PDA

View Full Version : about:blank removal


millboy
2015-03-03, 02:07
About blank has taken over my OUTLOOK (yahoo) home page. I change my home page to YAHOO in internet options and about:blank keeps coming back as my home page.
I posted this thread earlier and complied with instructions to post first.txt and awsmbr.txt on the virus thread and when I looked for a reply the thread was closed. So here I am again

Admin edit
Previous topic was in the Spybot forum and there are two machines: http://forums.spybot.info/showthread.php?72073-about-blank-removal

I have
spy bot av 2.4, search results cleaner verson 2.4.40.110 and also use winpatrol plus.
Windows 8.1
signatures updated 2-23
anti spyware updated 2-23
anti virus updated 2-23
ran full scan 2-23 and did not see any flags for about:blank
did not see any info in any logs that had to do with antivirus.
Hope this helps

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2015
Ran by Bob (administrator) on BOBSCOMPUTER on 24-02-2015 10:59:54
Running from C:\Users\Bob\AppData\Local\Microsoft\Windows\INetCache\IE\MK9HRRKA
Loaded Profiles: Bob (Available profiles: Bob & Guest)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Config.Msi\157a39d0.rbf
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(Creative Home) C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2013\Planner\PLNRnote.exe
(Sierra Online) C:\Program Files (x86)\Sierra\Planner\PLNRnote.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Microsoft® Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2014-01-16] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-20] (IDT, Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [Microsoft Works Update Detection] => C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [50688 2003-06-03] (Microsoft® Corporation)
HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-06-08] (Nero AG)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1518664 2014-09-17] (Seagate Technology LLC)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2890371426-784404849-2696811729-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2890371426-784404849-2696811729-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2890371426-784404849-2696811729-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKU\S-1-5-21-2890371426-784404849-2696811729-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127080 2014-09-17] (Seagate Technology LLC)
HKU\S-1-5-21-2890371426-784404849-2696811729-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
HKU\S-1-5-21-2890371426-784404849-2696811729-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2014-11-06] (NETGEAR Inc.)
HKU\S-1-5-21-2890371426-784404849-2696811729-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2890371426-784404849-2696811729-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2890371426-784404849-2696811729-1001\...\RunOnce: [Adobe Speed Launcher] => 1424723684
HKU\S-1-5-21-2890371426-784404849-2696811729-1001\...\MountPoints2: {0d86678f-9b93-11e4-bf0b-fc973475a14c} - "L:\win\setup.exe" -phs
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Corel Family & Friends Reminders.LNK
ShortcutTarget: Corel Family & Friends Reminders.LNK -> C:\Program Files (x86)\Corel\Print House Magic Deluxe\cffrem.exe (Corel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder.lnk
ShortcutTarget: Event Planner Reminder.lnk -> C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2013\Planner\PLNRnote.exe (Creative Home)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminders Tray Icon.lnk
ShortcutTarget: Event Planner Reminders Tray Icon.lnk -> C:\Program Files (x86)\Sierra\Planner\PLNRnote.exe (Sierra Online)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exebddel.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2890371426-784404849-2696811729-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM -> {43F84A5B-211F-4027-A0F7-4F37B3B9E5BB} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {473AF65A-B989-4D33-A29F-CB44729B9C37} URL = http://local.yahoo.com/results?stx={searchTerms}&fr=yie7c
SearchScopes: HKLM -> {85530EC7-DF92-4BB3-9468-BB61139D0F5C} URL = http://shopping.yahoo.com/search?p={searchTerms}&fr=yie7c
SearchScopes: HKLM -> {A8EBEE84-5D8F-415A-BBFD-67A6EC649381} URL = http://answers.yahoo.com/search/search_result?p={searchTerms}&fr=yie7c
SearchScopes: HKLM -> {B51B446C-3EA1-4EE5-86D3-9DEA8D49DFEE} URL = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yie7c
SearchScopes: HKLM -> {B7A09177-8F45-4AAB-9897-95FC29D06BCE} URL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c
SearchScopes: HKLM -> {CE4A4FAB-989B-4A90-861D-535237699E9E} URL = http://video.yahoo.com/search/?p={searchTerms}&fr=yie7c
SearchScopes: HKLM -> {D45356C6-F63E-4D5E-B810-278D16F18161} URL = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yie7c
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
SearchScopes: HKLM-x32 -> {43F84A5B-211F-4027-A0F7-4F37B3B9E5BB} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {f5827716-9540-492e-9e9a-9f18bb2e7912} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^AFW^xdm040^YYA^us&si=trackinglocator-2-fdx&ptb=6711BC71-BBCB-478B-A521-26EB9C41613E&ind=2013092716&n=77fd5b6c&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2890371426-784404849-2696811729-1001 -> {3BA182AA-7407-4082-AF92-3F03A3930129} URL =
SearchScopes: HKU\S-1-5-21-2890371426-784404849-2696811729-1001 -> {91ED3D43-F5A2-42A8-A297-318BCD8B12DA} URL = http://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2890371426-784404849-2696811729-1001 -> {B7A09177-8F45-4AAB-9897-95FC29D06BCE} URL =
SearchScopes: HKU\S-1-5-21-2890371426-784404849-2696811729-1001 -> {C709EE61-EB2A-48E4-A0FF-F89090F44C28} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie10
SearchScopes: HKU\S-1-5-21-2890371426-784404849-2696811729-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKU\S-1-5-21-2890371426-784404849-2696811729-1001 -> {f5827716-9540-492e-9e9a-9f18bb2e7912} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^AFW^xdm040^YYA^us&si=trackinglocator-2-fdx&ptb=6711BC71-BBCB-478B-A521-26EB9C41613E&ind=2013092716&n=77fd5b6c&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2890371426-784404849-2696811729-1001 -> {F811E6DA-DF52-439D-A037-B9B3C7B04B9B} URL = http://delicious.com/search?p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-2890371426-784404849-2696811729-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: ArcadeParlor - C:\Users\Bob\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} [2014-05-16]
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-08-16]

