please help me again...
i'm sorry to be back for help, but i don't know what else to do. you have always helped me here or pointed me in the right way. friday i was turning my pc off and it prompted me to download windows 10 free version so i clicked remind me later and close, but it wouldn't close. i used task mgr. to close it and it stayed open. i was in a rush to catch my train so i just had to turn my pc off and leave. i get back and it on and it takes forever. to open anything, mozilla firefox takes forever. the first of these tools took two attemps and the last taking 15 minutes. i barely got tweaking.com installed. my gmail or any website to open takes maybe two minutes. i've seen no programs i don't recognize so maybe these scans will. thanks so much for looking when you can. i tried to open my archived thread but it was locked.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
Ran by Dad (administrator) on BRIDGES1 (07-12-2015 05:35:52)
Running from C:\Users\Dad\Desktop
Loaded Profiles: Dad (Available Profiles: Dad)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_start.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_7_8_2008_2012_64.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_pause.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-16] (Piriform Ltd)
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\RunOnce: [BeginInteractiveOSUpgrade] => C:\Windows\system32\wuauclt.exe [140288 2015-09-25] (Microsoft Corporation)
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{440503AB-407B-43DA-935F-1F9130836AB2}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{440503AB-407B-43DA-935F-1F9130836AB2}: [DhcpNameServer] 192.168.42.129
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130856047040083056&GUID=2898A9C5-0087-45E1-BF0F-3ADBA845B00A
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130856047040103057&GUID=2898A9C5-0087-45E1-BF0F-3ADBA845B00A
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130856047040103057&GUID=2898A9C5-0087-45E1-BF0F-3ADBA845B00A
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130856047040093057&GUID=2898A9C5-0087-45E1-BF0F-3ADBA845B00A
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> OldSearch URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: file - No CLSID Value
Handler: local - No CLSID Value
FireFox:
========
FF ProfilePath: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\fen9gfz2.default-1409800020396
FF NewTab: www.google.com
FF DefaultSearchEngine: Yahoo Search!
FF DefaultSearchEngine.US: Google
FF SearchEngineOrder.2:
FF SelectedSearchEngine: google search
FF Homepage: hxxp://www.msn.com/
FF Keyword.URL: hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bfr-dg-rhb-32__alt__ddc_dss_bd_com&p={searchTerms}
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-12-07] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-12-07] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\fen9gfz2.default-1409800020396\user.js [2015-08-09]
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-05-18] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2011-11-14] (Affinegy, Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-12] (DEVGURU Co., LTD.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-06] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-11] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Users\Dad\Desktop\bin\cleanhlp64.sys [X]
S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X]
S3 sxuptp; system32\DRIVERS\sxuptp.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-07 05:35 - 2015-12-07 05:36 - 00014244 _____ C:\Users\Dad\Desktop\FRST.txt
2015-12-07 05:31 - 2015-12-07 05:34 - 02369024 _____ (Farbar) C:\Users\Dad\Desktop\FRST64.exe
2015-12-07 05:28 - 2015-12-07 05:34 - 05198336 _____ (AVAST Software) C:\Users\Dad\Desktop\aswMBR.exe
2015-12-07 05:14 - 2015-12-07 05:14 - 00014978 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2015-12-07 05:14 - 2015-12-07 05:14 - 00002242 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-12-07 04:54 - 2015-12-07 05:14 - 04777232 _____ (Tweaking.com) C:\Users\Dad\Desktop\tweaking.com_registry_backup_setup.exe
