Vista Machine - Owner turned updates off a few years ago. Ran Malwarebytes several times until clean. Ran Ccleaner several times until clean. Spybot will open, scan window will open but when you click on SCAN nothing happens.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Maw (administrator) on MAW-PC on 03-04-2015 19:34:04
Running from E:\Anti Virus
Loaded Profiles: Maw (Available profiles: Maw & Guest)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 7 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Toshiba\IVP\ISM\pinger.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Toshiba\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor Corp.) C:\Program Files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
() C:\Program Files\Toshiba\Utilities\KeNotify.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [448080 2007-06-16] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [712704 2008-01-22] (TOSHIBA Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [180224 2006-09-11] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [ITSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [75136 2007-09-28] ( TOSHIBA CORPORATION)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [HWSetup] => \HWSetup.exe hwSetUP
HKLM\...\Run: [SVPWUTIL] => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [438272 2006-03-23] (TOSHIBA)
HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34352 2006-11-06] ()
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4911104 2008-01-29] (Realtek Semiconductor)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1429988088-2614088774-4062952998-1000\...\Run: [TOSCDSPD] => TOSCDSPD.EXE
HKU\S-1-5-21-1429988088-2614088774-4062952998-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1429988088-2614088774-4062952998-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5529880 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-1429988088-2614088774-4062952998-1000\...\MountPoints2: F - F:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-1429988088-2614088774-4062952998-1000\...\MountPoints2: G - G:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-1429988088-2614088774-4062952998-1000\...\MountPoints2: H - H:\LaunchU3.exe -a
HKU\S-1-5-21-1429988088-2614088774-4062952998-1000\...\MountPoints2: {378211f0-05c2-11e3-b523-9aa872413b4e} - E:\menu.exe
HKU\S-1-5-21-1429988088-2614088774-4062952998-1000\...\MountPoints2: {5787cba6-24d2-11e0-82b9-ae2a1657eab8} - H:\LaunchU3.exe -a
HKU\S-1-5-21-1429988088-2614088774-4062952998-1000\...\MountPoints2: {6c11e8fa-ba52-11e0-8848-ca621b867478} - G:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-1429988088-2614088774-4062952998-1000\...\MountPoints2: {873db86f-1f80-11df-9a7a-001eec075d31} - E:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-1429988088-2614088774-4062952998-1000\...\MountPoints2: {873db8ac-1f80-11df-9a7a-001eec075d31} - G:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-1429988088-2614088774-4062952998-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [879616 2008-01-20] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\REALTEK USB Wireless LAN Utility.lnk
ShortcutTarget: REALTEK USB Wireless LAN Utility.lnk -> C:\Program Files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe (Realtek Semiconductor Corp.)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-1429988088-2614088774-4062952998-1000] => localhost:8080
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1429988088-2614088774-4062952998-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
URLSearchHook: HKLM - (No Name) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - No File
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ieb&appid=221&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ieb&appid=221&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2524319
SearchScopes: HKLM -> {EDF89D28-51C9-4B25-87C3-3899F4478D7E} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKU\S-1-5-21-1429988088-2614088774-4062952998-1000 -> DefaultScope {752A806D-D501-4CF6-97B3-8DA01F8691EB} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1429988088-2614088774-4062952998-1000 -> {14BB9D08-33C2-447F-A4F5-57D486880FCE} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1429988088-2614088774-4062952998-1000 -> {752A806D-D501-4CF6-97B3-8DA01F8691EB} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: No Name -> {038cb5c7-48ea-4af9-94e0-a1646542e62b} -> No File
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25] (Sun Microsystems, Inc.)
BHO: No Name -> {f2257711-226b-4529-8e1d-e82e1c55ebd8} -> No File
Toolbar: HKLM - No Name - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - No File
Toolbar: HKU\S-1-5-21-1429988088-2614088774-4062952998-1000 -> No Name - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - No File
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll [2014-07-08] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-06-26] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-06-26] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-04-02]
Chrome:
=======
CHR Profile: C:\Users\Maw\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Maw\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-12]
CHR Extension: (Google Drive) - C:\Users\Maw\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Maw\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\Maw\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Google Search) - C:\Users\Maw\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (Produtools Manuals 2.1 B2) - C:\Users\Maw\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbhbgnpgkhbpdidkbgbhlmolppnglog [2013-09-12]
CHR Extension: (Google Wallet) - C:\Users\Maw\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (Gmail) - C:\Users\Maw\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR HKLM\...\Chrome\Extension: [ghbhbgnpgkhbpdidkbgbhlmolppnglog] - C:\Users\Maw\AppData\Local\CRE\ghbhbgnpgkhbpdidkbgbhlmolppnglog.crx [2013-06-17]
CHR HKU\S-1-5-21-1429988088-2614088774-4062952998-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ghbhbgnpgkhbpdidkbgbhlmolppnglog] - C:\Users\Maw\AppData\Local\CRE\ghbhbgnpgkhbpdidkbgbhlmolppnglog.crx [2013-06-17]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION) [File not signed]
S3 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [181784 2007-09-24] (WildTangent, Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [937984 2007-10-30] (Atheros Communications, Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 pinger; C:\Toshiba\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [66928 2007-10-23] ()