Chrome:
=======
CHR Profile: C:\Users\Bob\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (MixiDj Chrome Toolbar) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\default\Extensions\kpepfkjapeclaafmhoelccknpfedainn [2013-06-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.)
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [38712 2013-01-10] (Hewlett-Packard)
R2 HPSLPSVC; C:\Users\Bob\AppData\Local\Temp\7zS18C7\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-06-08] (Nero AG)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-06-24] (Nero AG)
R2 PLFlash DeviceIoControl Service; C:\windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-12-22] (IBM Corp.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-09-17] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157776 2014-09-17] (Seagate Technology LLC)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-11-20] (IDT, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-25] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S2 PackageTracer_69Service; C:\Program Files (x86)\PackageTracer_69\bar\1.bin\69barsvc.exe [X]
S2 ZAPrivacyService; "C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2014-03-19] (Kaspersky Lab)
S1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [49760 2014-03-19] (Kaspersky Lab ZAO)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2014-12-08] (CACE Technologies, Inc.)
R1 RapportCerberus_80120; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80120.sys [845464 2015-01-12] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445816 2014-12-22] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [290520 2014-12-22] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [535576 2014-12-22] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [558872 2014-12-22] (IBM Corp.)
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [64160 2014-04-25] ()
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2014-10-26] ()
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-02-21] (Anchorfree Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61112 2014-03-18] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 10:58 - 2015-02-24 11:00 - 00000000 ____D () C:\FRST
2015-02-24 10:49 - 2015-02-24 10:49 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-BOBSCOMPUTER-Windows-8.1-(64-bit).dat
2015-02-24 10:46 - 2015-02-24 10:46 - 00000000 ____D () C:\RegBackup
2015-02-24 10:45 - 2015-02-24 10:45 - 00002253 _____ () C:\Users\Bob\Desktop\Tweaking.com - Registry Backup.lnk
2015-02-24 10:45 - 2015-02-24 10:45 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-02-24 10:45 - 2015-02-24 10:45 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-02-23 22:17 - 2015-02-23 22:17 - 00930019 _____ () C:\Users\Bob\Desktop\TeamSpybot-20150223-221731.cab
2015-02-23 22:17 - 2015-02-23 22:17 - 00010240 ___SH () C:\Users\Bob\Desktop\Thumbs.db
2015-02-23 12:48 - 2015-02-23 12:48 - 00001686 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-23 12:48 - 2015-02-23 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-23 12:47 - 2015-02-23 12:48 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-23 12:47 - 2015-02-23 12:48 - 00000000 ____D () C:\Program Files\iTunes
2015-02-23 12:47 - 2015-02-23 12:47 - 00000000 ____D () C:\Program Files\iPod
2015-02-23 12:47 - 2015-02-23 12:47 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-16 16:29 - 2015-02-16 16:29 - 00002529 _____ () C:\Users\Public\Desktop\TurboTax 2014.lnk
2015-02-16 16:29 - 2015-02-16 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2014
2015-02-16 15:16 - 2015-01-22 20:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-16 15:16 - 2015-01-22 19:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-13 22:43 - 2014-10-21 19:44 - 00450713 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20150213-224337.backup
2015-02-13 12:02 - 2015-02-13 12:02 - 00003500 _____ () C:\WINDOWS\System32\Tasks\Bob DBAgent 2 0
2015-02-13 11:47 - 2015-02-13 11:53 - 00048250 _____ () C:\WINDOWS\SysWOW64\bddel.dat
2015-02-13 10:52 - 2015-02-16 15:04 - 00000362 _____ () C:\WINDOWS\Tasks\Tempo Runner coz64host.job
2015-02-13 10:04 - 2015-02-13 11:47 - 00002486 _____ () C:\WINDOWS\System32\Tasks\Tempo Runner coz64host
2015-02-10 15:37 - 2015-01-15 14:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-10 15:37 - 2015-01-15 14:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-10 15:37 - 2015-01-13 20:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-10 15:37 - 2015-01-13 19:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-10 15:37 - 2015-01-10 01:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-10 15:37 - 2015-01-10 01:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-10 15:37 - 2015-01-10 00:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-10 15:37 - 2015-01-09 23:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-10 15:37 - 2015-01-09 22:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-10 15:37 - 2014-12-08 19:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-10 15:37 - 2014-12-08 17:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-10 15:37 - 2014-10-28 18:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-10 