Jump to content

Recommended Posts

Have been attempting to get PC clean and Malwarebytes found lts of problems when first run but now shows no problems. Still getting popups and a file saying PC is infected and to call a number 1-844-674-2311. This is a scam I am sure.

 

Hope someone can help.

 

Posted the txt files created by  Farbar

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by Dave (administrator) on DAVE-PC on 28-01-2015 16:48:10
Running from C:\Users\Dave\Desktop
Loaded Profiles: Dave (Available profiles: Dave)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Akamai Technologies, Inc.) C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Akamai Technologies, Inc.) C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1316876723\ee\aolsoftware.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\shellmon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1822504 2009-08-23] (Synaptics Incorporated)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-20] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3189016 2009-10-01] (Dell Inc.)
HKLM\...\Run: [intelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1926928 2009-09-21] (Intel® Corporation)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2010-01-07] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1316876723\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [bingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [771240 2015-01-09] (Webroot)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2039192 2014-11-24] (APN)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-12-14] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165184 2010-07-21] (Softthinks)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe [6061400 2010-05-11] (Logitech Inc.)
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.7\AOL.EXE [42320 2011-12-14] (AOL Inc.)
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: E - E:\TL-Bootstrap.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: F - F:\TL-Bootstrap.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {08fa18f5-9cc6-11e0-8096-00038a000015} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {0d17c687-0892-11e0-9778-00038a000015} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {10d55bd7-f964-11df-83a7-00038a000015} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {11a3ba51-f89e-11df-8567-00038a000015} - G:\TL-Bootstrap.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {14c8a412-f98b-11df-8596-00038a000015} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {14c8a4c8-f98b-11df-8596-00038a000015} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {20aa011d-01b4-11e3-bfea-00038a000015} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {2dbeab26-fea7-11e2-bfb1-00038a000015} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {33b53f64-f967-11df-b98b-00038a000015} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {38024436-0176-11e0-a509-00038a000015} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {385afdb0-09dd-11e0-a074-00038a000015} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {3a4c1e0b-50bf-11e4-b155-00038a000015} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {4b188a3c-15b8-11e0-bc0b-00038a000015} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {623eacf1-07dd-11e0-a389-00038a000015} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {69c539b8-f4bf-11e2-9602-00038a000015} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {6efe2269-20dc-11e4-9213-00038a000015} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {6f62f207-f69a-11df-a283-00038a000015} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {7083b355-160d-11e0-bdbe-00038a000015} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {731a4278-08be-11e0-9392-00038a000015} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {7514b13c-91f9-11e1-b6e3-00038a000015} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {769d2ad3-f0be-11df-bd59-00038a000015} - E:\setup.exe -a
