here is the first two...what do i run to get the additiontxt? it seems to be running fine
# AdwCleaner v4.000 - Report created 16/10/2014 at 12:14:02
# DB v2014-10-15.7
# Updated 12/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dad - BRIDGES1
# Running from : C:\Users\Dad\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\Dad\AppData\Local\Astromenda
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Users\Dad\AppData\Local\NativeMessaging
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Users\Dad\AppData\Roaming\NCH Software
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\Dad\AppData\Roaming\SmartMediaConverter
Folder Deleted : C:\Program Files (x86)\Uninstaller
Folder Deleted : C:\Users\Dad\AppData\Roaming\ValueApps
Folder Deleted : C:\Program Files\V-bates
Folder Deleted : C:\Users\Dad\AppData\Roaming\wse_astromenda
Folder Deleted : C:\Program Files\Enigma Software Group
Folder Deleted : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h46m51x5.default-1342635577168\Extensions\staged\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Folder Deleted : C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
File Deleted : C:\Users\Dad\AppData\Roaming\aps.scan.quick.results
File Deleted : C:\Users\Dad\AppData\Roaming\aps.scan.results
File Deleted : C:\Users\Dad\AppData\Roaming\aps.uninstall.scan.results
File Deleted : C:\Windows\System32\drivers\netfilter64.sys
File Deleted : C:\Users\Dad\AppData\Local\Temp\EsgScanner.sys
File Deleted : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h46m51x5.default-1342635577168\searchplugins\astromenda.xml
File Deleted : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h46m51x5.default-1342635577168\searchplugins\Mysearchdial.xml
File Deleted : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h46m51x5.default-1342635577168\user.js
***** [ Scheduled Tasks ] *****
Task Deleted : Driver Support-RTMRules
Task Deleted : Driver Support-RTMScan
Task Deleted : Driver Support-RTMScanRunOnce
Task Deleted : Driver Support-RTMUpdater
Task Deleted : LaunchSignup
Task Deleted : WSE_Astromenda
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Supreme Savings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Supreme Savings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD4D7B0F-45C6-4bb2-A1E7-54D1754E7FC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{32B29DF0-2237-4370-9A29-37CEBB730E9B}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93DBF2BB-A2B3-4683-A92E-57E60751F346}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\WSE_Astromenda
Key Deleted : HKCU\Software\DriverSupport
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}
Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Key Deleted : [x64] HKLM\SOFTWARE\EnigmaSoftwareGroup
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17280
-\\ Mozilla Firefox v32.0.3 (x86 en-US)
[h46m51x5.default-1342635577168] - Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");
[h46m51x5.default-1342635577168] - Line Deleted : user_pref("browser.search.selectedEngine", "Astromenda");
[h46m51x5.default-1342635577168] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://astromenda.com/?f=1&a=ast_coinis_14_34_ff&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBtD0CtD0Bzz0D0FyE0DtAtN0D0Tzu0SzyyCyDtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1[...]
-\\ Google Chrome v37.0.2062.124
*************************
AdwCleaner[R0].txt - [10622 octets] - [15/10/2014 09:47:45]
AdwCleaner[R1].txt - [8806 octets] - [16/10/2014 11:55:24]
AdwCleaner[R2].txt - [8866 octets] - [16/10/2014 12:13:07]
AdwCleaner[S0].txt - [8526 octets] - [16/10/2014 12:14:02]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8586 octets] ##########
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-10-2014 02
Ran by Dad (administrator) on BRIDGES1 on 16-10-2014 12:23:23
Running from C:\Users\Dad\Desktop
Loaded Profile: Dad (Available profiles: Dad)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-04-23] (Samsung)
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\MountPoints2: {474142ab-da60-11e1-b2fb-e840f20c0b8d} - J:\EasySuite.exe
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\MountPoints2: {474142ae-da60-11e1-b2fb-e840f20c0b8d} - E:\EasySuite.exe
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\MountPoints2: {474142b1-da60-11e1-b2fb-e840f20c0b8d} - E:\EasySuite.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {B71F2F2C-F057-434C-A842-17EE69ABC022} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {B71F2F2C-F057-434C-A842-17EE69ABC022} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Handler: file - No CLSID Value -
Handler: local - No CLSID Value -
Handler-x32: file - No CLSID Value -
Handler-x32: local - No CLSID Value -
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
FireFox:
========
FF ProfilePath: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\fen9gfz2.default-1409800020396
FF Homepage: hxxp://www.msn.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: TheTorntv V10 - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\fen9gfz2.default-1409800020396\Extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com [2014-10-13]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-29]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-08-02]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3331316&octid=EB_ORIGINAL_CTID&ISID=MEF04BC3C-2A64-449C-A6FC-8E07988D7F15&SearchSource=55&CUI=&UM=6&UP=SP551F4BF6-43AC-41B5-BBA6-3F0FFF38FC75&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3331316&octid=EB_ORIGINAL_CTID&ISID=MEF04BC3C-2A64-449C-A6FC-8E07988D7F15&SearchSource=55&CUI=&UM=6&UP=SP551F4BF6-43AC-41B5-BBA6-3F0FFF38FC75&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSearchURL: Default -> http://www.trovi.com/Results.aspx?gd=&ctid=CT3331316&octid=EB_ORIGINAL_CTID&ISID=MEF04BC3C-2A64-449C-A6FC-8E07988D7F15&SearchSource=58&CUI=&UM=6&UP=SP551F4BF6-43AC-41B5-BBA6-3F0FFF38FC75&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-02]
CHR Extension: (Collusion for Chrome) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp [2014-03-28]
CHR Extension: (AdBlock) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-28]
CHR Extension: (Water's Valley) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhpodmbdlgmgffpgbennemfkjhhaocfl [2014-03-28]
CHR Extension: (Google Wallet) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-03]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2011-11-14] (Affinegy, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-11] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X]
S3 sxuptp; system32\DRIVERS\sxuptp.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-16 12:16 - 2014-10-16 12:16 - 00000000 ____D () C:\Users\Dad\Desktop\FRST-OlderVersion
2014-10-16 11:43 - 2014-10-16 11:43 - 00030007 _____ () C:\Users\Dad\Desktop\malwarebytes.txt
2014-10-16 11:35 - 2014-10-16 12:15 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-16 11:35 - 2014-10-16 11:35 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-16 11:35 - 2014-10-16 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-16 11:35 - 2014-10-16 11:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-16 11:35 - 2014-10-16 11:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-16 11:35 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-16 11:35 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-16 11:35 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-16 11:25 - 2014-10-16 12:14 - 00038266 _____ () C:\Windows\PFRO.log
2014-10-16 11:23 - 2014-10-16 11:23 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Dad\Desktop\mbam-clean-2.1.1.1001.exe
2014-10-15 10:06 - 2014-10-16 11:32 - 00854448 _____ () C:\Users\Dad\Desktop\SecurityCheck.exe
2014-10-15 09:56 - 2014-10-15 09:56 - 00020440 _____ () C:\Users\Dad\Desktop\JRT.txt
2014-10-15 09:54 - 2014-10-15 09:54 - 00000000 ____D () C:\Windows\ERUNT
2014-10-15 09:49 - 2014-10-15 09:49 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Dad\Desktop\mbam-setup-2.0.3.1025.exe
2014-10-15 09:48 - 2014-10-15 09:48 - 01705698 _____ (Thisisu) C:\Users\Dad\Desktop\JRT.exe
2014-10-15 09:47 - 2014-10-16 12:14 - 00000000 ____D () C:\AdwCleaner
2014-10-15 09:46 - 2014-10-15 09:46 - 01976320 _____ () C:\Users\Dad\Desktop\AdwCleaner.exe
2014-10-14 13:32 - 2014-10-14 13:32 - 00002364 _____ () C:\Users\Dad\Desktop\aswMBR.txt
2014-10-14 13:32 - 2014-10-14 13:32 - 00000512 _____ () C:\Users\Dad\Desktop\MBR.dat
2014-10-14 13:27 - 2014-10-14 13:27 - 00037495 _____ () C:\Users\Dad\Desktop\Addition.txt
2014-10-14 13:26 - 2014-10-16 12:23 - 00013186 _____ () C:\Users\Dad\Desktop\FRST.txt
2014-10-14 13:26 - 2014-10-16 12:23 - 00000000 ____D () C:\FRST
2014-10-14 13:25 - 2014-10-14 13:25 - 05185536 _____ (AVAST Software) C:\Users\Dad\Desktop\aswMBR.exe
2014-10-14 13:23 - 2014-10-16 12:16 - 02111488 _____ (Farbar) C:\Users\Dad\Desktop\FRST64.exe
2014-10-14 13:22 - 2014-10-14 13:22 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BRIDGES1-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-10-14 13:21 - 2014-10-14 13:21 - 00000000 ____D () C:\RegBackup
2014-10-14 13:20 - 2014-10-14 13:20 - 04215184 _____ () C:\Users\Dad\Desktop\tweaking.com_registry_backup_setup.exe
2014-10-14 13:20 - 2014-10-14 13:20 - 00002242 _____ () C:\Users\Dad\Desktop\Tweaking.com - Registry Backup.lnk
2014-10-14 13:20 - 2014-10-14 13:20 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-10-14 13:20 - 2014-10-14 13:20 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-10-14 00:49 - 2014-10-14 12:03 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-10-13 08:16 - 2014-10-13 08:16 - 00000000 ____D () C:\rei
2014-09-29 20:51 - 2014-09-29 20:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-29 20:25 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-29 20:25 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-16 12:23 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-16 12:23 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-16 12:18 - 2014-01-07 21:18 - 01098754 _____ () C:\Windows\WindowsUpdate.log
2014-10-16 12:15 - 2014-02-11 17:00 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-16 12:15 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-16 12:14 - 2014-09-04 20:35 - 00001680 _____ () C:\Windows\setupact.log
2014-10-16 11:43 - 2014-08-22 21:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-16 11:28 - 2013-01-04 21:52 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-16 11:23 - 2013-08-07 10:19 - 00000000 ___RD () C:\Users\Dad\Dropbox
2014-10-16 11:22 - 2014-02-13 11:52 - 00000109 _____ () C:\Users\Dad\AppData\Roaming\WB.CFG
2014-10-16 10:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-15 10:26 - 2014-02-09 17:47 - 02825728 ___SH () C:\Users\Dad\Desktop\Thumbs.db
2014-10-15 10:24 - 2013-07-07 10:31 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Dropbox
2014-10-14 12:04 - 2014-01-04 08:24 - 00000398 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-10-14 12:04 - 2012-03-29 12:32 - 00000000 ____D () C:\Users\Dad
2014-10-14 12:03 - 2014-08-22 13:21 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-10-14 12:03 - 2014-08-22 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-10-14 12:03 - 2014-08-22 13:20 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-14 12:03 - 2014-05-23 03:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-10-14 12:03 - 2014-04-19 10:24 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dwyco CDC-X
2014-10-14 12:03 - 2014-02-03 19:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-14 12:03 - 2014-01-11 00:00 - 00000000 ____D () C:\Program Files (x86)\Paltalk Messenger
2014-10-14 12:03 - 2012-08-19 17:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-14 12:03 - 2012-08-19 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-10-14 12:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-14 12:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-10-14 11:58 - 2014-03-10 09:42 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-13 08:10 - 2012-04-06 03:18 - 00000000 ____D () C:\Users\Dad\AppData\Local\CrashDumps
2014-10-12 00:05 - 2014-08-05 00:52 - 00001594 _____ () C:\console.log
2014-10-11 23:06 - 2014-02-08 20:02 - 00000000 ____D () C:\Users\Dad\Desktop\Samsung pics
2014-10-11 23:05 - 2014-09-14 13:12 - 00000000 ____D () C:\Users\Dad\Desktop\CDG
2014-09-29 21:02 - 2014-02-13 10:25 - 00001019 _____ () C:\Users\Dad\Desktop\Dropbox.lnk
2014-09-29 21:02 - 2013-07-07 10:32 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
ZeroAccess:
C:\Windows\Installer\{981e74c5-125f-1b66-2e32-03ebb7286777}
ZeroAccess:
C:\Users\Dad\AppData\Local\{981e74c5-125f-1b66-2e32-03ebb7286777}
Some content of TEMP:
====================
C:\Users\Dad\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9abdmv.dll
C:\Users\Dad\AppData\Local\Temp\Quarantine.exe
C:\Users\Dad\AppData\Local\Temp\SHSetup.exe
C:\Users\Dad\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-16 10:14
==================== End Of Log ============================