15:37 - 2014-10-28 18:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-10 15:37 - 2014-10-28 17:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-10 15:37 - 2014-10-28 17:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-10 15:37 - 2014-10-28 17:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-10 15:37 - 2014-10-28 17:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-10 15:37 - 2014-10-28 17:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-10 15:37 - 2014-10-28 17:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-10 15:36 - 2015-02-03 15:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-10 15:36 - 2015-02-03 15:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-10 15:36 - 2015-02-03 15:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-10 15:36 - 2015-02-02 15:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-10 15:36 - 2015-02-02 15:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-10 15:36 - 2015-02-02 15:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-10 15:36 - 2015-01-19 10:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-10 15:36 - 2015-01-13 14:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-10 15:36 - 2015-01-13 14:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-10 15:36 - 2015-01-11 19:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-10 15:36 - 2015-01-11 18:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-10 15:36 - 2015-01-11 18:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-10 15:36 - 2015-01-11 18:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-10 15:36 - 2015-01-11 18:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-10 15:36 - 2015-01-11 18:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-10 15:36 - 2015-01-11 18:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-10 15:36 - 2015-01-11 18:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-10 15:36 - 2015-01-11 18:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-10 15:36 - 2015-01-11 18:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-10 15:36 - 2015-01-11 18:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-10 15:36 - 2015-01-11 17:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-10 15:36 - 2015-01-11 17:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-10 15:36 - 2015-01-11 17:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-10 15:36 - 2015-01-11 17:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-10 15:36 - 2015-01-11 17:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-10 15:36 - 2015-01-11 17:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-10 15:36 - 2015-01-11 17:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-10 15:36 - 2015-01-11 17:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-10 15:36 - 2015-01-11 17:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-10 15:36 - 2015-01-11 17:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-10 15:36 - 2015-01-11 17:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-10 15:36 - 2015-01-11 17:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-10 15:36 - 2015-01-11 17:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-10 15:36 - 2015-01-11 17:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-10 15:36 - 2015-01-11 17:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-10 15:36 - 2015-01-11 17:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-10 15:36 - 2015-01-11 17:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-10 15:36 - 2015-01-11 17:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-10 15:36 - 2015-01-11 17:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-10 15:36 - 2015-01-11 17:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-10 15:36 - 2015-01-11 17:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-10 15:36 - 2015-01-11 16:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-10 15:36 - 2015-01-11 16:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-10 15:36 - 2015-01-10 00:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-10 15:36 - 2014-12-19 00:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-10 15:36 - 2014-12-19 00:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-10 15:36 - 2014-12-08 15:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-09 18:21 - 2015-02-09 18:21 - 00002733 _____ () C:\Users\Public\Desktop\Seagate Dashboard.lnk
2015-02-09 18:21 - 2015-02-09 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
2015-02-09 17:58 - 2015-02-09 18:01 - 147413592 _____ (Seagate ) C:\Users\Bob\Downloads\Seagate Dashboard Installer.exe
2015-02-09 15:57 - 2015-02-10 16:07 - 00081920 _____ () C:\Users\Bob\Documents\Copy of PER Balance Sheet (2014_10_27 20_54_21 UTC).xls
2015-02-09 15:37 - 2014-10-27 11:48 - 00075776 ____R () C:\Users\Bob\Documents\PER Balance Sheet (2014_10_27 20_54_21 UTC).xls
2015-02-07 10:36 - 2015-02-07 10:36 - 00000000 ____D () C:\WINDOWS\system32\MpEngineStore
2015-01-27 18:22 - 2015-01-27 18:22 - 00002713 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-01-27 18:22 - 2015-01-27 18:22 - 00000000 ____D () C:\Users\Bob\AppData\Local\Skype