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {7e42a538-f72d-11e0-b40d-00038a000015} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {7e42a565-f72d-11e0-b40d-00038a000015} - F:\TL-Bootstrap.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {7e4c61f1-173f-11e0-abdb-00038a000015} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {813c761d-0866-11e0-9541-00038a000015} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {824713c6-f8a0-11df-a3e4-00038a000015} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {835993ad-5035-11e1-8cda-00038a000015} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {97a30a4d-f6ab-11e0-947a-806e6f6e6963} - F:\TL-Bootstrap.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {9d25bac2-9d65-11e3-8b3f-00038a000015} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {a679b07d-f957-11e2-b2cf-00038a000015} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {b0d342d9-00f1-11e3-b9f4-00038a000015} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {b2480ab7-fb17-11e0-b24c-00038a000015} - F:\TL-Bootstrap.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {b4c19798-912c-11e1-a2a2-00038a000015} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {c1891958-0972-11e0-958e-00038a000015} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {c1891992-0972-11e0-958e-00038a000015} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {d8aa89b7-0dfe-11e0-a042-00038a000015} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {e29498bc-1128-11e0-883c-00038a000015} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {e447a0e1-15b8-11e0-bd70-00038a000015} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {ec444618-f996-11df-ae05-00038a000015} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {f2d38101-503d-11e1-ad45-00038a000015} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\MountPoints2: {f49e1d85-f99e-11df-b478-00038a000015} - E:\TL-Bootstrap.exe
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [s-1-5-21-701031341-2016158309-2654834284-1000] => http=127.0.0.1:49191;https=127.0.0.1:49191
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?mtmhp=hyplogusaolp00000092
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?pc=BDT3&ocid=BDT3DHP
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.tb.ask.com/index.jhtml?n=77FD7B63&p2=^HJ^xdm003^S08336^us&ptb=EC70E1D1-B345-48E3-B21D-892A2F53EBF8&si=CNGf87rJxrsCFc07Ogod43MASw
URLSearchHook: HKLM-x32 - AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL =
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKLM -> {B57C0924-A5D7-4A0B-BEB5-E5C5702DFD41} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {92382979-CF3A-4856-BF4A-84242B68055B} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {147C3694-4F08-4C33-9A09-0B4720A2EB44} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aol.rTB50CL-chromesbox-en-us&tb_uuid=20100823211901223&tb_oid=23-08-2010&tb_mrud=20-09-2012
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\S-1-5-21-701031341-2016158309-2654834284-1000 -> {622C7D37-7802-46F9-9173-2A17CFB645A1} URL = http://search.aol.com/aol/search?q={searchTerms}&s_it=clireset-ie
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: AOL Toolbar Loader -> {3ef64538-8b54-4573-b48f-4d34b0238ab2} -> C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
Toolbar: HKU\S-1-5-21-701031341-2016158309-2654834284-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-701031341-2016158309-2654834284-1000 -> No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226
Tcpip\..\Interfaces\{258E8A67-A0F5-4DC8-9B64-1155E5A0D6C5}: [NameServer] 0.0.0.0

FireFox:
========
FF ProfilePath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ozbqmcad.default
FF Homepage: hxxp://finance.yahoo.com/|https://my.screenname.aol.com/_cqr/login/login.psp?seamless=novl&locale=us&offerId=newmail-en-us-v2&siteState=ver%3A4%7Crt%3ASTANDARD%7Cat%3ASNS%7Cld%3Amail.aol.com%7Cuv%3AAOL%7Clc%3Aen-us%7Cmt%3AANGELIA%7Csnt%3AScreenName%7Csid%3A7a84134f-57b4-434b-a236-40bdece7b51b&authLev=0&sitedomain=sns.webmail.aol.com〈=en|https://www.google.com/calendar/render#g
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @funwebproducts.com/Plugin -> C:\Program Files (x86)\FunWebProducts\Installr\1.bin\NPFunWeb.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @VideoDownloadConverter_ScriptHelper.com/Plugin -> C:\Program Files (x86)\VideoDownloadConverter\npVDCPlugin.dll No File
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ozbqmcad.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer Cloud)
FF SearchPlugin: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ozbqmcad.default\searchplugins\aolsearch.xml
FF SearchPlugin: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ozbqmcad.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ozbqmcad.default\searchplugins\bingp.xml
FF Extension: Webroot Password Manager - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ozbqmcad.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2014-09-14]
