2015-09-25 10:58 - 2013-08-09 17:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-25 10:56 - 2013-10-31 15:16 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-23 11:48 - 2013-08-09 14:51 - 00000000 ____D C:\Users\Jason\Desktop\Photos
2015-09-16 20:22 - 2015-08-06 21:50 - 00000000 ____D C:\AdwCleaner
2015-09-16 20:11 - 2015-08-29 15:17 - 00000000 ____D C:\Program Files\Google
2015-09-16 20:11 - 2015-08-03 10:07 - 00000000 ____D C:\ProgramData\AVAST Software
2015-09-16 20:11 - 2013-08-09 21:34 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-16 18:58 - 2013-08-09 21:34 - 00000000 ____D C:\Users\Jason\AppData\Local\Google
2015-09-16 18:33 - 2009-07-14 06:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-16 18:20 - 2013-08-14 12:21 - 00000000 ____D C:\Users\Jason\AppData\Local\Adobe

Some files in TEMP:
====================
C:\Users\Jason\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl_gygt.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2013-08-09 15:02] - [2015-07-31 11:02] - 0357888 ____A (Microsoft Corporation) 0128A7A7F2F464BE742D1A834085DEAF

C:\Windows\SysWOW64\dnsapi.dll IS MISSING <==== ATTENTION
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-10-12 23:51

==================== End of FRST.txt ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-10-2015 01
Ran by Jason (2015-10-15 22:13:58)
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) (2013-08-06 19:20:06)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2397426977-320329473-1663795368-500 - Administrator - Disabled)
Guest (S-1-5-21-2397426977-320329473-1663795368-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2397426977-320329473-1663795368-1008 - Limited - Enabled)
Jason (S-1-5-21-2397426977-320329473-1663795368-1000 - Administrator - Enabled) => C:\Users\Jason
UpdatusUser (S-1-5-21-2397426977-320329473-1663795368-1001 - Limited - Enabled) => C:\Users\UpdatusUser
Yasmin (S-1-5-21-2397426977-320329473-1663795368-1002 - Limited - Enabled) => C:\Users\Yasmin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
ATI Catalyst Install Manager (HKLM\...\{62140B07-129A-2BD0-81D2-2A1A7408ADC8}) (Version: 3.0.762.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BT Desktop Help (HKLM-x32\...\BT Desktop Help) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{307ECD26-43D7-4AD4-82CF-794B63EDF096}) (Version: 1.0.141 - Citrix)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-2397426977-320329473-1663795368-1000\...\Dropbox) (Version: 3.10.6 - Dropbox, Inc.)
ETX Capital MT4 (HKLM-x32\...\ETX Capital MT4) (Version: 4.00 - MetaQuotes Software Corp.)
FxPro - MetaTrader 4 (HKLM-x32\...\FxPro - MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
FxPro - MetaTrader 4 MultiTerminal (HKLM-x32\...\FxPro - MetaTrader 4 MultiTerminal) (Version: 4.00 - MetaQuotes Software Corp.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
GoToMeeting 6.0.0.1259 (HKU\S-1-5-21-2397426977-320329473-1663795368-1000\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline)
IG MetaTrader 4 Terminal (HKLM-x32\...\IG MetaTrader 4 Terminal) (Version: 4.00 - MetaQuotes Software Corp.)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 7.0.6.19846 - LeapFrog)
LeapFrog Connect (x32 Version: 7.0.6.19846 - LeapFrog) Hidden
LeapFrog LeapReader Plugin (x32 Version: 7.0.6.19846 - LeapFrog) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MetaTrader - One Financial (HKLM-x32\...\MetaTrader - One Financial) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4753.1003 - Microsoft Corporation)
Microsoft Office 365 Small Business Premium - en-us (HKLM\...\O365SmallBusPremRetail - en-us) (Version: 15.0.4753.1003 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2007 Trial (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 320.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.18 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
PDF reDirect (remove only) (HKLM-x32\...\PDF reDirect) (Version: v2.5.2 - EXP Systems LLC)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PrimeXM FX Bridge (HKLM-x32\...\PrimeXM FX Bridge) (Version: 4.00 - MetaQuotes Software Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapReader Plugin) (HKLM-x32\...\LeapReaderPlugin) (Version:  - LeapFrog)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2397426977-320329473-1663795368-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jason\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2397426977-320329473-1663795368-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Jason\AppData\Local\Citrix\GoToMeeting\1259\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2397426977-320329473-1663795368-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2397426977-320329473-1663795368-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2397426977-320329473-1663795368-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2397426977-320329473-1663795368-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2397426977-320329473-1663795368-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2397426977-320329473-1663795368-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2397426977-320329473-1663795368-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2397426977-320329473-1663795368-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2397426977-320329473-1663795368-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2397426977-320329473-1663795368-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