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 Cdr4_xp; C:\Windows\system32\Drivers\Cdr4_xp.sys [2432 2006-10-04] (Sonic Solutions) [File not signed]
R1 Cdralw2k; C:\Windows\system32\Drivers\Cdralw2k.sys [2560 2006-10-04] (Sonic Solutions) [File not signed]
S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2008-01-20] (Microsoft Corporation)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
S3 NWUSBCDFIL; C:\Windows\System32\DRIVERS\NwUsbCdFil.sys [20480 2010-07-08] (Novatel Wireless Inc.)
S3 NWUSBModem_000; C:\Windows\System32\DRIVERS\nwusbmdm_000.sys [176384 2010-07-08] (Novatel Wireless Inc.)
S3 NWUSBPort2_000; C:\Windows\System32\DRIVERS\nwusbser2_000.sys [176384 2010-07-08] (Novatel Wireless Inc.)
S3 NWUSBPort_000; C:\Windows\System32\DRIVERS\nwusbser_000.sys [176384 2010-07-08] (Novatel Wireless Inc.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36560 2006-09-27] (Sonic Solutions) [File not signed]
S3 RTL8187; C:\Windows\System32\DRIVERS\RTL8187.sys [248320 2007-05-21] (Realtek Semiconductor Corporation )
R1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows (R) Codename Longhorn DDK provider)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 Tosrfcom; No ImagePath
S3 TpChoice; system32\DRIVERS\TpChoice.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-03 18:50 - 2015-04-03 19:34 - 00000000 ____D () C:\FRST
2015-04-03 18:47 - 2015-04-03 18:47 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MAW-PC-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
2015-04-03 18:46 - 2015-04-03 18:46 - 00000000 ____D () C:\RegBackup
2015-04-03 18:45 - 2015-04-03 18:45 - 00002027 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-04-03 18:45 - 2015-04-03 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-04-03 18:45 - 2015-04-03 18:45 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-04-03 14:46 - 2015-04-03 14:46 - 00065160 _____ () C:\Users\Maw\Documents\cc_20150403_144557.reg
2015-04-03 14:40 - 2015-04-03 14:40 - 00000815 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-03 14:40 - 2015-04-03 14:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-03 14:39 - 2015-04-03 14:40 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-03 14:35 - 2015-04-03 14:35 - 00000000 ____D () C:\Users\Maw\Documents\ProcAlyzer Dumps
2015-04-03 14:23 - 2015-04-03 14:51 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-04-03 14:21 - 2015-04-03 14:24 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-04-03 14:21 - 2015-04-03 14:21 - 00001981 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-04-03 14:21 - 2015-04-03 14:21 - 00001969 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-04-03 14:21 - 2015-04-03 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-04-03 14:21 - 2013-09-20 10:49 - 00018968 _____ () C:\Windows\system32\sdnclean.exe
2015-04-03 13:42 - 2015-04-03 14:53 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-03 13:40 - 2015-04-03 13:40 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-03 13:40 - 2015-04-03 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-03 13:40 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-03 13:40 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-03 13:40 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-03 13:30 - 2015-04-03 13:33 - 00002198 _____ () C:\Users\Maw\Desktop\Rkill.txt
2015-04-03 13:25 - 2015-04-03 13:25 - 00000000 __RSH () C:\MSDOS.SYS
2015-04-03 13:25 - 2015-04-03 13:25 - 00000000 __RSH () C:\IO.SYS
2015-04-03 13:20 - 2015-04-03 13:20 - 00001073 _____ () C:\Users\Maw\Desktop\Should I Remove It.lnk
2015-04-03 13:20 - 2015-04-03 13:20 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin
2015-04-03 13:20 - 2015-04-03 13:20 - 00000000 ____D () C:\Users\Maw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It
2015-04-03 13:20 - 2015-04-03 13:20 - 00000000 ____D () C:\Program Files\Reason
2015-04-03 12:30 - 2015-04-03 12:30 - 00000079 _____ () C:\Windows\wininit.ini
2015-04-02 23:16 - 2015-04-03 14:50 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-02 21:34 - 2015-04-03 13:40 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-02 21:34 - 2015-04-02 21:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-03 19:04 - 2010-02-22 04:48 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-03 18:56 - 2010-02-22 04:48 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-03 18:50 - 2006-11-02 07:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-03 18:50 - 2006-11-02 07:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-03 18:36 - 2013-03-10 14:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-03 14:53 - 2010-02-22 01:21 - 01936203 ____N () C:\Windows\WindowsUpdate.log
2015-04-03 14:51 - 2010-03-29 22:28 - 00000300 _____ () C:\Windows\Tasks\RtlVistaStart.job
2015-04-03 14:50 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-03 14:49 - 2011-01-15 23:36 - 00000000 ____D () C:\Program Files\MyWebSearch
2015-04-03 14:49 - 2006-11-02 08:01 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-03 14:49 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\SchCache
2015-04-03 14:43 - 2012-07-24 16:48 - 00000000 ____D () C:\Windows\Minidump
2015-04-03 14:43 - 2011-11-12 12:52 - 00000000 ____D () C:\Users\Maw\AppData\Local\iMesh
2015-04-03 14:43 - 2008-02-18 20:31 - 00000000 ____D () C:\Windows\Panther
2015-04-03 14:08 - 2008-02-18 21:27 - 00000000 ____D () C:\DOCS
2015-04-03 13:02 - 2010-02-22 04:47 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-04-03 12:46 - 2011-07-18 21:18 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2015-04-03 09:10 - 2010-02-23 16:22 - 00442218 _____ () C:\aaw7boot.log
2015-04-03 00:08 - 2006-11-02 05:33 - 00690960 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-03 00:04 - 2011-07-27 19:06 - 00000064 _____ () C:\Windows\system32\rp_stats.dat
2015-04-03 00:04 - 2011-07-27 19:06 - 00000044 _____ () C:\Windows\system32\rp_rules.dat
2015-04-03 00:04 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-04-03 00:03 - 2013-06-14 00:47 - 00000000 ____D () C:\Users\Guest
2015-04-03 00:03 - 2010-02-22 04:14 - 00000000 ____D () C:\Users\Maw
2015-04-03 00:03 - 2006-11-02 05:22 - 38273024 _____ () C:\Windows\system32\config\software_previous
2015-04-03 00:03 - 2006-11-02 05:22 - 24903680 _____ () C:\Windows\system32\config\components_previous
2015-04-03 00:03 - 2006-11-02 05:22 - 17039360 _____ () C:\Windows\system32\config\system_previous