2015-01-27 18:22 - 2015-01-27 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 11:00 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-24 10:51 - 2013-03-13 07:44 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2890371426-784404849-2696811729-1001
2015-02-24 10:48 - 2013-09-15 13:16 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-24 10:37 - 2013-11-25 22:05 - 01685286 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-24 05:32 - 2013-03-13 07:38 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4673D1A0-8526-4B0B-A7AD-867174388DC3}
2015-02-23 19:50 - 2012-02-20 15:13 - 00000000 ____D () C:\Users\Bob\Documents\Excel Files
2015-02-23 12:47 - 2015-01-05 10:13 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-23 12:47 - 2013-03-13 09:25 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-23 12:32 - 2015-01-07 13:06 - 00000000 ___RD () C:\Users\Bob\iCloudDrive
2015-02-23 12:31 - 2014-12-23 11:33 - 00000000 ___RD () C:\Users\Bob\OneDrive
2015-02-23 12:30 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-19 08:29 - 2013-08-22 06:46 - 00368519 _____ () C:\WINDOWS\setupact.log
2015-02-19 08:29 - 2013-08-22 06:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-18 21:26 - 2013-08-22 05:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-18 21:23 - 2008-12-30 14:20 - 00000000 ____D () C:\Users\Bob\Documents\Word files
2015-02-18 15:57 - 2013-05-20 16:03 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-18 15:57 - 2012-07-25 23:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-18 15:52 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-16 17:04 - 2008-12-30 14:20 - 00000000 ____D () C:\Users\Bob\Documents\TurboTax
2015-02-16 16:30 - 2013-03-14 19:07 - 00000935 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-02-16 16:27 - 2013-03-14 19:04 - 00000000 ____D () C:\Program Files (x86)\TurboTax
2015-02-16 16:22 - 2013-03-20 13:38 - 00000000 ____D () C:\Users\Bob\AppData\Local\Adobe
2015-02-16 15:03 - 2013-08-22 06:44 - 00691616 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-16 15:02 - 2013-09-29 19:55 - 00289618 _____ () C:\WINDOWS\PFRO.log
2015-02-14 23:02 - 2014-12-10 22:16 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-14 23:02 - 2014-08-08 18:40 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-14 22:52 - 2013-03-17 17:25 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\HpUpdate
2015-02-14 11:22 - 2015-01-14 15:27 - 00000000 ____D () C:\Program Files (x86)\OpenSoftwareUpdater
2015-02-13 22:29 - 2015-01-19 14:31 - 00598975 _____ () C:\WINDOWS\shost.bin
2015-02-13 22:29 - 2004-10-22 11:11 - 00000000 ____D () C:\Temp
2015-02-13 13:01 - 2013-09-29 20:04 - 00956476 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-13 10:46 - 2008-12-30 14:19 - 00000000 ____D () C:\Users\Bob\Documents\PDF Files
2015-02-13 09:25 - 2015-01-09 16:00 - 00004980 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for BOBSCOMPUTER-Bob BobsComputer
2015-02-13 09:08 - 2013-08-13 15:34 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-13 09:00 - 2013-03-14 13:04 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-10 14:23 - 2014-01-01 13:24 - 00000000 ____D () C:\Users\Bob\AppData\Local\NETGEARGenie
2015-02-09 18:22 - 2014-10-27 08:42 - 00003512 _____ () C:\WINDOWS\System32\Tasks\Seagate_Install_Launch
2015-02-09 18:21 - 2013-09-15 16:59 - 00000000 ____D () C:\Program Files (x86)\Seagate
2015-02-09 18:21 - 2013-03-15 13:46 - 00000000 ____D () C:\ProgramData\Nero
2015-02-09 18:20 - 2014-10-27 08:40 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Leader Technologies
2015-02-09 17:54 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-09 15:23 - 2013-11-25 21:48 - 00000000 ____D () C:\Users\Bob
2015-02-07 15:32 - 2013-09-15 17:03 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\Seagate
2015-02-07 15:28 - 2013-11-29 15:11 - 00648906 _____ () C:\SeagateAdapter
2015-02-07 13:20 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-07 12:07 - 2014-08-09 12:57 - 00000000 ____D () C:\Program Files (x86)\Fitbit Connect
2015-02-07 12:06 - 2013-11-25 21:48 - 00000000 ____D () C:\Users\Guest
2015-02-07 12:05 - 2013-03-14 18:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Picture It! 9
2015-02-07 11:58 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\registration
2015-02-07 11:58 - 2013-08-22 05:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-02-07 11:55 - 2015-01-14 14:53 - 00000000 ____D () C:\ProgramData\makulitsidwe
2015-02-04 11:49 - 2013-09-15 13:16 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-03 11:31 - 2014-12-15 15:21 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 11:31 - 2014-12-15 15:21 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-01 09:31 - 2013-06-24 09:51 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\Skype
2015-02-01 08:50 - 2014-04-22 06:29 - 00221451 _____ () C:\WINDOWS\hpwins11.dat
2015-02-01 08:50 - 2014-04-22 06:29 - 00003066 _____ () C:\ProgramData\hpzinstall.log
2015-01-27 18:22 - 2013-06-24 09:51 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-27 18:22 - 2013-06-24 09:51 - 00000000 ____D () C:\ProgramData\Skype
2015-01-26 20:28 - 2013-03-13 07:37 - 00000000 ____D () C:\Users\Bob\AppData\Local\Packages