==================== Restore Points =========================

02-10-2015 10:01:14 Windows Update
05-10-2015 10:11:09 Windows Update
05-10-2015 10:12:28 Restore Operation
05-10-2015 10:27:32 Windows Update
05-10-2015 10:29:13 Windows Modules Installer
05-10-2015 10:33:45 Windows Modules Installer
08-10-2015 23:10:02 Windows Update
12-10-2015 23:30:35 Windows Update

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {041B77A4-6DE2-4DAB-BF16-457E8211D2BB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-23] (Adobe Systems Incorporated)
Task: {06383541-69DB-41C6-98BC-6905AC3E3D6B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2397426977-320329473-1663795368-1000Core => C:\Users\Jason\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {1D7789BC-4A58-4C3D-9FD6-17FA284DADF3} - System32\Tasks\JDDFNWGDJL1 => C:\ProgramData\TomorrowGames\TomorrowGames.exe <==== ATTENTION
Task: {1FE0FD58-5C83-4424-BA1D-4EE022D12CD4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {32F0EDB5-AD64-41E3-BB9D-B380148A6619} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {331347F9-BD6D-407D-A08A-EDAAD3A8EEC0} - \BitGuard -> No File <==== ATTENTION
Task: {3C735546-77D4-41F5-B1E5-57ACC309E38D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {4F4F7496-3933-460E-B647-52CCE5D8CBB3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {61C41618-5956-4B15-BBA3-19B75082D0A9} - System32\Tasks\{6E3A44BD-B596-489F-986A-D807BE56AD0A} => pcalua.exe -a C:\Users\Jason\AppData\Local\Temp\Temp1_Trade_Simulator_Installer.zip\Trade_Simulator_Installer.exe
Task: {704E20C1-9FBF-40A8-B274-ADD76B4C2B7F} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2397426977-320329473-1663795368-1000UA => C:\Users\Jason\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {84ED8E32-A917-4661-945D-008B467C674F} - \Elazt -> No File <==== ATTENTION
Task: {A4836E48-A123-43CF-8729-899A7948D2EC} - \LaunchPreSignup -> No File <==== ATTENTION
Task: {B6622DD9-C25F-4B14-A659-FE0C8B322CE1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {C80D76DC-70E3-4D49-B9BB-6B67E57D2C20} - \Optimizer Pro Schedule -> No File <==== ATTENTION
Task: {EE46173C-BD8A-48AE-9EA9-B6742C199883} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-09-12] (Microsoft Corporation)
Task: {F69A980D-5246-474D-986F-EB4FD9261954} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-05-16] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2397426977-320329473-1663795368-1000Core.job => C:\Users\Jason\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2397426977-320329473-1663795368-1000UA.job => C:\Users\Jason\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\JDDFNWGDJL1.job => C:\ProgramData\TomorrowGames\TomorrowGames.exe <==== ATTENTION
Task: C:\Windows\Tasks\Software Removal Tool logs upload retry.job => C:\Users\Jason\Downloads\chrome_cleanup_tool (1).exe

==================== Loaded Modules (Whitelisted) ==============

2013-08-06 22:37 - 2015-02-04 03:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-06-06 15:20 - 2010-06-06 15:20 - 00065344 _____ () C:\Windows\System32\PDFreDirectMon64.dll
2013-09-09 18:24 - 2013-08-26 13:12 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2014-04-20 22:15 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-09-16 18:20 - 2015-08-12 04:15 - 08900672 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2009-07-14 00:57 - 2009-07-14 02:40 - 00069120 _____ () C:\Windows\system32\BWContextHandler.dll
2013-08-06 20:24 - 2011-12-06 02:58 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-08-06 20:24 - 2011-12-06 02:58 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-07 18:58 - 2013-11-07 18:58 - 00244736 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
2013-11-07 18:58 - 2013-11-07 18:58 - 00271360 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
2013-11-07 18:57 - 2013-11-07 18:57 - 00237056 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
2013-04-24 08:55 - 2013-04-24 08:55 - 01581056 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\libxmljs\build\Release\xmljs.node
2013-04-18 17:55 - 2013-04-18 17:55 - 00068608 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node
2013-09-17 10:48 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-09-17 10:48 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-09-17 10:48 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-09-17 10:48 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-09-17 10:48 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Jason\Downloads\Re__2_Kinross_Avenue.eml:OECustomProperty