FF Extension: Flash Player - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ozbqmcad.default\Extensions\M1uwW0@47z8gRpK8sULXXLivB.com.xpi [2014-12-28]
FF Extension: Shopping App by Ask - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ozbqmcad.default\Extensions\toolbar_REL3SP-SAT@apn.ask.com.xpi [2014-12-01]
FF Extension: Adblock Plus - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ozbqmcad.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-24]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-27]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-01-27]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-27]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-12-14]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-10-15]
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: No Name - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-11-18]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2014-09-14]
FF HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Firefox\Extensions: [{ED76C299-85BC-4891-9237-74A140C28832}] - C:\Program Files (x86)\RebateInformer\Firefox

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP", "hxxp://search.conduit.com/?ctid=CT3279411&SearchSource=48&CUI=UN30045654633006477&UM=4"
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSearchURL: Default -> http://www.bing.com/search?FORM=BDT3DF&PC=BDT3&q={searchTerms}
CHR DefaultSuggestURL: Default -> http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}&form=BDT3DF&PC=BDT3
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll ()
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala\10.13.20.29_0\plugins/np-cwmp.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll (AOL LLC)
CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll (AOL LLC)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer Cloud)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
CHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Webroot Filtering Extension) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2014-10-10]
CHR Extension: (Google Wallet) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Webroot Password Manager) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2014-12-01]
CHR HKLM\...\Chrome\Extension: [aaaaadgepjkdffhjbkfjgnnffnfcffbg] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaadgepjkdffhjbkfjgnnffnfcffbg.crx [2014-11-24]
CHR HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Chrome\Extension: [dlaidocmldibgopdbjiopphnjhaehnbn] - C:\Users\Dave\AppData\Local\CRE\dlaidocmldibgopdbjiopphnjhaehnbn.crx [Not Found]
CHR HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Chrome\Extension: [ebfmlbdgbekinmmpfmpjjkfclcgedhgj] - C:\Users\Dave\AppData\Local\CRE\ebfmlbdgbekinmmpfmpjjkfclcgedhgj.crx [Not Found]
CHR HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Chrome\Extension: [lbgldkjohmeimlapiahkhkbeoohlflnk] - C:\Users\Dave\AppData\Local\CRE\lbgldkjohmeimlapiahkhkbeoohlflnk.crx [Not Found]
CHR HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Chrome\Extension: [nlndmljfcnlkbcbbneenigbpikmdfcdh] - C:\Users\Dave\AppData\Local\CRE\nlndmljfcnlkbcbbneenigbpikmdfcdh.crx [Not Found]
CHR HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - C:\Program Files (x86)\Amazon\ABB\AmazonChrome-bds-amzn.crx [2012-02-28]
CHR HKLM-x32\...\Chrome\Extension: [aaaaadgepjkdffhjbkfjgnnffnfcffbg] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaadgepjkdffhjbkfjgnnffnfcffbg.crx [2014-11-24]
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - No Path
CHR HKLM-x32\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - No Path
CHR HKLM-x32\...\Chrome\Extension: [dlaidocmldibgopdbjiopphnjhaehnbn] - C:\Users\Dave\AppData\Local\CRE\dlaidocmldibgopdbjiopphnjhaehnbn.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ebfmlbdgbekinmmpfmpjjkfclcgedhgj] - C:\Users\Dave\AppData\Local\CRE\ebfmlbdgbekinmmpfmpjjkfclcgedhgj.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.40.crx [2014-09-14]