2015-04-03 00:03 - 2006-11-02 05:22 - 04980736 _____ () C:\Windows\system32\config\default_previous
2015-04-03 00:03 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-04-03 00:03 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-04-03 00:02 - 2013-07-22 21:40 - 00000000 ____D () C:\Program Files\SearchProtect
2015-04-03 00:02 - 2011-07-18 20:32 - 00000000 ____D () C:\Program Files\Object
2015-04-03 00:02 - 2010-02-22 04:14 - 00000000 ___RD () C:\Users\Maw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-03 00:02 - 2010-02-22 04:14 - 00000000 ___RD () C:\Users\Maw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-03 00:02 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\spool
2015-04-03 00:01 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\registration
==================== Files in the root of some directories =======
2013-03-23 23:17 - 2013-06-11 20:43 - 0000680 _____ () C:\Users\Maw\AppData\Local\d3d9caps.dat
2010-03-27 14:57 - 2011-11-12 17:35 - 0005632 _____ () C:\Users\Maw\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-03 14:56
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Maw at 2015-04-03 19:35:09
Running from E:\Anti Virus
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Spybot - Search and Destroy (Enabled - Out of date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM\...\{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}) (Version: 9.0.115.0 - Adobe Systems, Inc.)
Adobe Reader 8.1.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.0.301.4 - ALPS ELECTRIC CO., LTD)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.1 - Atheros)
Atheros Wi-Fi Protected Setup Library (HKLM\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version: - Atheros)
AVG 2011 (Version: 10.0.422 - AVG Technologies) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v6.10.02(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.01 - TOSHIBA)
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
Facetheme (HKLM\...\facetheme) (Version: 1.0 - facetheme.com)
GearDrvs (Version: 1 - Symantec Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GT Legends 1.1.0.0 (HKLM\...\{1064CABD-7390-4336-94E4-8A53DFBCB636}_is1) (Version: v1.1.0.0 - 10tacle Studios Publishing)
iMesh (HKLM\...\iMesh) (Version: 11.0.0.117532 - iMesh Inc.) <==== ATTENTION
iMesh (Version: 11.0.0.117532 - iMesh Inc.) Hidden <==== ATTENTION
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java(TM) 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Memeo AutoBackup (HKLM\...\InstallShield_{03240EBA-04F2-4652-BC7F-B055902BDCD3}) (Version: 3.00.3023 - Memeo Inc)
Memeo AutoBackup (Version: 3.00.3023 - Memeo Inc) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MX vs ATV Unleashed (HKLM\...\{BBE18EBD-CD44-4C51-8BC5-577ECCCEC68F}) (Version: 1.00.0000 - THQ)
Norton 360 (Version: 1.2.0.10 - Symantec Corporation) Hidden
Picasa 2 (HKLM\...\Picasa2) (Version: 2.0 - Google, Inc.)
QuickBooks Financial Center (HKLM\...\{890EF3F8-742F-46BD-9E8E-084B3A1F4364}) (Version: 1.00.0000 - Intuit Inc.)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5559 - Realtek Semiconductor Corp.)
REALTEK USB Wireless LAN Driver and Utility (HKLM\...\{BE686891-3C56-4714-AFEF-341A7867BA80}) (Version: 1.00.0000 - Realtek)
RingtoneJunkiez Desktop (HKLM\...\{DD1E51DF-C3C0-400C-A0D7-C67DB49C9D9C}) (Version: 1.0.0 - RingtoneJunkiez)
Should I Remove It (HKU\S-1-5-21-1429988088-2614088774-4062952998-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (Version: 1.0.4 - Reason Software Company Inc.) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}) (Version: 2.00.0001 - Texas Instruments Inc.)
TIPCI (Version: 2.00.0001 - Texas Instruments Inc.) Hidden
ToggleEN Toolbar (HKLM\...\ToggleEN Toolbar) (Version: - )
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.05 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.1.27 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.1a - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.20.10 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.48.0.3C - TOSHIBA)
TOSHIBA Games (HKLM\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.43 - WildTangent)
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.48.0.11C - TOSHIBA)
Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.1 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems)
TOSHIBA Software Upgrades (HKLM\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.3 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.48.0.8C - TOSHIBA)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.14 - TOSHIBA Corporation)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
Update for Office 2007 (KB934528) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version: - )
Update for Office System 2007 Setup (KB929722) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{D8E9BEBD-655F-467D-8176-CA9959C140A3}) (Version: - )
Utility Common Driver (Version: 0.0.50.7C - TOSHIBA) Hidden
Verizon Mobile Broadband Drivers (HKLM\...\{F19553C5-F843-4C27-BF9F-9DE4D901B895}) (Version: 3.02.002.002 - Novatel Wireless)
Verizon Wireless USB760 Firmware Updates (HKLM\...\{CAC2CF93-B532-4A88-81FE-110750C3E4BA}) (Version: 1.0.5 - Smith Micro Software, Inc.)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VZAccess Manager (HKLM\...\{780F9A1C-6BFE-4691-83A9-095D859E3052}) (Version: 7.3.13.1 - Smith Micro Software Inc.)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
YouTube Downloader 3.2 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: - BienneSoft)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
23-09-2014 20:50:16 Scheduled Checkpoint
02-04-2015 23:54:33 Restore Operation
03-04-2015 12:33:42 Removed YTD Toolbar v9.7.
03-04-2015 13:00:59 Removed Ad-Aware
03-04-2015 13:18:48 Installed Should I Remove It
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {5519DAF5-3F90-42FF-8737-AB4B4DA18E01} - System32\Tasks\{8F5C7512-9B10-4DC2-90B6-C0B2CF0AF88C} => pcalua.exe -a "C:\Program Files\Object\facetheme_uninstall.exe"
Task: {59751292-7560-4D56-86AF-858E3FCEB00C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {66394899-386E-4F6F-9F31-38DFF6D77475} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {7B52D1F1-C3B9-44C3-A9A3-E9A09E181CD0} - System32\Tasks\RtlVistaStart => C:\Program Files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe [2007-05-18] (Realtek Semiconductor Corp.)
Task: {A3C7DD39-E4A7-4C32-A165-9E5F8B4396C2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-22] (Google Inc.)