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 15751 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2397426977-320329473-1663795368-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Jason^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner => "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Monitor => "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{90F5A106-9A77-4BB7-BF32-DBE5FB662897}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{3D2439F3-4662-4024-BC28-F613E02AC227}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{17842360-2FFB-4B38-8228-800230394EE8}] => (Allow) C:\Users\Jason\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{AA546F60-E407-4870-A638-BD0A5CF57A84}] => (Allow) C:\Users\Jason\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{5B75C13A-6ED3-4B23-9D4F-247E5E222670}C:\users\jason\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\jason\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{25C328DE-6CF2-4D8B-B6C8-1A9B9B555CA2}C:\users\jason\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\jason\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{676487E1-127F-4627-81C0-5FC423B9DC03}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3018C1DB-302B-4213-A7BA-E05953819BBC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{FC028BAB-90FC-4DAF-9DDC-B9D55287D714}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{B98A4A16-0FDF-4039-97C3-306501223277}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2621C02E-A358-4886-B05D-3CB6B31AD3E8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6CA4F18C-DFE2-4311-A76E-1022A959CF7B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2A6EA142-5804-4129-8D2A-71CE29C4B3BE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{325C5ADC-744E-4670-99EE-AD5CF4466A06}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{D7A83312-34C0-4F6F-AFBD-5ACE9BC3EFF6}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{7E5E1091-9903-41D8-941A-EBC3CB331A38}] => (Allow) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
FirewallRules: [{3C49D080-07D3-4895-8FB2-222FB29EE9A0}] => (Allow) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
FirewallRules: [{CE511CF8-FD4B-4C3C-859E-7FA686CC161A}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
FirewallRules: [{7B278C33-0573-4671-AAE4-437A27D56953}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
FirewallRules: [{623DF68F-F634-4064-8BD5-790B4AEAA4DB}] => (Allow) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
FirewallRules: [{881FFA96-426D-4A27-BCFF-2E81F424971C}] => (Allow) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
FirewallRules: [{C74BB6FC-AB38-4ABF-8A90-D51CF5D22540}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{008E39A2-09D5-4947-A859-1F2B42A5DAA6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{3844D4AD-1961-4D89-BD68-14B41367F0C7}C:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe] => (Block) C:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe
FirewallRules: [UDP Query User{C1DFDA17-7CA8-45E6-B05E-04D8F9590DE4}C:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe] => (Block) C:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe
FirewallRules: [TCP Query User{2AFB05A4-8060-4818-A3C7-7F551A090042}C:\program files (x86)\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe] => (Block) C:\program files (x86)\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe
FirewallRules: [UDP Query User{5BB734A8-2ABB-4F95-9A56-9B5AF2800305}C:\program files (x86)\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe] => (Block) C:\program files (x86)\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe
FirewallRules: [TCP Query User{1FD5B09A-1A10-4913-983D-F65A0703E783}C:\program files (x86)\spybot - search & destroy 2\sdfiles.exe] => (Block) C:\program files (x86)\spybot - search & destroy 2\sdfiles.exe
FirewallRules: [UDP Query User{72DEC832-4314-470B-9ADC-34437B29F45F}C:\program files (x86)\spybot - search & destroy 2\sdfiles.exe] => (Block) C:\program files (x86)\spybot - search & destroy 2\sdfiles.exe
FirewallRules: [{96A9F75D-FFC8-48B0-80AE-422533E83D59}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: StorLib bus (virtual storages support)
Description: StorLib bus (virtual storages support)
Class Guid: {1378e71b-ab4d-4348-af26-cba56b12969e}
Manufacturer: SugarSync
Service: SSCBFS3
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/15/2015 10:11:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/15/2015 07:41:45 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {CB11E7EB-2253-44E0-AC7A-658494A526B6}