CHR HKLM-x32\...\Chrome\Extension: [lbgldkjohmeimlapiahkhkbeoohlflnk] - C:\Users\Dave\AppData\Local\CRE\lbgldkjohmeimlapiahkhkbeoohlflnk.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [nlndmljfcnlkbcbbneenigbpikmdfcdh] - C:\Users\Dave\AppData\Local\CRE\nlndmljfcnlkbcbbneenigbpikmdfcdh.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [odbbfaealmlpnodchplhdomkgpdkeeal] - C:\Program Files (x86)\RebateInformer\Chrome\rebateinformer_c.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2014-09-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-10-30] (APN LLC.)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S4 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2009-10-16] ( ) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [315664 2009-09-21] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-12-14] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-20] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [771240 2015-01-09] (Webroot)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [36256 2009-11-13] (Google Inc)
S3 HtcUsbMdmV64; C:\Windows\System32\DRIVERS\HtcUsbMdmV64.sys [121800 2010-03-08] (QUALCOMM Incorporated) [File not signed]
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated) [File not signed]
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-08-02] (Apple, Inc.) [File not signed]
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [114176 2015-01-09] (Webroot)
S3 cpuz132; \??\C:\Users\Dave\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
U0 SR; No ImagePath
U2 srservice; No ImagePath
U2 TMAgent; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 16:48 - 2015-01-28 16:48 - 00051031 _____ () C:\Users\Dave\Desktop\FRST.txt
2015-01-28 16:45 - 2015-01-28 16:48 - 00000000 ____D () C:\FRST
2015-01-28 16:32 - 2015-01-28 16:32 - 02130432 _____ (Farbar) C:\Users\Dave\Desktop\FRST64.exe
2015-01-27 09:13 - 2015-01-27 09:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-24 13:43 - 2015-01-24 13:43 - 00019868 _____ () C:\Users\Dave\Documents\80thBirthday.xlsx
2015-01-24 13:33 - 2015-01-24 13:33 - 00019883 _____ () C:\Users\Dave\Documents\Copy of 80th Birthday.xlsx
2015-01-24 11:14 - 2015-01-24 11:14 - 00000000 _____ () C:\Windows\system32\REN7459.tmp
2015-01-24 11:14 - 2015-01-24 11:14 - 00000000 _____ () C:\Windows\system32\REN7458.tmp
2015-01-24 11:14 - 2015-01-24 11:14 - 00000000 _____ () C:\Windows\system32\REN7457.tmp
2015-01-24 11:14 - 2015-01-24 11:14 - 00000000 _____ () C:\Windows\system32\REN7456.tmp
2015-01-24 11:14 - 2015-01-24 11:14 - 00000000 _____ () C:\Windows\system32\REN7446.tmp
2015-01-24 11:14 - 2015-01-24 11:14 - 00000000 _____ () C:\Windows\system32\REN7445.tmp
2015-01-24 11:13 - 2015-01-24 11:16 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-24 11:13 - 2015-01-24 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-24 11:11 - 2015-01-24 11:11 - 00639912 _____ (Oracle Corporation) C:\Users\Dave\Downloads\jxpiinstall.exe
2015-01-24 11:06 - 2015-01-28 09:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-24 11:06 - 2015-01-24 11:06 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-24 11:06 - 2015-01-24 11:06 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-24 11:00 - 2015-01-24 11:00 - 00243416 _____ () C:\Users\Dave\Downloads\Firefox Setup Stub 35.0.exe
2015-01-24 10:57 - 2015-01-27 17:03 - 00000000 ____D () C:\Users\Dave\Documents\firefox backups
2015-01-24 10:56 - 2015-01-24 10:56 - 01035926 _____ () C:\Users\Dave\Downloads\MozBackup-1.5.1-EN.exe
2015-01-24 10:56 - 2015-01-24 10:56 - 01035926 _____ () C:\Users\Dave\Downloads\MozBackup-1.5.1-EN (1).exe
2015-01-24 10:56 - 2015-01-24 10:56 - 00001029 _____ () C:\Users\Public\Desktop\MozBackup.lnk
2015-01-24 10:56 - 2015-01-24 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
2015-01-24 10:56 - 2015-01-24 10:56 - 00000000 ____D () C:\Program Files (x86)\MozBackup
2015-01-24 08:45 - 2015-01-24 08:45 - 00000000 ____D () C:\Users\Dave\AppData\Local\{DE04184E-8E96-4D7E-B8F3-55C6CE236C7C}
2015-01-23 08:44 - 2015-01-23 20:45 - 00000000 ____D () C:\Users\Dave\AppData\Local\{CF761BAD-91C6-4971-BEED-0412B0495254}
2015-01-22 17:46 - 2015-01-22 17:46 - 00243710 _____ () C:\Users\Dave\Downloads\photo.php
2015-01-22 15:26 - 2015-01-28 16:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-22 15:26 - 2015-01-22 15:26 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-22 15:26 - 2015-01-22 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-22 15:26 - 2015-01-22 15:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-22 15:26 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-22 15:26 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-22 15:26 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-22 15:24 - 2015-01-22 15:25 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Dave\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-22 09:55 - 2015-01-22 09:56 - 00000000 ____D () C:\Users\Dave\AppData\Local\{122B3906-982E-408D-829C-FC95084F5F6E}
2015-01-21 09:08 - 2015-01-21 09:08 - 00000000 ____D () C:\Users\Dave\AppData\Local\{38B5599F-A8B3-4E71-A8A8-012374B0B94B}
2015-01-20 08:54 - 2015-01-20 08:54 - 00000000 ____D () C:\Users\Dave\AppData\Local\{DF72C774-4178-4271-AC9E-1455832A86AA}
2015-01-20 08:52 - 2015-01-28 16:39 - 00000840 _____ () C:\Windows\setupact.log
2015-01-20 08:52 - 2015-01-25 09:41 - 00120674 _____ () C:\Windows\PFRO.log
2015-01-20 08:52 - 2015-01-20 08:52 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-19 09:35 - 2015-01-19 09:35 - 00000000 ____D () C:\Users\Dave\AppData\Local\{946FF8AA-8290-482C-B9C6-D2CC0DEEF1A5}
2015-01-18 15:20 - 2015-01-18 15:20 - 00000000 ____D () C:\Users\Dave\AppData\Local\{66DEED56-31FE-4E05-876B-2A6617FBEBD1}
2015-01-17 08:29 - 2015-01-17 22:06 - 00000000 ____D () C:\Users\Dave\AppData\Local\{00278C21-EDC2-4306-BC32-6BD8AA50D611}
2015-01-16 09:17 - 2015-01-16 09:17 - 00000000 ____D () C:\Users\Dave\AppData\Local\{B82272D0-64A2-4D5A-8181-1BFAD9790D73}
2015-01-15 20:55 - 2015-01-15 20:55 - 00000000 ____D () C:\Users\Dave\AppData\Local\{6CE64BA7-B84E-483D-ADEB-AC790E446A7C}
2015-01-15 08:54 - 2015-01-15 08:54 - 00000000 ____D () C:\Users\Dave\AppData\Local\{D9D1ADED-6155-4EE3-866A-AE00C561545C}
2015-01-14 12:13 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 12:13 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:13 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 12:13 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 12:13 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 12:13 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 12:13 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 12:13 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 12:13 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 12:13 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 12:13 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 12:13 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 12:13 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 12:05 - 2015-01-14 12:06 - 00000000 ____D () C:\Users\Dave\AppData\Local\{E52A4DCC-349A-46C9-BCF3-1E025B1F95AD}
2015-01-13 22:53 - 2015-01-13 22:53 - 00000000 ____D () C:\Users\Dave\AppData\Local\{98E0C183-7666-49A0-8D59-13CA7637DA3D}
2015-01-13 08:37 - 2015-01-13 08:37 - 00000000 ____D () C:\Users\Dave\AppData\Local\{A2EBE523-CC38-4498-9FF0-E2DDEC7AFD47}
2015-01-12 08:25 - 2015-01-12 20:36 - 00000000 ____D () C:\Users\Dave\AppData\Local\{F0F9B023-9CCC-4241-9FAC-B91541AB0E85}
2015-01-11 19:02 - 2015-01-11 19:03 - 00000000 ____D () C:\Users\Dave\Documents\ATT00039
2015-01-11 18:58 - 2015-01-11 19:05 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2015-01-11 06:57 - 2015-01-11 18:58 - 00000000 ____D () C:\Users\Dave\AppData\Local\{403B5416-94F3-48E1-AF96-3A4B0F2AC605}
2015-01-10 09:11 - 2015-01-10 09:12 - 00000000 ____D () C:\Users\Dave\AppData\Local\{CC39E216-A848-4742-938E-1F1EAC260C08}
2015-01-09 10:02 - 2015-01-09 10:03 - 00000000 ____D () C:\Users\Dave\AppData\Local\{31081A3D-2CC3-4BAB-8C36-E05352A94C0D}
2015-01-08 08:23 - 2015-01-08 20:23 - 00000000 ____D () C:\Users\Dave\AppData\Local\{6963CBA5-3EB4-42AB-9284-F219C0685D4F}
2015-01-07 10:40 - 2015-01-07 10:42 - 00000000 ____D () C:\Users\Dave\AppData\Local\{EFAE7B38-8C53-4D2A-9A9E-3D559C9A7981}
2015-01-06 09:32 - 2015-01-06 09:33 - 00000000 ____D () C:\Users\Dave\AppData\Local\{5A011B73-8D23-4524-883C-86EDEA7E73D7}
2015-01-05 09:30 - 2015-01-05 21:32 - 00000000 ____D () C:\Users\Dave\AppData\Local\{38031B8B-1998-4854-94E7-B99D4A101204}
2015-01-04 09:13 - 2015-01-04 09:15 - 00000000 ____D () C:\Users\Dave\AppData\Local\{6D593451-00FF-47B6-9AA8-3B972485CDC7}
2015-01-03 09:12 - 2015-01-03 09:12 - 00000000 ____D () C:\Users\Dave\AppData\Local\{46D78E6A-47F6-4FB1-8221-8106807529DE}
2015-01-02 08:19 - 2015-01-02 08:19 - 00000000 ____D () C:\Users\Dave\AppData\Local\{7C695EC4-747D-45CA-8AEB-0380296511B8}
2015-01-01 09:19 - 2015-01-01 09:19 - 00000000 ____D () C:\Users\Dave\AppData\Local\{DCE3AF7B-FBF0-4CCD-86EB-70B2EC8D19A1}
2014-12-31 21:45 - 2015-01-09 16:54 - 00014036 _____ () C:\Users\Dave\Documents\2015 MRD Withdrawal.xlsx
2014-12-31 21:18 - 2014-12-31 21:18 - 00000000 ____D () C:\Users\Dave\AppData\Local\{36D80810-0549-449D-9889-0C066CD840F3}
2014-12-31 20:43 - 2014-12-31 20:46 - 00000000 ____D () C:\Users\Dave\AppData\Local\Microsoft Help
2014-12-31 09:17 - 2014-12-31 09:17 - 00000000 ____D () C:\Users\Dave\AppData\Local\{5B0DA3FE-5DE0-4F05-B110-11B0B4710246}