Task: {BB41D9D4-BB92-4A56-8296-7181ACDFE85B} - System32\Tasks\{B4771BB4-CE2E-4C68-8ACE-5897C66344DE} => pcalua.exe -a "C:\Program Files\Shop To Win\unins000.exe"
Task: {BEF6CEAC-E36E-40C4-8703-E48E8DFD8164} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-22] (Google Inc.)
Task: {C5259668-85BA-413D-A012-D0BB3D075A80} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {C52DD3BE-60C0-4C75-9127-C056C35424E0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {D7D99B32-BD9B-4394-8DB4-FB6F003FF126} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RtlVistaStart.job => C:\Program Files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe
==================== Loaded Modules (whitelisted) ==============
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-02-18 21:56 - 2007-01-25 21:47 - 00136816 _____ () C:\Toshiba\IVP\ISM\pinger.exe
2015-04-03 14:21 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-04-03 14:21 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-04-03 14:21 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-04-03 14:21 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-04-03 14:21 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2008-02-18 21:56 - 2007-10-23 19:27 - 00066928 _____ () c:\Toshiba\IVP\swupdate\swupdtmr.exe
2007-09-13 18:11 - 2007-09-13 18:11 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2010-03-29 22:27 - 2006-10-26 22:30 - 00131072 ____R () C:\Program Files\REALTEK USB Wireless LAN Driver and Utility\EnumDevLib.dll
2007-12-15 00:28 - 2007-12-15 00:28 - 04726784 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2007-12-15 00:40 - 2007-12-15 00:40 - 00090112 _____ () C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
2008-02-18 21:45 - 2006-10-10 14:44 - 00009728 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2007-12-25 15:03 - 2007-12-25 15:03 - 00015184 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2006-10-07 14:57 - 2006-10-07 14:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2006-11-06 20:14 - 2006-11-06 20:14 - 00034352 _____ () C:\Program Files\Toshiba\Utilities\KeNotify.exe
2008-02-20 14:49 - 2008-01-29 19:00 - 00430080 _____ () C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Guest\Downloads\College Confusions!.eml:OECustomProperty
AlternateDataStreams: C:\Users\Maw\Downloads\001.MPG:TOC.WMV
AlternateDataStreams: C:\Users\Maw\Downloads\014.MPG:TOC.WMV
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1429988088-2614088774-4062952998-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Maw\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.254
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-1429988088-2614088774-4062952998-500 - Administrator - Disabled)
Guest (S-1-5-21-1429988088-2614088774-4062952998-501 - Limited - Enabled) => C:\Users\Guest
Maw (S-1-5-21-1429988088-2614088774-4062952998-1000 - Administrator - Enabled) => C:\Users\Maw
==================== Faulty Device Manager Devices =============
Name: isatap.{2AEC04D0-B614-4007-A92E-DEEECAB81577}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: isatap.{2AEC04D0-B614-4007-A92E-DEEECAB81577}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (04/03/2015 07:34:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (04/03/2015 07:34:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (04/03/2015 07:34:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (04/03/2015 07:34:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (04/03/2015 07:34:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (04/03/2015 07:34:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (04/03/2015 07:34:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (04/03/2015 07:33:50 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (04/03/2015 06:51:50 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (04/03/2015 06:51:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
System errors:
=============
Error: (04/03/2015 02:51:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Lbd
Error: (04/03/2015 02:51:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (04/03/2015 02:50:15 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
Error: (04/03/2015 02:48:40 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}
Error: (04/03/2015 02:23:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spybot-S&D 2 Scanner Service%%1053
Error: (04/03/2015 02:23:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Spybot-S&D 2 Scanner Service
Error: (04/03/2015 02:22:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spybot-S&D 2 Scanner Service%%1053
Error: (04/03/2015 02:22:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Spybot-S&D 2 Scanner Service
Error: (04/03/2015 01:29:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Lbd
Error: (04/03/2015 01:29:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Search Protect by Conduit Service%%3
Microsoft Office Sessions:
=========================
Error: (05/27/2013 06:21:47 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11865 seconds with 1080 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2015-04-03 19:35:01.788
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-03 19:35:01.741
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-03 19:35:01.695
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-03 19:35:01.648
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-03 19:35:01.429
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-03 19:35:01.383
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-03 19:35:01.336
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-03 19:35:01.289
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-03 19:34:41.711
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-03 19:34:41.664
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz
Percentage of memory in use: 86%
Total physical RAM: 1013.69 MB
Available physical RAM: 132.83 MB
Total Pagefile: 2291.71 MB
Available Pagefile: 1037.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1930.8 MB
==================== Drives ================================
Drive c: (SQ004680V03) (Fixed) (Total:110.32 GB) (Free:40.51 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (STORE N GO) (Removable) (Total:7.45 GB) (Free:7.34 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 111.8 GB) (Disk ID: C91789AE)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=110.3 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 4F166DC1)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0C)
==================== End Of Log ============================

Please go to add/remove programs and uninstall/delete all items listed for
iMesh


Running from E:\Anti Virus

It's best we move Farbar's to desktop.

Please go to E:\Anti Virus folder, locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.


Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG




start
CreateRestorePoint:
CloseProcesses:
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File Not Found
ProxyServer: [S-1-5-21-1429988088-2614088774-4062952998-1000] => localhost:8080
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
URLSearchHook: HKLM - (No Name) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - No File
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ieb&appid=221&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ieb&appid=221&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2524319
SearchScopes: HKLM -> {EDF89D28-51C9-4B25-87C3-3899F4478D7E} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKU\S-1-5-21-1429988088-2614088774-4062952998-1000 -> DefaultScope {752A806D-D501-4CF6-97B3-8DA01F8691EB} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1429988088-2614088774-4062952998-1000 -> {14BB9D08-33C2-447F-A4F5-57D486880FCE} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1429988088-2614088774-4062952998-1000 -> {752A806D-D501-4CF6-97B3-8DA01F8691EB} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: No Name -> {038cb5c7-48ea-4af9-94e0-a1646542e62b} -> No File
BHO: No Name -> {f2257711-226b-4529-8e1d-e82e1c55ebd8} -> No File
Toolbar: HKLM - No Name - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - No File
Toolbar: HKU\S-1-5-21-1429988088-2614088774-4062952998-1000 -> No Name - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - No File
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
CHR HKLM\...\Chrome\Extension: [ghbhbgnpgkhbpdidkbgbhlmolppnglog] - C:\Users\Maw\AppData\Local\CRE\ghbhbgnpgkhbpdidkbgbhlmolppnglog.crx [2013-06-17]
CHR HKU\S-1-5-21-1429988088-2614088774-4062952998-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ghbhbgnpgkhbpdidkbgbhlmolppnglog] - C:\Users\Maw\AppData\Local\CRE\ghbhbgnpgkhbpdidkbgbhlmolppnglog.crx [2013-06-17]
C:\Users\Maw\AppData\Local\CRE\ghbhbgnpgkhbpdidkbgbhlmolppnglog.crx
2015-04-03 13:20 - 2015-04-03 13:20 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin
2015-04-03 14:49 - 2011-01-15 23:36 - 00000000 ____D () C:\Program Files\MyWebSearch
2015-04-03 00:02 - 2013-07-22 21:40 - 00000000 ____D () C:\Program Files\SearchProtect
iMesh (HKLM\...\iMesh) (Version: 11.0.0.117532 - iMesh Inc.) <==== ATTENTION
iMesh (Version: 11.0.0.117532 - iMesh Inc.) Hidden <==== ATTENTION
AlternateDataStreams: C:\Users\Guest\Downloads\College Confusions!.eml:OECustomProperty
AlternateDataStreams: C:\Users\Maw\Downloads\001.MPG:TOC.WMV
AlternateDataStreams: C:\Users\Maw\Downloads\014.MPG:TOC.WMV
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
EmptyTemp:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


~~~~~~~~~~~~~~~~~~~~~`

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.


please post these 2 logs when finished.

Vista machine still has the problem. It will connect to the local wifi but it only allows LOCAL access and internet access is not allowed.

Thank you for your help. Sincerely, Pete

Here are the logs:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Maw at 2015-04-10 18:10:58 Run:1
Running from C:\Users\Maw\Desktop
Loaded Profiles: Maw (Available profiles: Maw & Guest)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File Not Found
ProxyServer: [S-1-5-21-1429988088-2614088774-4062952998-1000] => localhost:8080
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
URLSearchHook: HKLM - (No Name) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - No File
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ieb&appid=221&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ieb&appid=221&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2524319
SearchScopes: HKLM -> {EDF89D28-51C9-4B25-87C3-3899F4478D7E} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKU\S-1-5-21-1429988088-2614088774-4062952998-1000 -> DefaultScope {752A806D-D501-4CF6-97B3-8DA01F8691EB} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1429988088-2614088774-4062952998-1000 -> {14BB9D08-33C2-447F-A4F5-57D486880FCE} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1429988088-2614088774-4062952998-1000 -> {752A806D-D501-4CF6-97B3-8DA01F8691EB} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: No Name -> {038cb5c7-48ea-4af9-94e0-a1646542e62b} -> No File
BHO: No Name -> {f2257711-226b-4529-8e1d-e82e1c55ebd8} -> No File
Toolbar: HKLM - No Name - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - No File
Toolbar: HKU\S-1-5-21-1429988088-2614088774-4062952998-1000 -> No Name - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - No File
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
CHR HKLM\...\Chrome\Extension: [ghbhbgnpgkhbpdidkbgbhlmolppnglog] - C:\Users\Maw\AppData\Local\CRE\ghbhbgnpgkhbpdidkbgbhlmolppnglog.crx [2013-06-17]
CHR HKU\S-1-5-21-1429988088-2614088774-4062952998-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ghbhbgnpgkhbpdidkbgbhlmolppnglog] - C:\Users\Maw\AppData\Local\CRE\ghbhbgnpgkhbpdidkbgbhlmolppnglog.crx [2013-06-17]
C:\Users\Maw\AppData\Local\CRE\ghbhbgnpgkhbpdidkbgbhlmolppnglog.crx
2015-04-03 13:20 - 2015-04-03 13:20 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin
2015-04-03 14:49 - 2011-01-15 23:36 - 00000000 ____D () C:\Program Files\MyWebSearch
2015-04-03 00:02 - 2013-07-22 21:40 - 00000000 ____D () C:\Program Files\SearchProtect
iMesh (HKLM\...\iMesh) (Version: 11.0.0.117532 - iMesh Inc.) <==== ATTENTION
iMesh (Version: 11.0.0.117532 - iMesh Inc.) Hidden <==== ATTENTION
AlternateDataStreams: C:\Users\Guest\Downloads\College Confusions!.eml:OECustomProperty
AlternateDataStreams: C:\Users\Maw\Downloads\001.MPG:TOC.WMV
AlternateDataStreams: C:\Users\Maw\Downloads\014.MPG:TOC.WMV
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
"C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => Value Data removed successfully.
HKU\S-1-5-21-1429988088-2614088774-4062952998-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{038cb5c7-48ea-4af9-94e0-a1646542e62b} => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}" => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully.
HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EDF89D28-51C9-4B25-87C3-3899F4478D7E}" => Key deleted successfully.
HKCR\CLSID\{EDF89D28-51C9-4B25-87C3-3899F4478D7E} => Key not found.
HKU\S-1-5-21-1429988088-2614088774-4062952998-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1429988088-2614088774-4062952998-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{14BB9D08-33C2-447F-A4F5-57D486880FCE}" => Key deleted successfully.
HKCR\CLSID\{14BB9D08-33C2-447F-A4F5-57D486880FCE} => Key not found.
"HKU\S-1-5-21-1429988088-2614088774-4062952998-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{752A806D-D501-4CF6-97B3-8DA01F8691EB}" => Key deleted successfully.
HKCR\CLSID\{752A806D-D501-4CF6-97B3-8DA01F8691EB} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}" => Key deleted successfully.
HKCR\CLSID\{038cb5c7-48ea-4af9-94e0-a1646542e62b} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f2257711-226b-4529-8e1d-e82e1c55ebd8}" => Key deleted successfully.
HKCR\CLSID\{f2257711-226b-4529-8e1d-e82e1c55ebd8} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{038cb5c7-48ea-4af9-94e0-a1646542e62b} => value deleted successfully.
HKCR\CLSID\{038cb5c7-48ea-4af9-94e0-a1646542e62b} => Key not found.
HKU\S-1-5-21-1429988088-2614088774-4062952998-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{038CB5C7-48EA-4AF9-94E0-A1646542E62B} => value deleted successfully.
HKCR\CLSID\{038CB5C7-48EA-4AF9-94E0-A1646542E62B} => Key not found.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ghbhbgnpgkhbpdidkbgbhlmolppnglog" => Key deleted successfully.
C:\Users\Maw\AppData\Local\CRE\ghbhbgnpgkhbpdidkbgbhlmolppnglog.crx => Moved successfully.
"HKU\S-1-5-21-1429988088-2614088774-4062952998-1000\SOFTWARE\Google\Chrome\Extensions\ghbhbgnpgkhbpdidkbgbhlmolppnglog" => Key deleted successfully.
"C:\Users\Maw\AppData\Local\CRE\ghbhbgnpgkhbpdidkbgbhlmolppnglog.crx" => File/Directory not found.
"C:\Users\Maw\AppData\Local\CRE\ghbhbgnpgkhbpdidkbgbhlmolppnglog.crx" => File/Directory not found.
C:\Windows\system32\AI_RecycleBin => Moved successfully.
C:\Program Files\MyWebSearch => Moved successfully.
C:\Program Files\SearchProtect => Moved successfully.
iMesh (HKLM\...\iMesh) (Version: 11.0.0.117532 - iMesh Inc.) <==== ATTENTION => Error: No automatic fix found for this entry.
C:\Users\Guest\Downloads\College Confusions!.eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Maw\Downloads\001.MPG => ":TOC.WMV" ADS removed successfully.
C:\Users\Maw\Downloads\014.MPG => ":TOC.WMV" ADS removed successfully.
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
========= netsh winsock reset all =========
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
========= netsh int ipv4 reset =========
Reseting Echo Request, OK!
Reseting Global, OK!
Reseting Interface, OK!
A reboot is required to complete this action.
========= End of CMD: =========
========= netsh int ipv6 reset =========
Reseting Echo Request, OK!
A reboot is required to complete this action.
========= End of CMD: =========
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
0 out of 0 jobs canceled.
========= End of CMD: =========
EmptyTemp: => Removed 16.1 MB temporary data.
The system needed a reboot.
==== End of Fixlog 18:13:00 ====

LOG Number 2:
# AdwCleaner v4.200 - Logfile created 10/04/2015 at 18:41:33
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Local]
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (x86)
# Username : Maw - MAW-PC
# Running from : C:\Users\Maw\Desktop\adwcleaner_4.200.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\SearchProtect
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Object
Folder Deleted : C:\Program Files\ToggleEN
Folder Deleted : C:\Program Files\Common Files\FreeCause
Folder Deleted : C:\Windows\system32\SearchProtect
Folder Deleted : C:\Users\Maw\AppData\Local\PackageAware
Folder Deleted : C:\Users\Maw\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Maw\AppData\LocalLow\mediabarim
Folder Deleted : C:\Users\Maw\AppData\LocalLow\ToggleEN
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-api.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShoppingBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor
Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor.1
Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin
Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows Media\Wmsdk\Sources [F3PopularScreenSavers]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform [FunWebProducts]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2077543
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2524319
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DBBBC528-9C8C-4051-9187-ED6F01A457C9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EB583FE1-9458-4EDA-AC68-24D24F17C70F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\
Key Deleted : HKLM\SOFTWARE\Classes\AppID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F2CF666-0EC7-418E-B86A-459AD43BCAB1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\
Key Deleted : HKLM\SOFTWARE\Classes\Interface\
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C8758BC4-4581-48C7-BA38-C1A650477AE9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{038CB5C7-48EA-4AF9-94E0-A1646542E62B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{038CB5C7-48EA-4AF9-94E0-A1646542E62B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A25897FC-2843-4A3A-B7B9-F3EB9641786A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\MyWebSearch
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\AppDataLow\Software\ToggleEN
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\FocusInteractive
Key Deleted : HKLM\SOFTWARE\Fun Web Products
Key Deleted : HKLM\SOFTWARE\MyWebSearch
Key Deleted : HKLM\SOFTWARE\ToggleEN
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facetheme
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToggleEN Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6EFDBA50-4ABE-4194-86F7-F3BD0A011F5B}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facetheme
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wincore MediaBar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ToggleEN Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Web browsers ] *****
-\\ Internet Explorer v7.0.6001.18444
-\\ Google Chrome v36.0.1985.143
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Default_Search_Provider_Data] :
[C:\Users\Maw\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2077543
[C:\Users\Maw\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&appid=221&systemid=1&sr=0&q={searchTerms}
[C:\Users\Maw\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN26741975452684011&ctid=CT3297955&UM=2
[C:\Users\Maw\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Maw\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Maw\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Maw\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Maw\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Default_Search_Provider_Data] :
*************************
AdwCleaner[R0].txt - [56551 bytes] - [10/04/2015 18:31:02]
AdwCleaner[S0].txt - [11261 bytes] - [10/04/2015 18:41:33]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11321 bytes] ##########

Sounds like a firewall is blocking internet access.

If you temporarily turn off security can you connect?

If you drop into safe mode with networking can you connect to the internet then?


Let's see if you turn off your router/DSL connection for a couple of minutes
Turn it back on and let all lights blink and reset
Then try internet access again?


~~~~~~~~~~~~~~

http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


please post
JRT.txt

Turned off everything I knew to turn off using product options. Then went to MSCONFIG and turned off services and changed start up to remove protection services and anything else that wasn't required. Kept a few things that web searches said were not a problem or required. Rebooted. Still no access. Went to network connection page and allowed system to troubleshoot connection and reset addresses. Troubleshoot process gave up. Reset modem/router (even though other devices use same connection). Connection results are the same. Downloaded (using other machine and flashdrive) and ran JRT from desktop of Vista machine. Rebooted the machine again after JRT ran and it still acts the same. It acts the same way the Windows 8 machine we fixed was acting before we fixed it. I'm posting from another Toshiba laptop using the same wifi network connection.

JRT LOG:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.3 (04.07.2015:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Maw on Fri 04/10/2015 at 21:36:37.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Windows\wininit.ini"
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Maw\Local Settings\Application Data\cre"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 04/10/2015 at 21:38:38.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Can you check Device Manager to see if there are any yellow exclamation marks by network card?
http://pcsupport.about.com/od/windowsvista/f/opendmvista.htm
May need to uninstall, reboot and let it be installed again.

Click on the Start http://dl.dropbox.com/u/16537616/Canned%20Speeches/Start%20Orb.jpg button and in the search box, type Command Prompt
When you see Command Prompt on the list, right-click on it and select Run as administrator
When command prompt opens, copy and paste the following command into it, press enter

netsh winsock reset

reboot
~~~~~~~~~~~~~~~~
check the below link
https://support.microsoft.com/en-us/kb/299357

Under network adapters there are two identical entries for isatap with the same address. They both have !. When I look at their properties they are exactly the same. They were last updated or their versions are from 2006. 6.0.6000.16386. I've attached JPGs of the images from paint. I'm tempted to delete them and to try to find the updated driver so I can transfer it via flash drive to the internet blocked laptop. I'll search for the driver and await further instructions since I'm not sure how to do that exactly and would be guessing my way through the install/update. I'm gaining confidence as I type but I'm not sure if that's good or bad. LOL.

I did the reset and reboot before I checked the drivers.

It says your network adapter isn't working.
The below links show how to reset adapters.

http://windows.microsoft.com/en-us/windows-vista/troubleshoot-network-adapter-problems
Troubleshoot network adapter problems

How do I fix network adapter problems?
http://windows.microsoft.com/en-us/windows/fix-network-adapter-problems#1TC=windows-7

Let's see if this can help.

System File Checker tool
http://pcsupport.about.com/od/toolsofthetrade/ht/sfc-scannow.htm

Since the same one is there twice, should I delete one?

You can then reboot. In theory windows will replace it.

Starting research found this:

SYMPTOMS

On a Windows Vista-based computer or on a Windows Server 2008-based computer, the Microsoft ISATAP adapter appears with a yellow exclamation mark (!) next to it in Device Manager. Additionally, when you open the properties dialog box for the device, you receive an error message that resembles the following:
Windows cannot load driver (Code 31)

RESOLUTION

You can safely ignore this error message. This error message does not indicate a problem with the adapter. The adapter will continue to work correctly.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Back to the topBack to the top | Give Feedback

The Microsoft ISATAP device Inter Site Automatic Tunneling Address Protocol is used to help enterprises transition to an IPv6 infrastructure. The ISATAP adapter encapsulates IPv6 packets by using an IPv4 header. This functionality enables the client to transport IPv6 traffic over an IPv4 infrastructure. This approach lets organizations slowly migrate to an IPv6 infrastructure without having to spend excessive time and financial resources to convert to the new infrastructure.

Continuing research.......

After additional research, some fiddling and no good results:

I have used a network cable to connect directly to the router bypassing the need for a WIFI connection. Updates on this Vista machine have been shut down since 2006. I turned them back on and it's currently installing 68 updates. Once fully updated I'll start the debug over again, unless it all suddenly works via wifi! I'll update again later. Thanks!

After additional research, some fiddling and no good results:

I have used a network cable to connect directly to the router bypassing the need for a WIFI connection. Updates on this Vista machine have been shut down since 2006. I turned them back on and it's currently installing 68 updates. Once fully updated I'll start the debug over again, unless it all suddenly works via wifi! I'll update again later. Thanks!

Let's see what the updates can do for us.

Problem corrected:
Actually the updates were turned off in 2010 not 2006. After all the updates were completed, after three of four reboots, the problem still existed. At that point, since I had internet access through the cable, I went through the device manager and allowed the system to search for new network adapter drivers. It found new drivers and once they were updated the problems were corrected. I can now access the internet through the WIFI connection or through the direct wire network cable.

Thanks so much for all your help with both machines! Sincerely, Pete

It's all good news to my ears!

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.


http://i.imgur.com/GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.


Please run a free online scan with the ESET Online Scanner

US Link: http://www.eset.com/us/online-scanner/
EU Link: http://www.eset.eu/online-scanner/

Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.

Turn off the real time scanner of any existing antivirus program while performing the online scan.
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology


Under "Current Scan Targets" > click "change" and ensure all your drives are selected
Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Attach the log as a reply to your next reply..
Close the ESET online scan, and let me know how things are now.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

C:\FRST\Quarantine\C\Users\Maw\AppData\Local\CRE\ghbhbgnpgkhbpdidkbgbhlmolppnglog.crx.xBAD a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Users\Maw\Downloads\FrostWireInstaller (1).exe Win32/FreeInstaller potentially unwanted application
C:\Users\Maw\Downloads\FrostWireInstaller.exe Win32/FreeInstaller potentially unwanted application
C:\Users\Maw\Downloads\iMeshV11.exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application
C:\Users\Maw\Downloads\YouTubeDownloaderSetup32.exe a variant of Win32/Toolbar.Widgi potentially unwanted application

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)



start
CreateRestorePoint:
CloseProcesses:
C:\Users\Maw\Downloads\FrostWireInstaller (1).exe
C:\Users\Maw\Downloads\FrostWireInstaller.exe
C:\Users\Maw\Downloads\iMeshV11.exe
C:\Users\Maw\Downloads\YouTubeDownloaderSetup32.exe
EmptyTemp:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Please post this log in your next reply.

How is the computer now?

Here is the LOG:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-04-2015 01
Ran by Maw at 2015-04-18 10:40:05 Run:2
Running from C:\Users\Maw\Desktop
Loaded Profiles: Maw (Available profiles: Maw & Guest)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
C:\Users\Maw\Downloads\FrostWireInstaller (1).exe
C:\Users\Maw\Downloads\FrostWireInstaller.exe
C:\Users\Maw\Downloads\iMeshV11.exe
C:\Users\Maw\Downloads\YouTubeDownloaderSetup32.exe
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\Maw\Downloads\FrostWireInstaller (1).exe => Moved successfully.
C:\Users\Maw\Downloads\FrostWireInstaller.exe => Moved successfully.
C:\Users\Maw\Downloads\iMeshV11.exe => Moved successfully.
C:\Users\Maw\Downloads\YouTubeDownloaderSetup32.exe => Moved successfully.
EmptyTemp: => Removed 63.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog 10:56:31 ====

WIFI internet access remains corrected and functional. This seems to have been corrected when I got fresh drivers.
I couldn't run the EST online tool until I upgraded the memory from 1 GIG to 2 GIG. (That's why I didn't get back sooner)
I had manually deleted the things that this last scan found but the scan cleaned up the left overs.
With the WIFI fixed, auto-updates restored after being turned off in 2010, crap removed, memory upgrade, new keyboard ($14) this is suddenly like a brand new laptop.
Thank you so much for your wonderful help!

It's like music to my ears, thank you too!

http://i.imgur.com/AFZxnZc.jpg DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix)
or from here http://www.bleepingcomputer.com/download/delfix/ and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:

Activate UAC
Remove disinfection tools
Reset system settings


Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

~~~~~~~~~~~~~~~~~~~


Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP


The following programmes come highly recommended in the security community.

http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpgAdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpgMalwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.


Want to help others? Join the ClassRoom (http://forums.whatthetech.com/What_the_Tech_Classroom_t80368.html) and learn how.

Thanks Juliet, I think we can count this one as completed!

# DelFix v10.8 - Logfile created 18/04/2015 at 14:38:38
# Updated 29/07/2014 by Xplode
# Username : Maw - MAW-PC
# Operating System : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Maw\Desktop\FRST-OlderVersion
Deleted : C:\TDSSKiller.3.0.0.44_03.04.2015_13.35.24_log.txt
Deleted : C:\Users\Maw\Desktop\adwcleaner_4.200.exe
Deleted : C:\Users\Maw\Desktop\Fixlog.txt
Deleted : C:\Users\Maw\Desktop\FRST.exe
Deleted : C:\Users\Maw\Desktop\JRT.exe
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Resetting system settings ... OK

########## - EOF - ##########

We're glad to help :)

Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.