Error: (10/15/2015 07:41:45 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {CB11E7EB-2253-44E0-AC7A-658494A526B6}

Error: (10/15/2015 07:40:55 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936

Error: (10/15/2015 07:40:55 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {94CA0A43-A700-451C-ACDC-C90E38A26870}

Error: (10/15/2015 07:40:55 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {94CA0A43-A700-451C-ACDC-C90E38A26870}

Error: (10/15/2015 07:31:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2015 11:51:35 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (10/12/2015 11:29:08 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936

Error: (10/12/2015 11:29:08 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {69EA2CAE-A04A-4418-B793-39523C96E5C9}

System errors:
=============
Error: (10/15/2015 10:12:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/15/2015 10:11:06 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (10/15/2015 10:11:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMService service failed to start due to the following error:
%%1053

Error: (10/15/2015 10:11:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.

Error: (10/15/2015 07:46:45 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (10/15/2015 07:46:41 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (10/15/2015 07:40:52 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (10/15/2015 07:40:47 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (10/15/2015 07:32:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/15/2015 07:32:05 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

==================== Memory info ===========================

Processor: AMD FX™-4130 Quad-Core Processor
Percentage of memory in use: 19%
Total physical RAM: 7918.12 MB
Available physical RAM: 6390.61 MB
Total Virtual: 15834.43 MB
Available Virtual: 14258 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:330.88 GB) NTFS
Drive f: (USB2) (Removable) (Total:3.73 GB) (Free:3.7 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 3.7 GB) (Disk ID: 08BD7FCF)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0C)

==================== End of Addition.txt ============================


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Try the internet after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Task: {1D7789BC-4A58-4C3D-9FD6-17FA284DADF3} - System32\Tasks\JDDFNWGDJL1 => C:\ProgramData\TomorrowGames\TomorrowGames.exe <==== ATTENTION
Task: {331347F9-BD6D-407D-A08A-EDAAD3A8EEC0} - \BitGuard -> No File <==== ATTENTION
Task: {84ED8E32-A917-4661-945D-008B467C674F} - \Elazt -> No File <==== ATTENTION
Task: {A4836E48-A123-43CF-8729-899A7948D2EC} - \LaunchPreSignup -> No File <==== ATTENTION
Task: {C80D76DC-70E3-4D49-B9BB-6B67E57D2C20} - \Optimizer Pro Schedule -> No File <==== ATTENTION
Task: C:\Windows\Tasks\JDDFNWGDJL1.job => C:\ProgramData\TomorrowGames\TomorrowGames.exe <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
C:\ProgramData\TomorrowGames
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
cmd: sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll
cmd: sfc /scanfile=C:\Windows\system32\dnsapi.dll
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#3
Whenwilljack

Whenwilljack

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Thanks very much for the reply - the internet is indeed back up so great work!

 

Please find the new log below. Please advise if I need to carry out further steps:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:17-10-2015
Ran by Jason (2015-10-18 11:25:50) Run:1
Running from F:\
Loaded Profiles: Jason (Available Profiles: Jason & UpdatusUser & Yasmin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Task: {1D7789BC-4A58-4C3D-9FD6-17FA284DADF3} - System32\Tasks\JDDFNWGDJL1 => C:\ProgramData\TomorrowGames\TomorrowGames.exe <==== ATTENTION
Task: {331347F9-BD6D-407D-A08A-EDAAD3A8EEC0} - \BitGuard -> No File <==== ATTENTION
Task: {84ED8E32-A917-4661-945D-008B467C674F} - \Elazt -> No File <==== ATTENTION
Task: {A4836E48-A123-43CF-8729-899A7948D2EC} - \LaunchPreSignup -> No File <==== ATTENTION
Task: {C80D76DC-70E3-4D49-B9BB-6B67E57D2C20} - \Optimizer Pro Schedule -> No File <==== ATTENTION
Task: C:\Windows\Tasks\JDDFNWGDJL1.job => C:\ProgramData\TomorrowGames\TomorrowGames.exe <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
C:\ProgramData\TomorrowGames
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
cmd: sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll
cmd: sfc /scanfile=C:\Windows\system32\dnsapi.dll
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1D7789BC-4A58-4C3D-9FD6-17FA284DADF3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D7789BC-4A58-4C3D-9FD6-17FA284DADF3}" => key removed successfully
C:\Windows\System32\Tasks\JDDFNWGDJL1 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\JDDFNWGDJL1" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{331347F9-BD6D-407D-A08A-EDAAD3A8EEC0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{331347F9-BD6D-407D-A08A-EDAAD3A8EEC0}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BitGuard => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{84ED8E32-A917-4661-945D-008B467C674F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84ED8E32-A917-4661-945D-008B467C674F}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Elazt => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A4836E48-A123-43CF-8729-899A7948D2EC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4836E48-A123-43CF-8729-899A7948D2EC}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C80D76DC-70E3-4D49-B9BB-6B67E57D2C20}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C80D76DC-70E3-4D49-B9BB-6B67E57D2C20}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule => key not found.
C:\Windows\Tasks\JDDFNWGDJL1.job => moved successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CleanHlp" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys" => key removed successfully
"C:\ProgramData\TomorrowGames" => File/Folder not found.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