2015-12-07 00:14 - 2015-10-01 12:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-12-07 00:14 - 2015-10-01 12:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-12-07 00:14 - 2015-10-01 11:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-12-01 14:28 - 2015-12-01 14:29 - 00000000 ____D C:\Users\Dad\AppData\Local\{95336201-45EC-49E5-8857-62C0534AB500}
2015-11-08 02:15 - 2015-11-08 02:15 - 00000000 ____D C:\Users\Dad\AppData\Local\{AB3D6716-F18F-4E10-9000-5015D30997AD}
2015-11-08 02:14 - 2015-11-08 02:14 - 00000000 ____D C:\Users\Dad\AppData\Local\{3822CEDF-92FD-4F16-8951-FF1EE829A96D}
2015-11-08 02:06 - 2015-11-09 11:31 - 00000000 ____D C:\Users\Dad\Desktop\New folder (2)
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-07 05:35 - 2015-04-27 09:04 - 00000000 ____D C:\FRST
2015-12-07 05:34 - 2013-01-04 20:52 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-07 05:14 - 2007-07-11 19:48 - 00000000 ____D C:\Windows
2015-12-07 04:43 - 2014-08-22 20:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-07 03:12 - 2013-08-16 02:00 - 00000000 ____D C:\Windows\system32\MRT
2015-12-07 03:08 - 2012-03-30 20:51 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-07 03:02 - 2012-04-05 11:30 - 00775586 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-12-07 03:02 - 2009-07-13 23:13 - 00775586 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-07 03:02 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2015-12-07 03:01 - 2010-11-21 01:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-12-07 02:39 - 2015-08-08 07:39 - 00000392 _____ C:\Windows\Tasks\DataFront.job
2015-12-07 01:34 - 2014-02-11 16:00 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-07 01:29 - 2014-02-11 16:00 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-07 01:29 - 2013-01-04 20:52 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-07 00:46 - 2014-08-22 20:33 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-07 00:46 - 2014-08-22 20:33 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-07 00:46 - 2014-08-22 20:33 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-07 00:06 - 2009-07-13 22:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-07 00:06 - 2009-07-13 22:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-06 23:53 - 2015-08-09 08:24 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-06 23:51 - 2014-02-09 16:47 - 19543552 ___SH C:\Users\Dad\Desktop\Thumbs.db
2015-12-06 23:50 - 2012-03-29 11:32 - 00000000 ____D C:\Users\Dad
2015-12-06 23:50 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-06 23:49 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-12-06 23:47 - 2015-10-20 14:21 - 00000000 ____D C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-06 23:47 - 2015-05-18 01:10 - 00000000 ____D C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
2015-12-06 23:47 - 2015-04-29 21:31 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-06 23:47 - 2014-01-10 23:00 - 00000000 ____D C:\Program Files (x86)\Paltalk Messenger
2015-12-06 23:47 - 2013-07-07 09:31 - 00000000 ____D C:\Users\Dad\AppData\Roaming\Dropbox
2015-12-06 23:47 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2015-12-06 23:47 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-12-06 23:46 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2015-12-06 23:45 - 2013-08-07 09:19 - 00000000 ___RD C:\Users\Dad\Dropbox
2015-12-04 01:28 - 2007-07-11 19:49 - 00000000 ____D C:\Windows\Panther
2015-12-04 01:25 - 2015-10-30 03:42 - 00000000 ___HD C:\$WINDOWS.~BT
2015-12-02 23:23 - 2014-12-04 13:31 - 00000000 ____D C:\Users\Dad\Documents\Audio Recorder for Free
2015-12-02 14:56 - 2015-05-07 16:14 - 00000000 ____D C:\Users\Dad\Downloads\lockfile
2015-12-02 08:08 - 2012-03-29 13:13 - 00000000 ____D C:\Users\Dad\AppData\Local\ElevatedDiagnostics
2015-12-01 12:42 - 2012-03-29 12:09 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-11-12 09:35 - 2014-08-22 14:37 - 00000000 ____D C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2015-11-09 08:03 - 2014-08-18 21:48 - 00000000 ____D C:\Users\Dad\AppData\LocalLow\Company