==================== Files in the root of some directories =======

2013-03-14 13:06 - 2013-03-14 13:06 - 0000706 _____ () C:\Program Files\autorun.inf
2013-03-14 13:06 - 2013-03-14 13:06 - 0000864 _____ () C:\Program Files\Windows Easy Transfer.lnk
2013-07-17 15:26 - 2014-05-12 13:46 - 0000135 _____ () C:\Users\Bob\AppData\Roaming\default.pls
2013-03-17 17:25 - 2013-03-17 17:25 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-04-22 06:29 - 2015-02-01 08:50 - 0003066 _____ () C:\ProgramData\hpzinstall.log
2013-03-13 07:37 - 2013-03-13 07:37 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2013-03-14 19:07 - 2015-02-16 16:30 - 0000935 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-08-06 12:37 - 2012-10-24 11:44 - 0656048 _____ (WildTangent, Inc.) C:\ProgramData\uninstall2276241.exe

Files to move or delete:
====================
C:\ProgramData\uninstall2276241.exe
C:\Users\Bob\jobq.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-07 12:20

==================== End Of Log ============================

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-02-24 11:18:50
-----------------------------
11:18:50.361 OS Version: Windows x64 6.2.9200
11:18:50.361 Number of processors: 4 586 0x1001
11:18:50.361 ComputerName: BOBSCOMPUTER UserName: Bob
11:18:52.836 Initialize success
11:18:52.956 VM: initialized successfully
11:18:52.961 VM: Amd CPU supported
11:21:19.214 AVAST engine defs: 15022401
11:22:02.008 The log file has been saved successfully to "C:\Users\Bob\OneDrive\Documents\aswMBR.txt"
-----------------------------------
Juliet
2015-03-03, 13:32
Which antivirus software do you use?