 

========= End of Reg: =========

=========  sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll =========

 

Windows Resource Protection found corrupt files and successfully repaired

them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For

example C:\Windows\Logs\CBS\CBS.log

========= End of CMD: =========

=========  sfc /scanfile=C:\Windows\system32\dnsapi.dll =========

 

Windows Resource Protection found corrupt files and successfully repaired

them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For

example C:\Windows\Logs\CBS\CBS.log

 

The system file repair changes will take effect after the next reboot.

========= End of CMD: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2397426977-320329473-1663795368-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2397426977-320329473-1663795368-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

=========  netsh advfirewall reset =========

Ok.

========= End of CMD: =========

=========  netsh advfirewall set allprofiles state ON =========

Ok.

========= End of CMD: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========  netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

=========  netsh int ip reset c:\resetlog.txt =========

Reseting Interface, OK!
Restart the computer to complete this action.

========= End of CMD: =========

=========  ipconfig /release =========

Windows IP Configuration

No operation can be performed on Wireless Network Connection 5 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.

Wireless LAN adapter Wireless Network Connection 5:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::d8f0:8f10:ca80:b4ca%12
   Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home

========= End of CMD: =========

=========  ipconfig /renew =========

Windows IP Configuration

No operation can be performed on Wireless Network Connection 5 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.

Wireless LAN adapter Wireless Network Connection 5:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : home
   Link-local IPv6 Address . . . . . : fe80::d8f0:8f10:ca80:b4ca%12
   IPv4 Address. . . . . . . . . . . : 192.168.1.114
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.254

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home

========= End of CMD: =========

=========  netsh int ipv4 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.

========= End of CMD: =========

=========  netsh int ipv6 reset =========

There's no user specified settings to be reset.

========= End of CMD: =========

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {9BCEFD9A-B3E4-4CCF-9D39-445338A7A840}.
Unable to cancel {5A7F0AB8-61FE-4B9C-82F9-67334205BEBD}.
Unable to cancel {DBE26E72-EB3D-4C0B-9A86-7235CF78FDCB}.
Unable to cancel {B59C7167-778F-45CD-B61C-D57FF6C22A1A}.
Unable to cancel {D654117B-798E-489B-B23D-9573246B6D8B}.
0 out of 5 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 84.9 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 11:26:51 ====


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Just one final check.. Meanwhile are you experiencing any problems ?

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#5
Whenwilljack

Whenwilljack

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Internet certainly seems to be running fine now, no pop-ups or redirections etc.

 

AdwCleaner log:

 

 

# AdwCleaner v5.013 - Logfile created 18/10/2015 at 12:56:40
# Updated 09/10/2015 by Xplode
# Database : 2015-10-18.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Jason - JASON-PC
# Running from : C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YQ7OV5GW\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\AppDataLow\Software\Settings Manager
[!] Key Not Deleted : HKU\S-1-5-21-2397426977-320329473-1663795368-1000\Software\AppDataLow\Software\Settings Manager

***** [ Web browsers ] *****

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [906 bytes] ##########


Edited by Whenwilljack, 18 October 2015 - 06:04 AM.

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that was fairly straight forward, you must have had the shopperz malware.. All gone now :)

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:


Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP