please help me again... [Archive] - Safer-Networking Forums

View Full Version : please help me again...

rcb56

2015-12-07, 13:14

i'm sorry to be back for help, but i don't know what else to do. you have always helped me here or pointed me in the right way. friday i was turning my pc off and it prompted me to download windows 10 free version so i clicked remind me later and close, but it wouldn't close. i used task mgr. to close it and it stayed open. i was in a rush to catch my train so i just had to turn my pc off and leave. i get back and it on and it takes forever. to open anything, mozilla firefox takes forever. the first of these tools took two attemps and the last taking 15 minutes. i barely got tweaking.com installed. my gmail or any website to open takes maybe two minutes. i've seen no programs i don't recognize so maybe these scans will. thanks so much for looking when you can. i tried to open my archived thread but it was locked.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
Ran by Dad (administrator) on BRIDGES1 (07-12-2015 05:35:52)
Running from C:\Users\Dad\Desktop
Loaded Profiles: Dad (Available Profiles: Dad)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_start.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_7_8_2008_2012_64.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_pause.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-16] (Piriform Ltd)
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\RunOnce: [BeginInteractiveOSUpgrade] => C:\Windows\system32\wuauclt.exe [140288 2015-09-25] (Microsoft Corporation)
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{440503AB-407B-43DA-935F-1F9130836AB2}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{440503AB-407B-43DA-935F-1F9130836AB2}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130856047040083056&GUID=2898A9C5-0087-45E1-BF0F-3ADBA845B00A
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130856047040103057&GUID=2898A9C5-0087-45E1-BF0F-3ADBA845B00A
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130856047040103057&GUID=2898A9C5-0087-45E1-BF0F-3ADBA845B00A
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130856047040093057&GUID=2898A9C5-0087-45E1-BF0F-3ADBA845B00A
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> OldSearch URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: file - No CLSID Value
Handler: local - No CLSID Value

FireFox:
========
FF ProfilePath: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\fen9gfz2.default-1409800020396
FF NewTab: www.google.com
FF DefaultSearchEngine: Yahoo Search!
FF DefaultSearchEngine.US: Google
FF SearchEngineOrder.2:
FF SelectedSearchEngine: google search
FF Homepage: hxxp://www.msn.com/
FF Keyword.URL: hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bfr-dg-rhb-32__alt__ddc_dss_bd_com&p={searchTerms}
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-12-07] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-12-07] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\fen9gfz2.default-1409800020396\user.js [2015-08-09]
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-05-18] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2011-11-14] (Affinegy, Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-12] (DEVGURU Co., LTD.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-06] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-11] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Users\Dad\Desktop\bin\cleanhlp64.sys [X]
S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X]
S3 sxuptp; system32\DRIVERS\sxuptp.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-07 05:35 - 2015-12-07 05:36 - 00014244 _____ C:\Users\Dad\Desktop\FRST.txt
2015-12-07 05:31 - 2015-12-07 05:34 - 02369024 _____ (Farbar) C:\Users\Dad\Desktop\FRST64.exe
2015-12-07 05:28 - 2015-12-07 05:34 - 05198336 _____ (AVAST Software) C:\Users\Dad\Desktop\aswMBR.exe
2015-12-07 05:14 - 2015-12-07 05:14 - 00014978 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2015-12-07 05:14 - 2015-12-07 05:14 - 00002242 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-12-07 04:54 - 2015-12-07 05:14 - 04777232 _____ (Tweaking.com) C:\Users\Dad\Desktop\tweaking.com_registry_backup_setup.exe
2015-12-07 00:14 - 2015-10-01 12:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-12-07 00:14 - 2015-10-01 12:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-12-07 00:14 - 2015-10-01 11:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-12-01 14:28 - 2015-12-01 14:29 - 00000000 ____D C:\Users\Dad\AppData\Local\{95336201-45EC-49E5-8857-62C0534AB500}
2015-11-08 02:15 - 2015-11-08 02:15 - 00000000 ____D C:\Users\Dad\AppData\Local\{AB3D6716-F18F-4E10-9000-5015D30997AD}
2015-11-08 02:14 - 2015-11-08 02:14 - 00000000 ____D C:\Users\Dad\AppData\Local\{3822CEDF-92FD-4F16-8951-FF1EE829A96D}
2015-11-08 02:06 - 2015-11-09 11:31 - 00000000 ____D C:\Users\Dad\Desktop\New folder (2)

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-07 05:35 - 2015-04-27 09:04 - 00000000 ____D C:\FRST
2015-12-07 05:34 - 2013-01-04 20:52 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-07 05:14 - 2007-07-11 19:48 - 00000000 ____D C:\Windows
2015-12-07 04:43 - 2014-08-22 20:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-07 03:12 - 2013-08-16 02:00 - 00000000 ____D C:\Windows\system32\MRT
2015-12-07 03:08 - 2012-03-30 20:51 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-07 03:02 - 2012-04-05 11:30 - 00775586 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-12-07 03:02 - 2009-07-13 23:13 - 00775586 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-07 03:02 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2015-12-07 03:01 - 2010-11-21 01:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-12-07 02:39 - 2015-08-08 07:39 - 00000392 _____ C:\Windows\Tasks\DataFront.job
2015-12-07 01:34 - 2014-02-11 16:00 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-07 01:29 - 2014-02-11 16:00 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-07 01:29 - 2013-01-04 20:52 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-07 00:46 - 2014-08-22 20:33 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-07 00:46 - 2014-08-22 20:33 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-07 00:46 - 2014-08-22 20:33 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-07 00:06 - 2009-07-13 22:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-07 00:06 - 2009-07-13 22:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-06 23:53 - 2015-08-09 08:24 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-06 23:51 - 2014-02-09 16:47 - 19543552 ___SH C:\Users\Dad\Desktop\Thumbs.db
2015-12-06 23:50 - 2012-03-29 11:32 - 00000000 ____D C:\Users\Dad
2015-12-06 23:50 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-06 23:49 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-12-06 23:47 - 2015-10-20 14:21 - 00000000 ____D C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-06 23:47 - 2015-05-18 01:10 - 00000000 ____D C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
2015-12-06 23:47 - 2015-04-29 21:31 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-06 23:47 - 2014-01-10 23:00 - 00000000 ____D C:\Program Files (x86)\Paltalk Messenger
2015-12-06 23:47 - 2013-07-07 09:31 - 00000000 ____D C:\Users\Dad\AppData\Roaming\Dropbox
2015-12-06 23:47 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2015-12-06 23:47 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-12-06 23:46 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2015-12-06 23:45 - 2013-08-07 09:19 - 00000000 ___RD C:\Users\Dad\Dropbox
2015-12-04 01:28 - 2007-07-11 19:49 - 00000000 ____D C:\Windows\Panther
2015-12-04 01:25 - 2015-10-30 03:42 - 00000000 ___HD C:\$WINDOWS.~BT
2015-12-02 23:23 - 2014-12-04 13:31 - 00000000 ____D C:\Users\Dad\Documents\Audio Recorder for Free
2015-12-02 14:56 - 2015-05-07 16:14 - 00000000 ____D C:\Users\Dad\Downloads\lockfile
2015-12-02 08:08 - 2012-03-29 13:13 - 00000000 ____D C:\Users\Dad\AppData\Local\ElevatedDiagnostics
2015-12-01 12:42 - 2012-03-29 12:09 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-11-12 09:35 - 2014-08-22 14:37 - 00000000 ____D C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2015-11-09 08:03 - 2014-08-18 21:48 - 00000000 ____D C:\Users\Dad\AppData\LocalLow\Company
2015-11-09 07:46 - 2015-08-09 08:17 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-09 07:46 - 2014-10-16 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-09 07:46 - 2014-10-16 10:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-08 18:49 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2015-09-08 19:53 - 2015-09-08 19:57 - 0030208 ___SH () C:\Users\Dad\AppData\Roaming\Thumbs.db
2013-08-07 06:12 - 2014-11-16 00:53 - 0001181 _____ () C:\Users\Dad\AppData\Roaming\trace_FilterInstaller.1.txt
2013-08-07 06:12 - 2014-03-30 11:59 - 0000919 _____ () C:\Users\Dad\AppData\Roaming\trace_FilterInstaller.2.txt
2013-08-07 06:12 - 2014-03-29 18:54 - 0001181 _____ () C:\Users\Dad\AppData\Roaming\trace_FilterInstaller.3.txt
2013-08-07 06:12 - 2013-08-07 06:34 - 0000919 _____ () C:\Users\Dad\AppData\Roaming\trace_FilterInstaller.4.txt
2013-08-07 06:12 - 2013-08-07 06:12 - 0001181 _____ () C:\Users\Dad\AppData\Roaming\trace_FilterInstaller.5.txt
2013-08-07 06:12 - 2014-12-02 18:47 - 0000919 _____ () C:\Users\Dad\AppData\Roaming\trace_FilterInstaller.txt
2013-08-07 06:12 - 2014-12-02 18:47 - 0000000 _____ () C:\Users\Dad\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2012-05-12 15:58 - 2012-05-12 15:58 - 0024597 _____ () C:\Users\Dad\AppData\Roaming\UserTile.png
2014-09-01 02:18 - 2014-09-01 02:18 - 0001248 _____ () C:\Users\Dad\AppData\Roaming\UZNYUL
2014-02-13 10:52 - 2015-02-03 09:23 - 0000136 _____ () C:\Users\Dad\AppData\Roaming\WB.CFG
2014-09-01 02:18 - 2014-09-01 02:18 - 0002086 _____ () C:\Users\Dad\AppData\Roaming\WTPQZFD
2015-04-14 22:43 - 2015-04-14 22:43 - 0385602 _____ () C:\Users\Dad\AppData\Local\5DEA8E28_stp.CIS
2015-04-14 22:43 - 2015-04-14 22:43 - 0000204 _____ () C:\Users\Dad\AppData\Local\5DEA8E28_stp.CIS.part
2012-04-14 21:46 - 2015-09-02 03:20 - 0135680 _____ () C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-02 22:37 - 2015-02-03 09:24 - 0000010 _____ () C:\Users\Dad\AppData\Local\DSI.DAT
2012-08-18 05:51 - 2015-04-28 06:15 - 0027486 _____ () C:\Users\Dad\AppData\Local\HWVendorDetection.log
2013-01-10 08:07 - 2013-01-10 08:07 - 0000866 _____ () C:\Users\Dad\AppData\Local\recently-used.xbel
2012-07-16 06:22 - 2015-07-02 13:25 - 0007669 _____ () C:\Users\Dad\AppData\Local\Resmon.ResmonCfg
2015-05-05 15:42 - 2015-05-07 16:13 - 0000700 ___SH () C:\Users\Dad\AppData\Local\systemFL7.dat
2012-03-29 12:09 - 2012-03-29 12:09 - 0017408 _____ () C:\Users\Dad\AppData\Local\WebpageIcons.db
2015-09-19 11:43 - 2015-09-19 11:43 - 0000000 _____ () C:\Users\Dad\AppData\Local\{5AB25B4F-5297-4C81-9E38-79FB86AF6283}
2015-09-18 11:43 - 2015-09-18 11:43 - 0000000 _____ () C:\Users\Dad\AppData\Local\{6B8D2950-B7CD-47EB-A0CA-0B0E1B4803C7}
2012-11-19 02:10 - 2012-11-19 02:10 - 0000105 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
C:\Users\Dad\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph8z9dm.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-12-02 05:32

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by Dad (2015-12-07 05:36:24)
Running from C:\Users\Dad\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-03-29 17:32:45)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2107755742-302254199-1763176924-500 - Administrator - Disabled)
Dad (S-1-5-21-2107755742-302254199-1763176924-1001 - Administrator - Enabled) => C:\Users\Dad
Guest (S-1-5-21-2107755742-302254199-1763176924-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2107755742-302254199-1763176924-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: Spybot - Search and Destroy (Disabled - Out of date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - )
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe PDF ePub DRM Removal 4.7.1 (HKLM-x32\...\{C9DD56CA-BAE9-452A-AFE9-834C7770D1A3}) (Version: 4.7.1 - EPUBSOFT)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audio Recorder for Free v12.9.8 (HKLM-x32\...\Audio Recorder for Free_is1) (Version: - Copyright(C) 2006-2012 AudioToolMedia Software.)
BEHRINGER UFX 1394 Drivers v6.11.0.0 (HKLM-x32\...\BEHRINGER UFX 1394 Drivers v6.11.0.0) (Version: 6.11.0.0 - BEHRINGER)
Belkin Setup and Router Monitor (HKLM-x32\...\Belkin Setup and Router Monitor_is1) (Version: - )
Best Buy pc app (Version: 3.3.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.3.0.0 - Best Buy) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden
Canon MP Navigator 3.0 (HKLM-x32\...\MP Navigator 3.0) (Version: - )
Canon MP160 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2531.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.15 - Piriform)
Dropbox (HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\Dropbox) (Version: 3.10.8 - Dropbox, Inc.)
Dwyco CDC-X version 2.11 (HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\Dwyco CDC-X_is1) (Version: 2.11 - Dwyco, Inc.)
Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Etron USB3.0 Host Controller (x32 Version: 0.103 - Etron Technology) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.04.3503 - Gateway Incorporated)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Gateway Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Gateway Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KaraFun Player 2 (HKLM-x32\...\KaraFun Player 2_is1) (Version: 2.2.6.223 - Recisio)
Karaoke Builder Player 3.0 (HKLM-x32\...\Karaoke Builder Player 3.0) (Version: - )
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 39.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 en-US)) (Version: 39.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Paltalk Ad Remover 4.0 (HKLM-x32\...\Paltalk Ad Remover_is1) (Version: - The Anubis Group (T.A.G.))
Paltalk Messenger 11.6 (HKLM-x32\...\Paltalk Messenger) (Version: 11.6.607.17218 - AVM Software Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15013.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15013.17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.4 - Tweaking.com)
VisioForge Video Capture SDK Delphi Redist (x32 Version: 6.2.0.2 - VisioForge) Hidden
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.02.3504 - Gateway Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2107755742-302254199-1763176924-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Dad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Restore Points =========================

29-04-2015 20:59:53 Windows Update
29-04-2015 21:16:43 Windows Update
30-04-2015 02:00:48 Windows Update
01-05-2015 00:26:36 Removed Java 8 Update 31
01-05-2015 01:43:48 Tweaking.com - Windows Repair
01-05-2015 16:38:17 Restore Operation
03-05-2015 11:57:59 Windows Update
03-05-2015 12:02:06 Device Driver Package Install: Microsoft Universal Serial Bus controllers
06-05-2015 09:58:04 Installed Samsung Kies3
07-05-2015 00:20:02 Windows Update
13-05-2015 10:33:44 Windows Update
14-05-2015 02:00:26 Windows Update
16-05-2015 02:00:44 Windows Update
16-05-2015 10:17:44 Windows Update
17-05-2015 23:01:52 Restore Operation
17-05-2015 23:42:09 Windows Update
18-05-2015 02:00:31 Windows Update
19-05-2015 02:00:10 Windows Update
20-05-2015 02:00:10 Windows Update
21-05-2015 23:42:49 Removed Google Talk Plugin
29-05-2015 11:00:18 Windows Update
01-06-2015 12:35:21 Windows Update
04-06-2015 01:59:45 Restore Operation
04-06-2015 02:16:10 Windows Update
10-06-2015 02:00:18 Windows Update
14-06-2015 14:49:22 Windows Update
14-06-2015 18:00:07 Windows Backup
21-06-2015 18:00:16 Windows Backup
28-06-2015 18:00:13 Windows Backup
02-07-2015 11:33:01 Windows Update
05-07-2015 18:00:22 Windows Backup
07-07-2015 07:37:05 Windows Update
14-07-2015 23:00:02 Scheduled Checkpoint
22-07-2015 23:00:01 Scheduled Checkpoint
02-08-2015 15:30:47 Windows Update
03-08-2015 02:00:15 Windows Update
03-08-2015 05:08:41 Removed Java 8 Update 51
06-08-2015 03:34:30 Windows Update
09-08-2015 06:45:09 Windows Update
12-08-2015 09:09:57 Windows Update
13-08-2015 02:00:22 Windows Update
17-08-2015 02:55:32 Windows Update
24-08-2015 23:00:01 Scheduled Checkpoint
31-08-2015 23:00:02 Scheduled Checkpoint
01-09-2015 11:43:32 Windows Update
02-09-2015 02:00:11 Windows Update
05-09-2015 05:15:36 Windows Update
12-09-2015 23:00:01 Scheduled Checkpoint
20-09-2015 23:00:03 Scheduled Checkpoint
28-09-2015 23:00:00 Scheduled Checkpoint
02-10-2015 02:00:27 Windows Update
20-10-2015 14:07:53 Windows Update
20-10-2015 19:36:32 Revo Uninstaller's restore point - Freemake Video Converter version 3.1.0
21-10-2015 02:00:28 Windows Update
28-10-2015 23:00:00 Scheduled Checkpoint
02-11-2015 14:12:21 Windows Update
05-11-2015 15:33:22 Windows Update
08-11-2015 23:08:31 Windows Update
01-12-2015 12:55:51 Windows Update
02-12-2015 03:00:13 Windows Update
04-12-2015 00:57:24 Windows Update
07-12-2015 00:01:43 Windows Update
07-12-2015 03:00:12 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2015-02-04 10:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {006FE9D1-DEC6-44C4-9076-5934D25FCD6C} - System32\Tasks\DataFront => c:\programdata\{050f5308-75c9-2afc-050f-f530875c4c21}\karaoke collection vol 46 (cdg mp3 files).exe <==== ATTENTION
Task: {09EEC63B-21B8-4656-86A9-CCDD9C10A77F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {346B439C-CE11-4CE0-B14C-D2FD4E18F124} - System32\Tasks\{1DD8B5E2-C122-4D1F-9758-9B0F5D4479E4} => pcalua.exe -a "C:\Users\Dad\Desktop\My Documents\mp160win64111ea23.exe" -d "C:\Users\Dad\Desktop\My Documents"
Task: {35E50A07-EC32-4024-AA11-31B368248FEE} - System32\Tasks\{D6BB3A59-B46C-4DDF-85E3-A7CC61C4B4CC} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
Task: {3CD9F767-3594-4327-B21E-BE3E78C49122} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2107755742-302254199-1763176924-1001Core => C:\Users\Dad\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-10] (Dropbox, Inc.)
Task: {490D819C-47D5-456C-A5EB-EEFBD6B58C82} - System32\Tasks\{62ACF029-05DB-43E9-B5E0-E093E965ED01} => C:\Program Files (x86)\Paltalk Messenger\paltalk.exe [2015-04-21] (AVM Software Inc.)
Task: {57F10B8A-E6DC-41AF-836F-3D3323A974EC} - System32\Tasks\{8438242B-619B-42CD-9AD1-2D389FF75225} => C:\Program Files (x86)\Paltalk Messenger\paltalk.exe [2015-04-21] (AVM Software Inc.)
Task: {65FBC813-8ECD-4300-99D3-4822AFCDAFE9} - System32\Tasks\{F2D720B6-011A-46ED-9209-2320052E5916} => pcalua.exe -a C:\PROGRA~2\Yahoo!\MESSEN~1\UNWISE.EXE -c /U C:\PROGRA~2\Yahoo!\MESSEN~1\INSTALL.LOG
Task: {892BAF73-A76B-48C2-AFBA-602B7E41BF23} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2107755742-302254199-1763176924-1001UA => C:\Users\Dad\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-10] (Dropbox, Inc.)
Task: {8C25C726-0EDD-419C-ABAE-AB81DD4A8954} - System32\Tasks\{DF80F471-10C4-4247-BCB7-5B67BA005FD2} => pcalua.exe -a C:\Users\Dad\Desktop\ts_webcam.exe -d C:\Users\Dad\Desktop
Task: {8D943107-6A50-440B-8E05-7B77AD0A1BEB} - System32\Tasks\{D9E1C870-B7E8-4995-8A98-D579504F6B41} => C:\Program Files (x86)\Paltalk Messenger\paltalk.exe [2015-04-21] (AVM Software Inc.)
Task: {97E3E010-59DA-473B-B514-EE2C8559EF8B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {AE3C4923-DF05-46BF-9F7D-71972FD7EF73} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-07] (Adobe Systems Incorporated)
Task: {B0C3D0A2-E90E-41D9-A2AA-D31480DA3178} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {B8D04CC6-6343-45C9-B405-F55D65E7D99C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {CE4612D6-865E-46E6-A8C8-E78BF08ACC3D} - System32\Tasks\NBAgent => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
Task: {E6392F7E-8094-4810-A3A2-612265F0F48F} - System32\Tasks\{F126331D-C6F2-47BE-94F5-C17820994183} => pcalua.exe -a "C:\Program Files (x86)\NCH Software\Recordpad\uninst.exe"
Task: {ED36A8FB-B1CF-421E-8C67-F352A7A69286} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {EFF37384-E9B7-4970-81C0-B4E865C7DE81} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {F4FE48D0-691E-474D-9BF8-E1EE2DC18853} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {FF5AE516-004E-406B-8236-DF11EE525F5D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DataFront.job => c:\programdata\{050f5308-75c9-2afc-050f-f530875c4c21}\karaoke collection vol 46 (cdg mp3 files).exe <==== ATTENTION
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2107755742-302254199-1763176924-1001Core.job => C:\Users\Dad\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2107755742-302254199-1763176924-1001UA.job => C:\Users\Dad\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-03 05:12 - 2015-08-03 05:12 - 00019040 _____ () C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2native.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0020 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0021 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0022 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0023 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0024 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0025 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0026 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0027 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0028 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0029 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0030 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0031 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0032 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0033 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0034 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0035 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0036 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0037 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0038 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0039 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0040 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0041 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0042 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0043 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0044 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0045 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0046 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0047 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0048 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0049 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0050 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0051 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0052 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0053 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0054 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0055 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0056 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0057 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0058 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0059 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0060 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0061 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0062 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0063 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0064 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0065 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0066 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0067 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0068 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0069 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0070 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0071 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0072 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0073 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0074 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0075 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0076 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0077 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0078 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0079 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0080 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0081 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0082 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0083 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0084 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0085 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0086 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0087 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0088 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0089 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0090 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0091 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0092 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0093 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0094 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0095 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0096 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0097 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0098 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0099 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0100 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0020 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0020 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0021 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0022 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0023 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0024 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0025 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0026 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0027 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0028 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0029 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0030 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0031 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0032 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0033 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0034 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0035 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0036 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0037 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0038 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0039 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0040 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0041 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0042 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0043 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0044 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0045 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0046 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0047 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0048 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0049 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0050 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0051 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0052 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0053 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0054 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0055 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0056 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0057 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0058 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0059 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0060 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0061 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0062 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0063 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0064 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0065 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0066 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0067 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0068 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0069 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0070 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0071 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0072 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0073 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0074 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0075 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0076 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0077 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0078 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0079 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0080 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0081 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0082 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0083 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0084 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0085 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0086 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0087 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0088 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0089 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0090 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0091 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0092 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0093 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0094 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0095 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0096 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0097 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0098 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0099 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0100 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0020 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\123simsen.com -> www.123simsen.com

There are 7863 more sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2107755742-302254199-1763176924-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Behringer UFX 1394 Control Panel.lnk => C:\Windows\pss\Behringer UFX 1394 Control Panel.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Dad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Dad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Dad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk => C:\Windows\pss\PalTalk.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Dropbox Update => "C:\Users\Dad\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: Google Update => "C:\Users\Dad\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\Dad\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
MSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: InstaLAN => "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: smoother => C:\Users\Dad\AppData\Roaming\Booster-Web\Booster-Web-Installer.exe
MSCONFIG\startupreg: SoftonicAssistant => "C:\Users\Dad\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe"
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{712D7705-28BD-444D-BB14-5C08AACD5F01}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{25510813-0968-4D57-BADB-1614F2A92B15}] => (Allow) LPort=2869
FirewallRules: [{5F1AFC8C-6B84-4793-86F5-52029CD4189E}] => (Allow) LPort=1900
FirewallRules: [{A687E5CE-0A6E-4268-AFA0-7509E2AB6F25}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3E6FC240-35CB-4367-971D-76F632AE4C1F}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{458FF205-4A97-49FB-AB17-2C16B022C60D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [TCP Query User{B48A3653-063C-4BC6-9E97-F38F05A37958}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [UDP Query User{29FD2029-71D3-48E8-9A43-DAB6570B0073}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [TCP Query User{24B25CDC-08A1-4E14-B1DF-B7DC664138F1}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [UDP Query User{CF2BC875-58A7-415E-A772-9CA44888D394}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [{97F933F3-EC17-427B-8EBB-7F2D7A6D1CE1}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{E6E34D32-678E-4AE5-ACA1-6201219331F1}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{FE719458-9E14-4060-855E-9B16B652E79C}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{C729B18C-1248-4143-988D-C2F09B9245C3}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{7F3BAE04-783C-4EC4-A1D9-84B2328AD2F3}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{7D117006-121E-44D7-B8BD-0E9940813790}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E2DE2F26-58C2-4E6F-B81E-A14D40EA6438}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D4B19791-A9CE-47CD-B264-7747FE49518A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C403502F-E4EB-4619-9427-96A11B58CB6D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2C4C24F7-5407-4E4A-815A-FA6792CE86FF}] => (Allow) C:\Users\Dad\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{CC7FCCAA-A7D3-4B92-9FAA-0BF793787466}] => (Allow) C:\Users\Dad\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{4E9D1ED0-3352-49AE-B03F-E0D61A926463}C:\users\dad\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\dad\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{3799D7BD-ED7E-417E-AC3A-D58D4BCC5F9C}C:\users\dad\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\dad\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{00FA12F1-DAD8-4C07-9208-596945587D51}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F7CF7ECB-94EB-4CA3-9A5E-67955BF062B0}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{0FF1312A-2580-4B26-8D5A-DB0969DA2781}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [TCP Query User{A2879CD7-982F-4A67-AF96-452BFA8A845E}C:\users\dad\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\dad\documents\dwyco\cdc-x\cdcx.exe
FirewallRules: [UDP Query User{A233DB83-0FF4-43B0-A9C7-799A646CAD4D}C:\users\dad\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\dad\documents\dwyco\cdc-x\cdcx.exe
FirewallRules: [{D8D967FB-F64F-4D82-B01A-FD01759A176F}] => (Block) C:\users\dad\documents\dwyco\cdc-x\cdcx.exe
FirewallRules: [{A647DBE1-C08B-4426-A9E9-E562C5D96E07}] => (Block) C:\users\dad\documents\dwyco\cdc-x\cdcx.exe
FirewallRules: [TCP Query User{41C5339A-045B-4AAB-A3CB-52289801E44E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{C23B3115-C863-4912-A619-7C08AD1BB5A5}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{FB7D92CC-BEDF-4801-88DA-6B986D77E6BE}] => (Allow) C:\Program Files (x86)\Samsung\Kies3\Kies3.exe
FirewallRules: [{F2B8BC9E-6FA4-4DD6-BE83-717D0277DF27}] => (Allow) C:\Program Files (x86)\Samsung\Kies3\Kies3.exe
FirewallRules: [{C2A80661-C2A7-4F50-BFDA-F7A739C6F652}] => (Allow) C:\Program Files (x86)\Samsung\Kies3\Kies3.exe
FirewallRules: [{9739FFE8-0C3A-4D89-A88A-B5002121B3FB}] => (Allow) C:\Program Files (x86)\Samsung\Kies3\Kies3.exe
FirewallRules: [{B7262FA6-148B-4409-BC62-F7592EBE592B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6CADE55D-9590-4686-ABAB-7FB7317CC262}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2372B3DA-DE89-4891-834E-880A59C6E54A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7D05AA06-A396-4473-A973-14E77DA3C076}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{132F19EC-9F7C-4FAD-A8E6-62D8A8153D69}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft Teredo Tunneling Adapter #2
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/07/2015 12:01:17 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (12/06/2015 11:51:19 PM) (Source: Application Virtualization Client) (EventID: 3008) (User: )
Description: {hap=12:app=OfficeVirt 9014006604090000:tid=B7C}
The client was unable to connect to an Application Virtualization Server (rc 24600F0A-10000001)

Error: (12/06/2015 11:51:19 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {hap=12:app=OfficeVirt 9014006604090000:tid=B7C}
The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7162.5003.sft' (rc 24600F0A-10000001, original rc 24600F0A-10000001).

Error: (12/06/2015 11:50:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/06/2015 11:42:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/06/2015 11:07:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/04/2015 03:22:28 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (12/04/2015 01:21:49 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe AIR -- Error 1606. Could not access network location (computed).

Error: (12/04/2015 01:21:49 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe AIR -- Error 1606. Could not access network location (computed).

Error: (12/04/2015 12:49:51 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe AIR -- Error 1606. Could not access network location (computed).

System errors:
=============
Error: (12/07/2015 12:04:51 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 115.26.0.0

Update Source: %NT AUTHORITY51

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (12/07/2015 12:04:30 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.211.1747.0

Update Source: %NT AUTHORITY51

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (12/07/2015 12:04:30 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.211.1747.0

Update Source: %NT AUTHORITY51

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (12/07/2015 12:03:18 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.211.1747.0

Update Source: %NT AUTHORITY59

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (12/06/2015 11:51:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (12/06/2015 11:51:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (12/06/2015 11:51:27 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (12/06/2015 11:50:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (12/06/2015 11:50:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (12/06/2015 11:50:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Updating Service service failed to start due to the following error:
%%1053

CodeIntegrity:
===================================
Date: 2015-02-04 10:01:31.601
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-04 10:01:31.585
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 72%
Total physical RAM: 6048.28 MB
Available physical RAM: 1651.18 MB
Total Virtual: 12094.76 MB
Available Virtual: 7826.21 MB

==================== Drives ================================

Drive b: (Gateway) (RAMDisk) (Total:918.41 GB) (Free:385.67 GB) NTFS
Drive c: (Gateway) (Fixed) (Total:918.41 GB) (Free:379.43 GB) NTFS
Drive d: (AppDrv1) (CDROM) (Total:2.6 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5D81C09C)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=918.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-12-07 05:38:12
-----------------------------
05:38:12.407 OS Version: Windows x64 6.1.7601 Service Pack 1
05:38:12.407 Number of processors: 4 586 0x2A07
05:38:12.408 ComputerName: BRIDGES1 UserName: Dad
05:38:13.594 Initialize success
05:38:13.705 VM: initialized successfully
05:38:13.705 VM: Intel CPU supported
05:38:22.732 VM: supported disk I/O iaStor.sys
05:40:15.225 AVAST engine defs: 15120600
05:40:54.341 The log file has been saved successfully to "C:\Users\Dad\Desktop\aswMBR.txt"

when i try running spybot i am prompted to uninstall older which gives me an error message file "C:\ProgramFiles(x86)\Spybot - Search&Destroy 2\inins000.msg" is missing. correct or obtain a new copy of the program

Juliet

2015-12-07, 23:05

when i try running spybot i am prompted to uninstall older which gives me an error message file "C:\ProgramFiles(x86)\Spybot - Search&Destroy 2\inins000.msg" is missing. correct or obtain a new copy of the program
Do you have an outdated version?

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130856047040083056&GUID=2898A9C5-0087-45E1-BF0F-3ADBA845B00A
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> OldSearch URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: file - No CLSID Value
Handler: local - No CLSID Value
FF DefaultSearchEngine: Yahoo Search!
FF Keyword.URL: hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bfr-dg-rhb-32__alt__ddc_dss_bd_com&p={searchTerms}
FF user.js: detected! => C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\fen9gfz2.default-1409800020396\user.js [2015-08-09]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Users\Dad\Desktop\bin\cleanhlp64.sys [X]
C:\Users\Dad\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph8z9dm.dll
Task: {006FE9D1-DEC6-44C4-9076-5934D25FCD6C} - System32\Tasks\DataFront => c:\programdata\{050f5308-75c9-2afc-050f-f530875c4c21}\karaoke collection vol 46 (cdg mp3 files).exe <==== ATTENTION
Task: C:\Windows\Tasks\DataFront.job => c:\programdata\{050f5308-75c9-2afc-050f-f530875c4c21}\karaoke collection vol 46 (cdg mp3 files).exe <==== ATTENTION
2014-09-01 02:18 - 2014-09-01 02:18 - 0001248 _____ () C:\Users\Dad\AppData\Roaming\UZNYUL
2014-09-01 02:18 - 2014-09-01 02:18 - 0002086 _____ () C:\Users\Dad\AppData\Roaming\WTPQZFD
EmptyTemp:
End

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[SX].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[SX].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/)
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

~~~~~~
please post
Fixlog.txt
AdwCleaner[CX].txt
JRT.txt

rcb56

2015-12-08, 15:46

ok i better ask before i go further...about spybot, i guess i have the older from the last time plus spybot 2. some time after i was here before i noticed them there and just deleted the icon from my desktop. that was all i did though and when i tried, uninstall through the programs in control panel would fail. also did i post a result using word pad? i always use note pad as it is simpler to me, i'm not sure if i even have word pad.

last night i started doing what you suggested using FRST/FRST64 and the fix in it and i got a prompt, but the prompt said something about using the program and unsure about it the program will now close...with ok and cancel, i clicked ok and the program quit. also spybot tried to install again but the error reappeared. is that where the Fixlog.txt you asked for? if so never gave a result. after running the adware cleaner, in the results i saw nothing familiar i was to keep, instead it all was all unknown to me. i cleaned but it didn't produce a logfile. the quarantine shows the items, do you want to see that?...thanks again for your help...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Home Premium x64
Ran by Dad (Administrator) on Mon 12/07/2015 at 21:03:36.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 52

Successfully deleted: C:\Users\Dad\AppData\Local\{01F9FF9C-336E-46A0-9408-C6C84F589F9D} (Empty Folder)
Successfully deleted: C:\Users\Dad\AppData\Local\{119288B6-9B86-4A61-9AA1-7C6DDD734180} (Empty Folder)
Successfully deleted: C:\Users\Dad\AppData\Local\{24C7846D-FC49-46AA-94E9-4BFD60943229} (Empty Folder)
Successfully deleted: C:\Users\Dad\AppData\Local\{3822CEDF-92FD-4F16-8951-FF1EE829A96D} (Empty Folder)
Successfully deleted: C:\Users\Dad\AppData\Local\{45D30B32-79DD-4B51-9B94-85A7FCC03326} (Empty Folder)
Successfully deleted: C:\Users\Dad\AppData\Local\{49E50B1F-78AC-4D09-BDA0-8A7A8D189CBB} (Empty Folder)
Successfully deleted: C:\Users\Dad\AppData\Local\{4A9219B3-2C07-40D1-8559-387FE75A3293} (Empty Folder)
Successfully deleted: C:\Users\Dad\AppData\Local\{4AD15D15-CF6C-4A6A-AAB1-4566C849280B} (Empty Folder)
Successfully deleted: C:\Users\Dad\AppData\Local\{4B813703-8996-455B-8FDB-B73DE6FB8555} (Empty Folder)
Successfully deleted: C:\Users\Dad\AppData\Local\{52965A8B-E1DC-44AE-99ED-693DA105DB01} (Empty Folder)
Successfully deleted: C:\Users\Dad\AppData\Local\{67A15605-225F-4352-B195-BD9794779880} (Empty Folder)
Successfully deleted: C:\Users\Dad\AppData\Local\{76584554-CC0C-48DB-A855-18E1F07D4A2B} (Empty Folder)
Successfully deleted: C:\Users\Dad\AppData\Local\{7B99D889-9D5D-4753-9B4A-DE27C0634762} (Empty Folder)
Successfully deleted: C:\Users\Dad\AppData\Local\{8BC2DD54-EAD2-47A2-B134-4A3235A702FD} (Empty Folder)
Successfully deleted: C:\Users\Dad\AppData\Local\{95336201-45EC-49E5-8857-62C0534AB500} (Empty Folder)
Successfully deleted: C:\Users\Dad\AppData\Local\{A7386E06-72F4-4EAB-BEB8-AAAB91DD6308} (Empty Folder)
Successfully deleted: C:\Users\Dad\AppData\Local\{AB3D6716-F18F-4E10-9000-5015D30997AD} (Empty Folder)
Successfully deleted: C:\Users\Dad\AppData\Local\{AD663B6B-FF4D-429D-A244-CA76DF3FEF48} (Empty Folder)
Successfully deleted: C:\Users\Dad\AppData\Local\{BA010973-676B-40A3-8AC7-188D933281B1} (Empty Folder)
Successfully deleted: C:\Users\Dad\AppData\Local\{BA0C4BC5-0CE6-42E4-ACFB-F6235F9B0C03} (Empty Folder)
Successfully deleted: C:\Users\Dad\AppData\Local\{BA3FEFD8-6D14-46CD-A967-9CDC4026BCFD} (Empty Folder)
Successfully deleted: C:\Users\Dad\AppData\Local\{C733AED7-4DB3-49C5-AC6E-D5CED3549420} (Empty Folder)
Successfully deleted: C:\Users\Dad\AppData\Local\{CA837038-630A-4A31-BDBE-61CBC575EEEA} (Empty Folder)
Successfully deleted: C:\Users\Dad\AppData\Local\{D21A8864-874E-42F9-8108-15EACA3342B7} (Empty Folder)
Successfully deleted: C:\Users\Dad\AppData\Local\{F1CED313-5E69-4ACA-B339-3F833D542193} (Empty Folder)
Successfully deleted: C:\Users\Dad\AppData\Local\{F537649B-6111-4205-9011-F9332F977C05} (Empty Folder)
Successfully deleted: C:\Users\Dad\Appdata\LocalLow\company (Folder)
Successfully deleted: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h46m51x5.default-1342635577168\extensions\staged (Folder)
Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Windows\SysWOW64\REN17D3.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\REN17D4.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\REN17D5.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\REN532E.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\REN532F.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\REN533F.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\REN56C.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\REN56D.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\REN56E.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\REN8381.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\REN8382.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\REN8383.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\RENC35E.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\RENC35F.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\RENC360.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\REND4AC.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\REND4AD.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\REND4BE.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\RENFB10.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\RENFB11.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho8360.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\shoC956.tmp (File)

Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/07/2015 at 21:05:23.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Juliet

2015-12-08, 16:03

i noticed them there and just deleted the icon from my desktop. that was all i did though and when i tried, uninstall through the programs in control panel would fail. also did i post a result using word pad? i always use note pad as it is simpler to me, i'm not sure if i even have word pad.

I don't see wordpad used, if you can, notepad is what we want.

About SpyBot, I think the tool is corrupted now. What we can do to ensure a problem free version is to allow me to remove all services and program files so that you can attempt to download and install again.
We'll do this in a bit.

last night i started doing what you suggested using FRST/FRST64 and the fix in it and i got a prompt, but the prompt said something about using the program and unsure about it the program will now close...with ok and cancel, i clicked ok and the program quit.
I think we're going to have to run FRST again, I think the question you saw was something standard as to an update being made but I'm not sure.

So let's try that again.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130856047040083056&GUID=2898A9C5-0087-45E1-BF0F-3ADBA845B00A
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> OldSearch URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: file - No CLSID Value
Handler: local - No CLSID Value
FF DefaultSearchEngine: Yahoo Search!
FF Keyword.URL: hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bfr-dg-rhb-32__alt__ddc_dss_bd_com&p={searchTerms}
FF user.js: detected! => C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\fen9gfz2.default-1409800020396\user.js [2015-08-09]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Users\Dad\Desktop\bin\cleanhlp64.sys [X]
C:\Users\Dad\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph8z9dm.dll
Task: {006FE9D1-DEC6-44C4-9076-5934D25FCD6C} - System32\Tasks\DataFront => c:\programdata\{050f5308-75c9-2afc-050f-f530875c4c21}\karaoke collection vol 46 (cdg mp3 files).exe <==== ATTENTION
Task: C:\Windows\Tasks\DataFront.job => c:\programdata\{050f5308-75c9-2afc-050f-f530875c4c21}\karaoke collection vol 46 (cdg mp3 files).exe <==== ATTENTION
2014-09-01 02:18 - 2014-09-01 02:18 - 0001248 _____ () C:\Users\Dad\AppData\Roaming\UZNYUL
2014-09-01 02:18 - 2014-09-01 02:18 - 0002086 _____ () C:\Users\Dad\AppData\Roaming\WTPQZFD
EmptyTemp:
End

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

after running the adware cleaner, in the results i saw nothing familiar i was to keep, instead it all was all unknown to me. i cleaned but it didn't produce a logfile. the quarantine shows the items, do you want to see that?

yes

rcb56

2015-12-08, 19:26

ok juliet, first i apologize! i was on a long train trip this last weekend and my little brain is still in recovery. duh...it just hit me as i read this to c & p what YOU showed in that box and save as fixtxt. :rolleyes: (insert smiley slapping smiley here) so...here is the Fixlogtxt., and the adware quarantine.

this time the fix ran and took a bit, but then prompted a restart and once rebooted, spybot tried to install and as it took a minute it looked like it was going to i got the error message again! i looked and both were still listed in my start menu, but in control panel uninstall only spybot is still there, spybot 2 is gone from uninstall.

Fix result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by Dad (2015-12-08 12:08:29) Run:1
Running from C:\Users\Dad\Desktop
Loaded Profiles: Dad (Available Profiles: Dad)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130856047040083056&GUID=2898A9C5-0087-45E1-BF0F-3ADBA845B00A
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> OldSearch URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: file - No CLSID Value
Handler: local - No CLSID Value
FF DefaultSearchEngine: Yahoo Search!
FF Keyword.URL: hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bfr-dg-rhb-32__alt__ddc_dss_bd_com&p={searchTerms}
FF user.js: detected! => C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\fen9gfz2.default-1409800020396\user.js [2015-08-09]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Users\Dad\Desktop\bin\cleanhlp64.sys [X]
C:\Users\Dad\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph8z9dm.dll
Task: {006FE9D1-DEC6-44C4-9076-5934D25FCD6C} - System32\Tasks\DataFront => c:\programdata\{050f5308-75c9-2afc-050f-f530875c4c21}\karaoke collection vol 46 (cdg mp3 files).exe <==== ATTENTION
Task: C:\Windows\Tasks\DataFront.job => c:\programdata\{050f5308-75c9-2afc-050f-f530875c4c21}\karaoke collection vol 46 (cdg mp3 files).exe <==== ATTENTION
2014-09-01 02:18 - 2014-09-01 02:18 - 0001248 _____ () C:\Users\Dad\AppData\Roaming\UZNYUL
2014-09-01 02:18 - 2014-09-01 02:18 - 0002086 _____ () C:\Users\Dad\AppData\Roaming\WTPQZFD
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"DropboxExt1"" => key removed successfully
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"DropboxExt2"" => key removed successfully
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"DropboxExt3"" => key removed successfully
HKCR\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"DropboxExt4"" => key removed successfully
HKCR\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"DropboxExt5"" => key removed successfully
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"DropboxExt6"" => key removed successfully
HKCR\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"DropboxExt7"" => key removed successfully
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"DropboxExt8"" => key removed successfully
HKCR\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2107755742-302254199-1763176924-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\OldSearch" => key removed successfully
HKCR\CLSID\OldSearch => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKCR\PROTOCOLS\Handler\file" => key removed successfully
"HKCR\PROTOCOLS\Handler\local" => key removed successfully
Firefox DefaultSearchEngine removed successfully
Firefox "Keyword.URL" removed successfully
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\fen9gfz2.default-1409800020396\user.js => moved successfully
catchme => service removed successfully
cleanhlp => service removed successfully
"C:\Users\Dad\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph8z9dm.dll" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{006FE9D1-DEC6-44C4-9076-5934D25FCD6C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{006FE9D1-DEC6-44C4-9076-5934D25FCD6C}" => key removed successfully
C:\Windows\System32\Tasks\DataFront => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DataFront" => key removed successfully
C:\Windows\Tasks\DataFront.job => moved successfully
C:\Users\Dad\AppData\Roaming\UZNYUL => moved successfully
C:\Users\Dad\AppData\Roaming\WTPQZFD => moved successfully
EmptyTemp: => 1.5 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 12:10:34 ====

# AdwCleaner - Quarantine restoration
# 08/12/2015 - 08:37:23

File Restored : C:\Program Files (x86)\CutTuhePriice\CutTuhePriice.dat
File Restored : C:\ProgramData\Reimage Protector\cfl.rei
File Restored : C:\ProgramData\Reimage Protector\Results\ProtectorPackage.log
File Restored : C:\ProgramData\Reimage Protector\Results\ProtectorUpdater.log
File Restored : C:\ProgramData\Winferno\RegPowerClean\results.rcs
File Restored : C:\ProgramData\BoostSoftware\PCSpeedBoost\pcsb105-514r.exe
File Restored : C:\ProgramData\BoostSoftware\PCSpeedBoost\ApplicationData\PCSB\cfg.dat
File Restored : C:\ProgramData\BoostSoftware\PCSpeedBoost\ApplicationData\PCSB\prev_errs.dat
File Restored : C:\ProgramData\BoostSoftware\PCSpeedBoost\ApplicationData\PCSB\systemInfo.dat
File Restored : C:\ProgramData\BoostSoftware\PCSpeedBoost\ApplicationData\PCSB\user_session.dat
File Restored : C:\ProgramData\Avg_Update_1014av\avg-secure-search.xml
File Restored : C:\ProgramData\Avg_Update_1014av\configuration_avg.xml
File Restored : C:\ProgramData\Avg_Update_1014av\configuration_nation.xml
File Restored : C:\ProgramData\Avg_Update_1014av\configuration_safeguard.xml
File Restored : C:\ProgramData\Avg_Update_1014av\DSP
File Restored : C:\ProgramData\Avg_Update_1014av\FireFoxSearchXml_avg.tmp
File Restored : C:\ProgramData\Avg_Update_1014av\FireFoxSearchXml_nation.tmp
File Restored : C:\ProgramData\Avg_Update_1014av\FireFoxSearchXml_safeguard.tmp
File Restored : C:\ProgramData\Avg_Update_1014av\safeguard-secure-search.xml
File Restored : C:\ProgramData\{050f5308-75c9-2afc-050f-f530875c4c21}\6182124ed4278b1b
File Restored : C:\ProgramData\{050f5308-75c9-2afc-050f-f530875c4c21}\ac7fb41bf3f36ccf
File Restored : C:\ProgramData\{050f5308-75c9-2afc-050f-f530875c4c21}\karaoke collection vol 46 (cdg mp3 files).dat
File Restored : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec\1.0b beta\Uninstall.lnk
File Restored : C:\Users\Dad\AppData\Roaming\Avg_Update_1014av\avg-secure-search.xml
File Restored : C:\Users\Dad\AppData\Roaming\Avg_Update_1014av\configuration_avg.xml
File Restored : C:\Users\Dad\AppData\Roaming\Avg_Update_1014av\configuration_nation.xml
File Restored : C:\Users\Dad\AppData\Roaming\Avg_Update_1014av\configuration_safeguard.xml
File Restored : C:\Users\Dad\AppData\Roaming\Avg_Update_1014av\DSP
File Restored : C:\Users\Dad\AppData\Roaming\Avg_Update_1014av\FireFoxSearchXml_avg.tmp
File Restored : C:\Users\Dad\AppData\Roaming\Avg_Update_1014av\FireFoxSearchXml_nation.tmp
File Restored : C:\Users\Dad\AppData\Roaming\Avg_Update_1014av\FireFoxSearchXml_safeguard.tmp
File Restored : C:\Users\Dad\AppData\Roaming\Avg_Update_1014av\safeguard-secure-search.xml
File Restored : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
File Restored : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\fen9gfz2.default-1409800020396\user.js
File Restored : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\fen9gfz2.default-1409800020396\user.js
File Restored : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\fen9gfz2.default-1409800020396\user.js
File Restored : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\fen9gfz2.default-1409800020396\user.js
File Restored : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\finliu9g.default-1430149019775\user.js
File Restored : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\finliu9g.default-1430149019775\user.js
File Restored : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\finliu9g.default-1430149019775\user.js
File Restored : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\finliu9g.default-1430149019775\user.js
File Restored : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h46m51x5.default-1342635577168\user.js
File Restored : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h46m51x5.default-1342635577168\user.js
File Restored : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h46m51x5.default-1342635577168\user.js
File Restored : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h46m51x5.default-1342635577168\user.js
File Restored : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\liblsxs9.default-1433184469752\user.js
File Restored : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\liblsxs9.default-1433184469752\user.js
File Restored : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\liblsxs9.default-1433184469752\user.js
File Restored : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\liblsxs9.default-1433184469752\user.js

##### EOF #####

Juliet

2015-12-08, 20:14

If you go into the control panel for add/remove programs, go ahead and remove the uninstall f ro Spybot. There are to many bits and pieces of it lingering for it to install correctly.

OK.
You restored the bad files from quarantine that were held in the AdwCleaner - Quarantine.

We need to do this over.
~~~

Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[SX].txt) will open. Briefly check the log for anything you know to be legitimate.

Then click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[SX].txt) will open. Copy the contents of the log and paste in your next reply.

Tell me what the computer is doing now.

rcb56

2015-12-08, 22:41

ok juliet, thanks but the uninstall in control panel acts like it's uninstalling...it runs a second then i get that error still. it did finally remove them both from my start menu. not sure if that helps.
i ran adware again as you directed and it found more of the unusual stuff i didn't recognize. the first run, i deleted all that was in the quarantine report, i just didn't get a log after that. i saw it had the quarantine and luckily that showed, but that stuff was suppose to have been cleaned. this is what i found in it just now i don't recognize.

my pc is running a lot faster...like 10 x faster. i bookmarked safer here and just clicked open in new tab and when i got 6000 counting...1000, 2000...like that it was open. yesterday it may have ran for 2 minutes. i've been clicking in the address bar to highlight the address and hitting enter to try and refresh the load. it may open after that and may keep loading. also i clicked on the link to tweaking d'load and d'loaded it again. i opened my d'load window and it's already there. yesterday it'd took 5 minutes or more. also the scroll is far more active and precise than it was.

i just see that adware after the reboot did the same thing...no log. here is the quarantine list...i have not deleted these and waiting for you to say it's ok.e they all look foreign.

# AdwCleaner - Quarantine restoration
# 08/12/2015 - 15:37:15

! Error ! : # AdwCleaner - Quarantine restoration
! Error ! : # 08/12/2015 - 08:37:23
! Error ! :
! Error ! : File Restored : C:\Program Files (x86)\CutTuhePriice\CutTuhePriice.dat
! Error ! : File Restored : C:\ProgramData\Reimage Protector\cfl.rei
! Error ! : File Restored : C:\ProgramData\Reimage Protector\Results\ProtectorPackage.log
! Error ! : File Restored : C:\ProgramData\Reimage Protector\Results\ProtectorUpdater.log
! Error ! : File Restored : C:\ProgramData\Winferno\RegPowerClean\results.rcs
! Error ! : File Restored : C:\ProgramData\BoostSoftware\PCSpeedBoost\pcsb105-514r.exe
! Error ! : File Restored : C:\ProgramData\BoostSoftware\PCSpeedBoost\ApplicationData\PCSB\cfg.dat
! Error ! : File Restored : C:\ProgramData\BoostSoftware\PCSpeedBoost\ApplicationData\PCSB\prev_errs.dat
! Error ! : File Restored : C:\ProgramData\BoostSoftware\PCSpeedBoost\ApplicationData\PCSB\systemInfo.dat
! Error ! : File Restored : C:\ProgramData\BoostSoftware\PCSpeedBoost\ApplicationData\PCSB\user_session.dat
! Error ! : File Restored : C:\ProgramData\Avg_Update_1014av\avg-secure-search.xml
! Error ! : File Restored : C:\ProgramData\Avg_Update_1014av\configuration_avg.xml
! Error ! : File Restored : C:\ProgramData\Avg_Update_1014av\configuration_nation.xml
! Error ! : File Restored : C:\ProgramData\Avg_Update_1014av\configuration_safeguard.xml
! Error ! : File Restored : C:\ProgramData\Avg_Update_1014av\DSP
! Error ! : File Restored : C:\ProgramData\Avg_Update_1014av\FireFoxSearchXml_avg.tmp
! Error ! : File Restored : C:\ProgramData\Avg_Update_1014av\FireFoxSearchXml_nation.tmp
! Error ! : File Restored : C:\ProgramData\Avg_Update_1014av\FireFoxSearchXml_safeguard.tmp
! Error ! : File Restored : C:\ProgramData\Avg_Update_1014av\safeguard-secure-search.xml
! Error ! : File Restored : C:\ProgramData\{050f5308-75c9-2afc-050f-f530875c4c21}\6182124ed4278b1b
! Error ! : File Restored : C:\ProgramData\{050f5308-75c9-2afc-050f-f530875c4c21}\ac7fb41bf3f36ccf
! Error ! : File Restored : C:\ProgramData\{050f5308-75c9-2afc-050f-f530875c4c21}\karaoke collection vol 46 (cdg mp3 files).dat
! Error ! : File Restored : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec\1.0b beta\Uninstall.lnk
! Error ! : File Restored : C:\Users\Dad\AppData\Roaming\Avg_Update_1014av\avg-secure-search.xml
! Error ! : File Restored : C:\Users\Dad\AppData\Roaming\Avg_Update_1014av\configuration_avg.xml
! Error ! : File Restored : C:\Users\Dad\AppData\Roaming\Avg_Update_1014av\configuration_nation.xml
! Error ! : File Restored : C:\Users\Dad\AppData\Roaming\Avg_Update_1014av\configuration_safeguard.xml
! Error ! : File Restored : C:\Users\Dad\AppData\Roaming\Avg_Update_1014av\DSP
! Error ! : File Restored : C:\Users\Dad\AppData\Roaming\Avg_Update_1014av\FireFoxSearchXml_avg.tmp
! Error ! : File Restored : C:\Users\Dad\AppData\Roaming\Avg_Update_1014av\FireFoxSearchXml_nation.tmp
! Error ! : File Restored : C:\Users\Dad\AppData\Roaming\Avg_Update_1014av\FireFoxSearchXml_safeguard.tmp
! Error ! : File Restored : C:\Users\Dad\AppData\Roaming\Avg_Update_1014av\safeguard-secure-search.xml
! Error ! : File Restored : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
! Error ! : File Restored : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\fen9gfz2.default-1409800020396\user.js
! Error ! : File Restored : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\fen9gfz2.default-1409800020396\user.js
! Error ! : File Restored : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\fen9gfz2.default-1409800020396\user.js
! Error ! : File Restored : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\fen9gfz2.default-1409800020396\user.js
! Error ! : File Restored : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\finliu9g.default-1430149019775\user.js
! Error ! : File Restored : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\finliu9g.default-1430149019775\user.js
! Error ! : File Restored : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\finliu9g.default-1430149019775\user.js
! Error ! : File Restored : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\finliu9g.default-1430149019775\user.js
! Error ! : File Restored : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h46m51x5.default-1342635577168\user.js
! Error ! : File Restored : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h46m51x5.default-1342635577168\user.js
! Error ! : File Restored : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h46m51x5.default-1342635577168\user.js
! Error ! : File Restored : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h46m51x5.default-1342635577168\user.js
! Error ! : File Restored : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\liblsxs9.default-1433184469752\user.js
! Error ! : File Restored : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\liblsxs9.default-1433184469752\user.js
! Error ! : File Restored : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\liblsxs9.default-1433184469752\user.js
! Error ! : File Restored : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\liblsxs9.default-1433184469752\user.js
! Error ! :
! Error ! : ##### EOF #####

##### EOF #####

rcb56

2015-12-08, 23:08

well well! i was looking as you told me in uninstaller and didn't know i still had revo pro and revo uninstaller. i tried pro which p[rompted a code to buy. i tried revo and it ran. i selected spybot and uninstall and revo nailed it. there were two files left it would delete in the reboot and they are. i tried and the new 1.6.2 installed and opened and i'm waiting to tell me anything to do.

Juliet

2015-12-09, 00:17

We're getting crossed up on the instructions for AdwCleaner. When you run the scan. it finishes. then next click on Clean.
It will empty quarantine when it's uninstalled/deleted no need for you to do that.

If you still have errors I want you to

Open AdwCleaner, one of the buttons will say uninstall/delete?, click on that please.

~~~~~~~~~~~

my pc is running a lot faster...like 10 x faster
Music to my ears!!

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.

Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

http://i.imgur.com/GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

Please download ESET Online Scan (http://download.eset.com/special/eos/esetsmartinstaller_enu.exe) and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Advanced settings. Place a checkmark next to:

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

Ensure Remove found threats is unchecked.
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png. If no threats were found, skip the next two bullet points.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
Push the Back button.
Place a checkmark next to http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.

rcb56

2015-12-09, 03:08

ok juliet, i ran eset as you said and here are 9 items from eset...i assume you mean in your directions after the scan to select uninstall on exit? ?Place a checkmark next to and click only thing i saw to check and did so, but still have the program open if i need to change it...

C:\FRST\Quarantine\C\Users\Dad\AppData\Roaming\UZNYUL.xBAD JS/Toolbar.Crossrider.C potentially unwanted application
C:\FRST\Quarantine\C\Users\Dad\AppData\Roaming\WTPQZFD.xBAD JS/Toolbar.Crossrider.C potentially unwanted application
C:\Program Files (x86)\Paltalk Messenger\ApnOC.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\finliu9g.default-1430149019775\extensions\{6a73aad1-9e46-4caf-881c-d86eda32b7be}.xpi JS/BrowseFox.A potentially unwanted application
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\finliu9g.default-1430149019775\extensions\{8e53fbee-7428-4787-9707-c45ae91d9a20}.xpi JS/BrowseFox.A potentially unwanted application
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h46m51x5.default-1342635577168\extensions\{6a73aad1-9e46-4caf-881c-d86eda32b7be}.xpi JS/BrowseFox.A potentially unwanted application
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h46m51x5.default-1342635577168\extensions\{8e53fbee-7428-4787-9707-c45ae91d9a20}.xpi JS/BrowseFox.A potentially unwanted application
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\liblsxs9.default-1433184469752\extensions\{6a73aad1-9e46-4caf-881c-d86eda32b7be}.xpi JS/BrowseFox.A potentially unwanted application
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\liblsxs9.default-1433184469752\extensions\{8e53fbee-7428-4787-9707-c45ae91d9a20}.xpi JS/BrowseFox.A potentially unwanted application

Juliet

2015-12-09, 12:42

You did good.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CreateRestorePoint:
CloseProcesses:
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\finliu9g.default-1430149019775\extensions\{6a73aad1-9e46-4caf-881c-d86eda32b7be}.xpi
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\finliu9g.default-1430149019775\extensions\{8e53fbee-7428-4787-9707-c45ae91d9a20}.xpi
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h46m51x5.default-1342635577168\extensions\{6a73aad1-9e46-4caf-881c-d86eda32b7be}.xpi
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h46m51x5.default-1342635577168\extensions\{8e53fbee-7428-4787-9707-c45ae91d9a20}.xpi
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\liblsxs9.default-1433184469752\extensions\{6a73aad1-9e46-4caf-881c-d86eda32b7be}.xpi
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\liblsxs9.default-1433184469752\extensions\{8e53fbee-7428-4787-9707-c45ae91d9a20}.xpi
EmptyTemp:
End

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Computer still good?

rcb56

2015-12-09, 16:17

it seems to still be running very good and fast. i have used msn as my homepage and has always been a little sticky. i think it's normal for some pages that have so much movement with ads and video and all. facebook links have become just terrible, loaded with ads? i guess is what makes them so unusable. i've clicked on links for news stories of some sort and it's like that website just tries to take over. i stay off those and as best i can tell i am running far, far better than when i got here!

Fix result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by Dad (2015-12-09 08:55:24) Run:3
Running from C:\Users\Dad\Desktop
Loaded Profiles: Dad (Available Profiles: Dad)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\finliu9g.default-1430149019775\extensions\{6a73aad1-9e46-4caf-881c-d86eda32b7be}.xpi
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\finliu9g.default-1430149019775\extensions\{8e53fbee-7428-4787-9707-c45ae91d9a20}.xpi
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h46m51x5.default-1342635577168\extensions\{6a73aad1-9e46-4caf-881c-d86eda32b7be}.xpi
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h46m51x5.default-1342635577168\extensions\{8e53fbee-7428-4787-9707-c45ae91d9a20}.xpi
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\liblsxs9.default-1433184469752\extensions\{6a73aad1-9e46-4caf-881c-d86eda32b7be}.xpi
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\liblsxs9.default-1433184469752\extensions\{8e53fbee-7428-4787-9707-c45ae91d9a20}.xpi
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\finliu9g.default-1430149019775\extensions\{6a73aad1-9e46-4caf-881c-d86eda32b7be}.xpi => moved successfully
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\finliu9g.default-1430149019775\extensions\{8e53fbee-7428-4787-9707-c45ae91d9a20}.xpi => moved successfully
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h46m51x5.default-1342635577168\extensions\{6a73aad1-9e46-4caf-881c-d86eda32b7be}.xpi => moved successfully
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h46m51x5.default-1342635577168\extensions\{8e53fbee-7428-4787-9707-c45ae91d9a20}.xpi => moved successfully
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\liblsxs9.default-1433184469752\extensions\{6a73aad1-9e46-4caf-881c-d86eda32b7be}.xpi => moved successfully
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\liblsxs9.default-1433184469752\extensions\{8e53fbee-7428-4787-9707-c45ae91d9a20}.xpi => moved successfully
EmptyTemp: => 397.7 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 08:56:07 ====

Juliet

2015-12-09, 20:40

For all those unwanted Ads banners, pop-ups and video ads - even on Facebook and YouTube, and other items that come pre-loaded on different web pages try ADBlock.
It's compatible for all web browsers and you will be surprise what it blocks out and it's free.

https://adblockplus.org/

**************************

Let's remove tools and quarantine folders now, you should be good to go.

http://i.imgur.com/AFZxnZc.jpg DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.

Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:

Activate UAC
Remove disinfection tools

Click the Run button.
-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

~~~~~~~~~~~~~~~~~~~~~`

Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP

The following programmes come highly recommended in the security community.

http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpgAdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpgMalwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

Want to help others? Join the ClassRoom (http://forums.whatthetech.com/What_the_Tech_Classroom_t80368.html) and learn how.

rcb56

2015-12-10, 17:18

well ms. juliet i thank you very much! again! that's simply not enough for all you and safer-networking have done for me and all these others. it does seem that all is working normal and fine now. i ran delfix as told and am d'loading adblock as suggested, i guess this is my last post concerning this. thanks again and have a Merry Christmas and Happy New Year! :cool::heart::oreo:;):bigthumb::present::thanks::bighug::yahoo:

Juliet

2015-12-10, 22:07

You have a Merry Christmas and Happy New Year too!

We're glad to help :)

Juliet

2015-12-12, 13:16

Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.