2015-11-09 07:46 - 2015-08-09 08:17 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-09 07:46 - 2014-10-16 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-09 07:46 - 2014-10-16 10:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-08 18:49 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
==================== Files in the root of some directories =======
2015-09-08 19:53 - 2015-09-08 19:57 - 0030208 ___SH () C:\Users\Dad\AppData\Roaming\Thumbs.db
2013-08-07 06:12 - 2014-11-16 00:53 - 0001181 _____ () C:\Users\Dad\AppData\Roaming\trace_FilterInstaller.1.txt
2013-08-07 06:12 - 2014-03-30 11:59 - 0000919 _____ () C:\Users\Dad\AppData\Roaming\trace_FilterInstaller.2.txt
2013-08-07 06:12 - 2014-03-29 18:54 - 0001181 _____ () C:\Users\Dad\AppData\Roaming\trace_FilterInstaller.3.txt
2013-08-07 06:12 - 2013-08-07 06:34 - 0000919 _____ () C:\Users\Dad\AppData\Roaming\trace_FilterInstaller.4.txt
2013-08-07 06:12 - 2013-08-07 06:12 - 0001181 _____ () C:\Users\Dad\AppData\Roaming\trace_FilterInstaller.5.txt
2013-08-07 06:12 - 2014-12-02 18:47 - 0000919 _____ () C:\Users\Dad\AppData\Roaming\trace_FilterInstaller.txt
2013-08-07 06:12 - 2014-12-02 18:47 - 0000000 _____ () C:\Users\Dad\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2012-05-12 15:58 - 2012-05-12 15:58 - 0024597 _____ () C:\Users\Dad\AppData\Roaming\UserTile.png
2014-09-01 02:18 - 2014-09-01 02:18 - 0001248 _____ () C:\Users\Dad\AppData\Roaming\UZNYUL
2014-02-13 10:52 - 2015-02-03 09:23 - 0000136 _____ () C:\Users\Dad\AppData\Roaming\WB.CFG
2014-09-01 02:18 - 2014-09-01 02:18 - 0002086 _____ () C:\Users\Dad\AppData\Roaming\WTPQZFD
2015-04-14 22:43 - 2015-04-14 22:43 - 0385602 _____ () C:\Users\Dad\AppData\Local\5DEA8E28_stp.CIS
2015-04-14 22:43 - 2015-04-14 22:43 - 0000204 _____ () C:\Users\Dad\AppData\Local\5DEA8E28_stp.CIS.part
2012-04-14 21:46 - 2015-09-02 03:20 - 0135680 _____ () C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-02 22:37 - 2015-02-03 09:24 - 0000010 _____ () C:\Users\Dad\AppData\Local\DSI.DAT
2012-08-18 05:51 - 2015-04-28 06:15 - 0027486 _____ () C:\Users\Dad\AppData\Local\HWVendorDetection.log
2013-01-10 08:07 - 2013-01-10 08:07 - 0000866 _____ () C:\Users\Dad\AppData\Local\recently-used.xbel
2012-07-16 06:22 - 2015-07-02 13:25 - 0007669 _____ () C:\Users\Dad\AppData\Local\Resmon.ResmonCfg
2015-05-05 15:42 - 2015-05-07 16:13 - 0000700 ___SH () C:\Users\Dad\AppData\Local\systemFL7.dat
2012-03-29 12:09 - 2012-03-29 12:09 - 0017408 _____ () C:\Users\Dad\AppData\Local\WebpageIcons.db
2015-09-19 11:43 - 2015-09-19 11:43 - 0000000 _____ () C:\Users\Dad\AppData\Local\{5AB25B4F-5297-4C81-9E38-79FB86AF6283}
2015-09-18 11:43 - 2015-09-18 11:43 - 0000000 _____ () C:\Users\Dad\AppData\Local\{6B8D2950-B7CD-47EB-A0CA-0B0E1B4803C7}
2012-11-19 02:10 - 2012-11-19 02:10 - 0000105 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
Some files in TEMP:
====================
C:\Users\Dad\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph8z9dm.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-02 05:32
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by Dad (2015-12-07 05:36:24)
Running from C:\Users\Dad\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-03-29 17:32:45)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2107755742-302254199-1763176924-500 - Administrator - Disabled)
Dad (S-1-5-21-2107755742-302254199-1763176924-1001 - Administrator - Enabled) => C:\Users\Dad
Guest (S-1-5-21-2107755742-302254199-1763176924-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2107755742-302254199-1763176924-1003 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: Spybot - Search and Destroy (Disabled - Out of date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - )
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe PDF ePub DRM Removal 4.7.1 (HKLM-x32\...\{C9DD56CA-BAE9-452A-AFE9-834C7770D1A3}) (Version: 4.7.1 - EPUBSOFT)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audio Recorder for Free v12.9.8 (HKLM-x32\...\Audio Recorder for Free_is1) (Version: - Copyright(C) 2006-2012 AudioToolMedia Software.)
BEHRINGER UFX 1394 Drivers v6.11.0.0 (HKLM-x32\...\BEHRINGER UFX 1394 Drivers v6.11.0.0) (Version: 6.11.0.0 - BEHRINGER)
Belkin Setup and Router Monitor (HKLM-x32\...\Belkin Setup and Router Monitor_is1) (Version: - )
Best Buy pc app (Version: 3.3.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.3.0.0 - Best Buy) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden
Canon MP Navigator 3.0 (HKLM-x32\...\MP Navigator 3.0) (Version: - )
Canon MP160 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2531.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.15 - Piriform)
Dropbox (HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\Dropbox) (Version: 3.10.8 - Dropbox, Inc.)
Dwyco CDC-X version 2.11 (HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\Dwyco CDC-X_is1) (Version: 2.11 - Dwyco, Inc.)
Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Etron USB3.0 Host Controller (x32 Version: 0.103 - Etron Technology) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.04.3503 - Gateway Incorporated)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Gateway Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Gateway Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KaraFun Player 2 (HKLM-x32\...\KaraFun Player 2_is1) (Version: 2.2.6.223 - Recisio)
Karaoke Builder Player 3.0 (HKLM-x32\...\Karaoke Builder Player 3.0) (Version: - )
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 39.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 en-US)) (Version: 39.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Paltalk Ad Remover 4.0 (HKLM-x32\...\Paltalk Ad Remover_is1) (Version: - The Anubis Group (T.A.G.))
Paltalk Messenger 11.6 (HKLM-x32\...\Paltalk Messenger) (Version: 11.6.607.17218 - AVM Software Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15013.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15013.17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.4 - Tweaking.com)
VisioForge Video Capture SDK Delphi Redist (x32 Version: 6.2.0.2 - VisioForge) Hidden
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.02.3504 - Gateway Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2107755742-302254199-1763176924-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Dad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Restore Points =========================
29-04-2015 20:59:53 Windows Update
29-04-2015 21:16:43 Windows Update
30-04-2015 02:00:48 Windows Update
01-05-2015 00:26:36 Removed Java 8 Update 31
01-05-2015 01:43:48 Tweaking.com - Windows Repair
01-05-2015 16:38:17 Restore Operation
03-05-2015 11:57:59 Windows Update
03-05-2015 12:02:06 Device Driver Package Install: Microsoft Universal Serial Bus controllers
06-05-2015 09:58:04 Installed Samsung Kies3
07-05-2015 00:20:02 Windows Update
13-05-2015 10:33:44 Windows Update
14-05-2015 02:00:26 Windows Update
16-05-2015 02:00:44 Windows Update
16-05-2015 10:17:44 Windows Update
17-05-2015 23:01:52 Restore Operation
17-05-2015 23:42:09 Windows Update
18-05-2015 02:00:31 Windows Update
19-05-2015 02:00:10 Windows Update
20-05-2015 02:00:10 Windows Update
21-05-2015 23:42:49 Removed Google Talk Plugin
29-05-2015 11:00:18 Windows Update
01-06-2015 12:35:21 Windows Update
04-06-2015 01:59:45 Restore Operation
04-06-2015 02:16:10 Windows Update
10-06-2015 02:00:18 Windows Update
14-06-2015 14:49:22 Windows Update
14-06-2015 18:00:07 Windows Backup
21-06-2015 18:00:16 Windows Backup
28-06-2015 18:00:13 Windows Backup
02-07-2015 11:33:01 Windows Update
05-07-2015 18:00:22 Windows Backup
07-07-2015 07:37:05 Windows Update
14-07-2015 23:00:02 Scheduled Checkpoint
22-07-2015 23:00:01 Scheduled Checkpoint
02-08-2015 15:30:47 Windows Update
03-08-2015 02:00:15 Windows Update
03-08-2015 05:08:41 Removed Java 8 Update 51
06-08-2015 03:34:30 Windows Update
09-08-2015 06:45:09 Windows Update
12-08-2015 09:09:57 Windows Update
13-08-2015 02:00:22 Windows Update
17-08-2015 02:55:32 Windows Update
24-08-2015 23:00:01 Scheduled Checkpoint
31-08-2015 23:00:02 Scheduled Checkpoint
01-09-2015 11:43:32 Windows Update
02-09-2015 02:00:11 Windows Update
05-09-2015 05:15:36 Windows Update
12-09-2015 23:00:01 Scheduled Checkpoint
20-09-2015 23:00:03 Scheduled Checkpoint
28-09-2015 23:00:00 Scheduled Checkpoint
02-10-2015 02:00:27 Windows Update
20-10-2015 14:07:53 Windows Update
20-10-2015 19:36:32 Revo Uninstaller's restore point - Freemake Video Converter version 3.1.0
21-10-2015 02:00:28 Windows Update
28-10-2015 23:00:00 Scheduled Checkpoint
02-11-2015 14:12:21 Windows Update
05-11-2015 15:33:22 Windows Update
08-11-2015 23:08:31 Windows Update
01-12-2015 12:55:51 Windows Update
02-12-2015 03:00:13 Windows Update
04-12-2015 00:57:24 Windows Update
07-12-2015 00:01:43 Windows Update
07-12-2015 03:00:12 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:34 - 2015-02-04 10:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {006FE9D1-DEC6-44C4-9076-5934D25FCD6C} - System32\Tasks\DataFront => c:\programdata\{050f5308-75c9-2afc-050f-f530875c4c21}\karaoke collection vol 46 (cdg mp3 files).exe <==== ATTENTION
Task: {09EEC63B-21B8-4656-86A9-CCDD9C10A77F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {346B439C-CE11-4CE0-B14C-D2FD4E18F124} - System32\Tasks\{1DD8B5E2-C122-4D1F-9758-9B0F5D4479E4} => pcalua.exe -a "C:\Users\Dad\Desktop\My Documents\mp160win64111ea23.exe" -d "C:\Users\Dad\Desktop\My Documents"
Task: {35E50A07-EC32-4024-AA11-31B368248FEE} - System32\Tasks\{D6BB3A59-B46C-4DDF-85E3-A7CC61C4B4CC} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
Task: {3CD9F767-3594-4327-B21E-BE3E78C49122} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2107755742-302254199-1763176924-1001Core => C:\Users\Dad\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-10] (Dropbox, Inc.)
Task: {490D819C-47D5-456C-A5EB-EEFBD6B58C82} - System32\Tasks\{62ACF029-05DB-43E9-B5E0-E093E965ED01} => C:\Program Files (x86)\Paltalk Messenger\paltalk.exe [2015-04-21] (AVM Software Inc.)
Task: {57F10B8A-E6DC-41AF-836F-3D3323A974EC} - System32\Tasks\{8438242B-619B-42CD-9AD1-2D389FF75225} => C:\Program Files (x86)\Paltalk Messenger\paltalk.exe [2015-04-21] (AVM Software Inc.)
Task: {65FBC813-8ECD-4300-99D3-4822AFCDAFE9} - System32\Tasks\{F2D720B6-011A-46ED-9209-2320052E5916} => pcalua.exe -a C:\PROGRA~2\Yahoo!\MESSEN~1\UNWISE.EXE -c /U C:\PROGRA~2\Yahoo!\MESSEN~1\INSTALL.LOG
Task: {892BAF73-A76B-48C2-AFBA-602B7E41BF23} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2107755742-302254199-1763176924-1001UA => C:\Users\Dad\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-10] (Dropbox, Inc.)
Task: {8C25C726-0EDD-419C-ABAE-AB81DD4A8954} - System32\Tasks\{DF80F471-10C4-4247-BCB7-5B67BA005FD2} => pcalua.exe -a C:\Users\Dad\Desktop\ts_webcam.exe -d C:\Users\Dad\Desktop
Task: {8D943107-6A50-440B-8E05-7B77AD0A1BEB} - System32\Tasks\{D9E1C870-B7E8-4995-8A98-D579504F6B41} => C:\Program Files (x86)\Paltalk Messenger\paltalk.exe [2015-04-21] (AVM Software Inc.)
Task: {97E3E010-59DA-473B-B514-EE2C8559EF8B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {AE3C4923-DF05-46BF-9F7D-71972FD7EF73} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-07] (Adobe Systems Incorporated)
Task: {B0C3D0A2-E90E-41D9-A2AA-D31480DA3178} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {B8D04CC6-6343-45C9-B405-F55D65E7D99C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {CE4612D6-865E-46E6-A8C8-E78BF08ACC3D} - System32\Tasks\NBAgent => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
Task: {E6392F7E-8094-4810-A3A2-612265F0F48F} - System32\Tasks\{F126331D-C6F2-47BE-94F5-C17820994183} => pcalua.exe -a "C:\Program Files (x86)\NCH Software\Recordpad\uninst.exe"
Task: {ED36A8FB-B1CF-421E-8C67-F352A7A69286} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {EFF37384-E9B7-4970-81C0-B4E865C7DE81} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {F4FE48D0-691E-474D-9BF8-E1EE2DC18853} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {FF5AE516-004E-406B-8236-DF11EE525F5D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DataFront.job => c:\programdata\{050f5308-75c9-2afc-050f-f530875c4c21}\karaoke collection vol 46 (cdg mp3 files).exe <==== ATTENTION
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2107755742-302254199-1763176924-1001Core.job => C:\Users\Dad\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2107755742-302254199-1763176924-1001UA.job => C:\Users\Dad\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-03 05:12 - 2015-08-03 05:12 - 00019040 _____ () C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2native.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0020 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0021 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0022 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0023 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0024 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0025 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0026 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0027 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0028 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0029 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0030 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0031 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0032 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0033 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0034 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0035 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0036 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0037 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0038 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0039 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0040 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0041 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0042 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0043 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0044 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0045 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0046 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0047 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0048 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0049 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0050 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0051 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0052 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0053 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0054 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0055 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0056 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0057 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0058 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0059 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0060 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0061 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0062 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0063 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0064 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0065 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0066 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0067 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0068 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0069 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0070 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0071 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0072 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0073 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0074 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0075 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0076 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0077 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0078 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0079 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0080 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0081 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0082 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0083 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0084 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0085 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0086 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0087 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0088 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0089 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0090 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0091 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0092 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0093 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0094 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0095 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0096 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0097 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0098 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0099 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0100 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0020 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0020 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0021 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0022 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0023 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0024 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0025 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0026 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0027 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0028 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0029 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0030 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0031 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0032 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0033 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0034 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0035 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0036 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0037 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0038 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0039 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0040 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0041 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0042 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0043 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0044 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0045 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0046 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0047 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0048 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0049 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0050 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0051 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0052 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0053 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0054 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0055 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0056 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0057 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0058 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0059 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0060 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0061 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0062 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0063 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0064 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0065 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0066 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0067 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0068 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0069 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0070 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0071 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0072 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0073 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0074 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0075 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0076 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0077 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0078 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0079 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0080 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0081 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0082 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0083 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0084 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0085 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0086 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0087 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0088 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0089 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0090 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0091 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0092 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0093 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0094 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0095 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0096 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0097 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0098 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0099 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0100 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0020 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7865 more sites.
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\123simsen.com -> www.123simsen.com
There are 7863 more sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Behringer UFX 1394 Control Panel.lnk => C:\Windows\pss\Behringer UFX 1394 Control Panel.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Dad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Dad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Dad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk => C:\Windows\pss\PalTalk.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Dropbox Update => "C:\Users\Dad\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: Google Update => "C:\Users\Dad\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\Dad\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
MSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: InstaLAN => "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: smoother => C:\Users\Dad\AppData\Roaming\Booster-Web\Booster-Web-Installer.exe
MSCONFIG\startupreg: SoftonicAssistant => "C:\Users\Dad\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe"
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{712D7705-28BD-444D-BB14-5C08AACD5F01}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{25510813-0968-4D57-BADB-1614F2A92B15}] => (Allow) LPort=2869
FirewallRules: [{5F1AFC8C-6B84-4793-86F5-52029CD4189E}] => (Allow) LPort=1900
FirewallRules: [{A687E5CE-0A6E-4268-AFA0-7509E2AB6F25}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3E6FC240-35CB-4367-971D-76F632AE4C1F}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{458FF205-4A97-49FB-AB17-2C16B022C60D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [TCP Query User{B48A3653-063C-4BC6-9E97-F38F05A37958}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [UDP Query User{29FD2029-71D3-48E8-9A43-DAB6570B0073}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [TCP Query User{24B25CDC-08A1-4E14-B1DF-B7DC664138F1}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [UDP Query User{CF2BC875-58A7-415E-A772-9CA44888D394}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [{97F933F3-EC17-427B-8EBB-7F2D7A6D1CE1}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{E6E34D32-678E-4AE5-ACA1-6201219331F1}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{FE719458-9E14-4060-855E-9B16B652E79C}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{C729B18C-1248-4143-988D-C2F09B9245C3}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{7F3BAE04-783C-4EC4-A1D9-84B2328AD2F3}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{7D117006-121E-44D7-B8BD-0E9940813790}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E2DE2F26-58C2-4E6F-B81E-A14D40EA6438}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D4B19791-A9CE-47CD-B264-7747FE49518A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C403502F-E4EB-4619-9427-96A11B58CB6D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2C4C24F7-5407-4E4A-815A-FA6792CE86FF}] => (Allow) C:\Users\Dad\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{CC7FCCAA-A7D3-4B92-9FAA-0BF793787466}] => (Allow) C:\Users\Dad\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{4E9D1ED0-3352-49AE-B03F-E0D61A926463}C:\users\dad\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\dad\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{3799D7BD-ED7E-417E-AC3A-D58D4BCC5F9C}C:\users\dad\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\dad\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{00FA12F1-DAD8-4C07-9208-596945587D51}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F7CF7ECB-94EB-4CA3-9A5E-67955BF062B0}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{0FF1312A-2580-4B26-8D5A-DB0969DA2781}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [TCP Query User{A2879CD7-982F-4A67-AF96-452BFA8A845E}C:\users\dad\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\dad\documents\dwyco\cdc-x\cdcx.exe
FirewallRules: [UDP Query User{A233DB83-0FF4-43B0-A9C7-799A646CAD4D}C:\users\dad\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\dad\documents\dwyco\cdc-x\cdcx.exe
FirewallRules: [{D8D967FB-F64F-4D82-B01A-FD01759A176F}] => (Block) C:\users\dad\documents\dwyco\cdc-x\cdcx.exe
FirewallRules: [{A647DBE1-C08B-4426-A9E9-E562C5D96E07}] => (Block) C:\users\dad\documents\dwyco\cdc-x\cdcx.exe
FirewallRules: [TCP Query User{41C5339A-045B-4AAB-A3CB-52289801E44E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{C23B3115-C863-4912-A619-7C08AD1BB5A5}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{FB7D92CC-BEDF-4801-88DA-6B986D77E6BE}] => (Allow) C:\Program Files (x86)\Samsung\Kies3\Kies3.exe
FirewallRules: [{F2B8BC9E-6FA4-4DD6-BE83-717D0277DF27}] => (Allow) C:\Program Files (x86)\Samsung\Kies3\Kies3.exe
FirewallRules: [{C2A80661-C2A7-4F50-BFDA-F7A739C6F652}] => (Allow) C:\Program Files (x86)\Samsung\Kies3\Kies3.exe
FirewallRules: [{9739FFE8-0C3A-4D89-A88A-B5002121B3FB}] => (Allow) C:\Program Files (x86)\Samsung\Kies3\Kies3.exe
FirewallRules: [{B7262FA6-148B-4409-BC62-F7592EBE592B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6CADE55D-9590-4686-ABAB-7FB7317CC262}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2372B3DA-DE89-4891-834E-880A59C6E54A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7D05AA06-A396-4473-A973-14E77DA3C076}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{132F19EC-9F7C-4FAD-A8E6-62D8A8153D69}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Faulty Device Manager Devices =============
Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft Teredo Tunneling Adapter #2
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/07/2015 12:01:17 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
Error: (12/06/2015 11:51:19 PM) (Source: Application Virtualization Client) (EventID: 3008) (User: )
Description: {hap=12:app=OfficeVirt 9014006604090000:tid=B7C}
The client was unable to connect to an Application Virtualization Server (rc 24600F0A-10000001)
Error: (12/06/2015 11:51:19 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {hap=12:app=OfficeVirt 9014006604090000:tid=B7C}
The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7162.5003.sft' (rc 24600F0A-10000001, original rc 24600F0A-10000001).
Error: (12/06/2015 11:50:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/06/2015 11:42:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/06/2015 11:07:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/04/2015 03:22:28 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
Error: (12/04/2015 01:21:49 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe AIR -- Error 1606. Could not access network location (computed).
Error: (12/04/2015 01:21:49 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe AIR -- Error 1606. Could not access network location (computed).
Error: (12/04/2015 12:49:51 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe AIR -- Error 1606. Could not access network location (computed).
System errors:
=============
Error: (12/07/2015 12:04:51 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 115.26.0.0
Update Source: %NT AUTHORITY51
Update Stage: 4.8.0204.00
Source Path: 4.8.0204.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (12/07/2015 12:04:30 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.211.1747.0
Update Source: %NT AUTHORITY51
Update Stage: 4.8.0204.00
Source Path: 4.8.0204.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (12/07/2015 12:04:30 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.211.1747.0
Update Source: %NT AUTHORITY51
Update Stage: 4.8.0204.00
Source Path: 4.8.0204.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (12/07/2015 12:03:18 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.211.1747.0
Update Source: %NT AUTHORITY59
Update Stage: 4.8.0204.00
Source Path: 4.8.0204.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (12/06/2015 11:51:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053
Error: (12/06/2015 11:51:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
Error: (12/06/2015 11:51:27 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (12/06/2015 11:50:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053
Error: (12/06/2015 11:50:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
Error: (12/06/2015 11:50:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Updating Service service failed to start due to the following error:
%%1053
CodeIntegrity:
===================================
Date: 2015-02-04 10:01:31.601
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-02-04 10:01:31.585
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 72%
Total physical RAM: 6048.28 MB
Available physical RAM: 1651.18 MB
Total Virtual: 12094.76 MB
Available Virtual: 7826.21 MB
==================== Drives ================================
Drive b: (Gateway) (RAMDisk) (Total:918.41 GB) (Free:385.67 GB) NTFS
Drive c: (Gateway) (Fixed) (Total:918.41 GB) (Free:379.43 GB) NTFS
Drive d: (AppDrv1) (CDROM) (Total:2.6 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5D81C09C)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=918.4 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-12-07 05:38:12
-----------------------------
05:38:12.407 OS Version: Windows x64 6.1.7601 Service Pack 1
05:38:12.407 Number of processors: 4 586 0x2A07
05:38:12.408 ComputerName: BRIDGES1 UserName: Dad
05:38:13.594 Initialize success
05:38:13.705 VM: initialized successfully
05:38:13.705 VM: Intel CPU supported
05:38:22.732 VM: supported disk I/O iaStor.sys
05:40:15.225 AVAST engine defs: 15120600
05:40:54.341 The log file has been saved successfully to "C:\Users\Dad\Desktop\aswMBR.txt"
when i try running spybot i am prompted to uninstall older which gives me an error message file "C:\ProgramFiles(x86)\Spybot - Search&Destroy 2\inins000.msg" is missing. correct or obtain a new copy of the program
AdwCleaner
Run as administrator to run the programme.
(insert smiley slapping smiley here) so...here is the Fixlogtxt., and the adware quarantine. 
ESET Online Scan
. If no threats were found, skip the next two bullet points.
and save the file to your Desktop, naming it something such as "MyEsetScan".
and click 
.