Look in your add/remove programs panel and uninstall the following
Updater By SweetPacks
If not there please just continue.

~~~

Running from C:\Users\Bob\AppData\Local\Microsoft\Windows\INetCache\IE\MK9HRRKA
We wont be able to use FRST running from this location.

Delete the copy of Farbar Recovery Scan Tool you have now and we will download an updated version to desktop.

- Save ALL Tools to your Desktop-

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Icons/Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Chrome/Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Icons/Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Firefox/Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Icons/IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/IE/Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

~~~~
Please download Farbar Recovery Scan Tool (x32) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/) or Farbar Recovery Scan Tool (x64) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/) and save the file to your Desktop.
Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.

No need to scan again we can run the fix script now.


Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG




start
CloseProcesses:
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2890371426-784404849-2696811729-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 -> {f5827716-9540-492e-9e9a-9f18bb2e7912} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^AFW^xdm040^YYA^us&si=trackinglocator-2-fdx&ptb=6711BC71-BBCB-478B-A521-26EB9C41613E&ind=2013092716&n=77fd5b6c&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2890371426-784404849-2696811729-1001 -> {3BA182AA-7407-4082-AF92-3F03A3930129} URL =
SearchScopes: HKU\S-1-5-21-2890371426-784404849-2696811729-1001 -> {f5827716-9540-492e-9e9a-9f18bb2e7912} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^AFW^xdm040^YYA^us&si=trackinglocator-2-fdx&ptb=6711BC71-BBCB-478B-A521-26EB9C41613E&ind=2013092716&n=77fd5b6c&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2890371426-784404849-2696811729-1001 -> {F811E6DA-DF52-439D-A037-B9B3C7B04B9B} URL = http://delicious.com/search?p={searchTerms}
Toolbar: HKU\S-1-5-21-2890371426-784404849-2696811729-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\Firefox
S2 PackageTracer_69Service; C:\Program Files (x86)\PackageTracer_69\bar\1.bin\69barsvc.exe [X]
C:\Program Files (x86)\PackageTracer_69\bar\1.bin\69barsvc.exe
2015-02-13 10:52 - 2015-02-16 15:04 - 00000362 _____ () C:\WINDOWS\Tasks\Tempo Runner coz64host.job
2015-02-13 10:04 - 2015-02-13 11:47 - 00002486 _____ () C:\WINDOWS\System32\Tasks\Tempo Runner coz64host
C:\ProgramData\uninstall2276241.exe
C:\Users\Bob\jobq.dat
Task: {149CC25B-35F3-4BBF-916A-55EB22959E96} - System32\Tasks\EPUpdater => C:\Users\Bob\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION
Task: {191C586C-E738-4BA7-9286-83EE2A3B6C08} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {570B58E1-EE25-4156-A643-5EDDE9F5831A} - System32\Tasks\Tempo Runner coz64host => C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe
Task: C:\WINDOWS\Tasks\Tempo Runner coz32host.job => C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe;/dgad C:\ProgramData\makulitsidwe\1.1.0.29\coz32host.exe
Task: C:\WINDOWS\Tasks\Tempo Runner coz64host.job => C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe;/dgad C:\ProgramData\makulitsidwe\1.1.0.29\coz64host.exe
EmptyTemp:
Hosts:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

please post
Fixlog.txt
C:\AdwCleaner.txt
millboy
2015-03-04, 03:58
Complied with your instructions
adwcleaner(RO).txt,fixlist.txt are attached. I never got a first/first64.txt log.
I have closed and opened internet explorer a few times and about:blank seems to be gone.
Thank you for fixing my very annoying problem. If about:blank comes back Ill give ya a shout.
Looking back I should have told you I have the about:blank problem on my laptop. Do you think running adwcleaner will get rid of about:blank???
Thanks again
Bob Miller
millboy
2015-03-04, 04:00
forgot to add the txt files. Here they are
Juliet
2015-03-04, 12:22
Can you post the results of the Fixlog.txt I created?

The log files you attached are the same ones posted in your previous reply.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2015 <-- has been updated since this date

Running from C:\Users\Bob\AppData\Local\Microsoft\Windows\INetCache\IE\MK9HRRKA <-- still running from this directory

It's possible if you run Adwcleaner on your other computer the results will be the same.
millboy
2015-03-05, 00:38
attached is the only fix.txt file I have.
Hope it is the correct.
there was a file that was included in your last post. Is that the one you want?
Laptop working OK
Juliet
2015-03-05, 01:21
Which antivirus software do you use?


Look in your add/remove programs panel and uninstall the following
Updater By SweetPacks
If not there please just continue.

~~~

Running from C:\Users\Bob\AppData\Local\Microsoft\Windows\INetCache\IE\MK9HRRKA
We wont be able to use FRST running from this location.

Delete the copy of Farbar Recovery Scan Tool you have now and we will download an updated version to desktop.

- Save ALL Tools to your Desktop-

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Icons/Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Chrome/Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Icons/Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Firefox/Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Icons/IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/IE/Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

~~~~
Please download Farbar Recovery Scan Tool (x32) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/) or Farbar Recovery Scan Tool (x64) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/) and save the file to your Desktop.
Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.

No need to scan again we can run the fix script now.


Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG




start
CloseProcesses:
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2890371426-784404849-2696811729-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 -> {f5827716-9540-492e-9e9a-9f18bb2e7912} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^AFW^xdm040^YYA^us&si=trackinglocator-2-fdx&ptb=6711BC71-BBCB-478B-A521-26EB9C41613E&ind=2013092716&n=77fd5b6c&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2890371426-784404849-2696811729-1001 -> {3BA182AA-7407-4082-AF92-3F03A3930129} URL =
SearchScopes: HKU\S-1-5-21-2890371426-784404849-2696811729-1001 -> {f5827716-9540-492e-9e9a-9f18bb2e7912} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^AFW^xdm040^YYA^us&si=trackinglocator-2-fdx&ptb=6711BC71-BBCB-478B-A521-26EB9C41613E&ind=2013092716&n=77fd5b6c&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2890371426-784404849-2696811729-1001 -> {F811E6DA-DF52-439D-A037-B9B3C7B04B9B} URL = http://delicious.com/search?p={searchTerms}
Toolbar: HKU\S-1-5-21-2890371426-784404849-2696811729-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\Firefox
S2 PackageTracer_69Service; C:\Program Files (x86)\PackageTracer_69\bar\1.bin\69barsvc.exe [X]
C:\Program Files (x86)\PackageTracer_69\bar\1.bin\69barsvc.exe
2015-02-13 10:52 - 2015-02-16 15:04 - 00000362 _____ () C:\WINDOWS\Tasks\Tempo Runner coz64host.job
2015-02-13 10:04 - 2015-02-13 11:47 - 00002486 _____ () C:\WINDOWS\System32\Tasks\Tempo Runner coz64host
C:\ProgramData\uninstall2276241.exe
C:\Users\Bob\jobq.dat
Task: {149CC25B-35F3-4BBF-916A-55EB22959E96} - System32\Tasks\EPUpdater => C:\Users\Bob\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION
Task: {191C586C-E738-4BA7-9286-83EE2A3B6C08} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {570B58E1-EE25-4156-A643-5EDDE9F5831A} - System32\Tasks\Tempo Runner coz64host => C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe
Task: C:\WINDOWS\Tasks\Tempo Runner coz32host.job => C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe;/dgad C:\ProgramData\makulitsidwe\1.1.0.29\coz32host.exe
Task: C:\WINDOWS\Tasks\Tempo Runner coz64host.job => C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe;/dgad C:\ProgramData\makulitsidwe\1.1.0.29\coz64host.exe
EmptyTemp:
Hosts:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

please post
Fixlog.txt
C:\AdwCleaner.txt
tashi
2015-03-05, 19:57
New topic has been closed: http://forums.spybot.info/showthread.php?72131-srv1-srv-statistic-com-removel&p=462599#post462599