2014-12-30 09:24 - 2014-12-30 09:24 - 00000000 ____D () C:\Users\Dave\AppData\Local\{2698267C-6BF4-49C6-9B72-D4BCB478B7D4}
2014-12-29 18:37 - 2015-01-28 14:23 - 00003200 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-701031341-2016158309-2654834284-1000
2014-12-29 18:37 - 2014-12-29 18:37 - 00000000 ____D () C:\Users\Dave\AppData\Local\{701C5995-E11A-40BA-840A-F02940B245AD}
2014-12-29 18:36 - 2015-01-28 14:23 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-701031341-2016158309-2654834284-1000

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 16:47 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-28 16:47 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-28 16:45 - 2013-11-07 09:23 - 00000000 ____D () C:\ProgramData\WRData
2015-01-28 16:43 - 2009-07-14 00:10 - 01184193 _____ () C:\Windows\WindowsUpdate.log
2015-01-28 16:40 - 2013-11-01 02:04 - 00000000 ____D () C:\Users\Dave\AppData\Local\SoftThinks
2015-01-28 16:40 - 2013-08-13 12:42 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-28 16:39 - 2014-09-14 10:59 - 00000749 _____ () C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
2015-01-28 16:39 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-28 16:15 - 2013-07-15 13:44 - 00000000 ____D () C:\Quicken 2013
2015-01-28 16:00 - 2012-08-26 10:56 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A91A69F0-AEFC-4023-BC76-BDB38F2EB09E}
2015-01-28 15:51 - 2013-08-13 12:42 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-28 15:33 - 2014-06-05 19:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-28 15:08 - 2010-08-24 07:59 - 00049664 _____ () C:\Users\Dave\Documents\BUDGET.xls
2015-01-27 20:42 - 2014-12-09 15:55 - 00023147 _____ () C:\Users\Dave\Documents\401k 2015.xlsx
2015-01-27 11:03 - 2014-06-12 14:44 - 00019861 _____ () C:\Users\Dave\Documents\80th Birthday.xlsx
2015-01-26 21:54 - 2013-10-21 21:11 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-26 20:51 - 2013-09-14 16:38 - 00000000 ____D () C:\Users\Dave\AppData\Local\CrashDumps
2015-01-25 19:46 - 2011-01-06 21:55 - 02089472 ___SH () C:\Users\Dave\Documents\Thumbs.db
2015-01-25 10:33 - 2014-06-05 19:59 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 10:33 - 2014-06-05 19:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-25 10:33 - 2014-06-05 19:59 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 11:37 - 2010-05-20 23:55 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-01-24 11:14 - 2010-05-20 23:36 - 00000000 ____D () C:\Program Files\Java
2015-01-24 11:13 - 2013-09-14 14:12 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-24 11:13 - 2013-09-14 14:11 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-24 11:13 - 2013-09-14 14:11 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-24 11:13 - 2013-09-14 14:11 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-24 11:13 - 2013-09-14 14:11 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-24 11:03 - 2010-08-23 17:45 - 00000000 ____D () C:\Users\Dave\Tracing
2015-01-23 21:05 - 2009-07-14 00:13 - 00811718 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-23 08:41 - 2009-07-14 00:08 - 00032566 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-22 17:50 - 2010-12-15 14:49 - 00000000 ____D () C:\Users\Dave\Desktop\mypics
2015-01-22 17:49 - 2012-12-06 22:47 - 00244301 _____ () C:\Users\Dave\Downloads\Danielle,Tyler Marissa Dec 2012.php
2015-01-22 17:44 - 2011-07-17 17:52 - 00900096 ___SH () C:\Users\Dave\Downloads\Thumbs.db
2015-01-22 15:58 - 2013-11-17 16:28 - 00000000 ____D () C:\Windows\system32\ljkb
2015-01-22 15:54 - 2011-02-24 09:39 - 00384000 ___SH () C:\Users\Dave\Desktop\Thumbs.db
2015-01-22 15:47 - 2013-11-17 16:28 - 00000000 ____D () C:\Windows\SysWOW64\jmdp
2015-01-22 15:47 - 2010-05-20 23:55 - 00000000 ____D () C:\Windows\PCHEALTH
2015-01-22 15:45 - 2014-03-29 09:12 - 00000000 ____D () C:\Users\Dave\AppData\Local\CRE
2015-01-22 15:45 - 2014-03-29 09:11 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\PerformerSoft
2015-01-22 15:45 - 2013-11-17 16:27 - 00000000 ____D () C:\Windows\SysWOW64\WNLT
2015-01-22 15:42 - 2013-11-17 16:28 - 00000000 ____D () C:\Windows\SysWOW64\ARFC
2015-01-22 15:26 - 2013-02-04 09:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-19 21:04 - 2010-08-23 17:49 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\Skype
2015-01-14 20:56 - 2013-07-17 21:44 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 20:56 - 2010-08-27 07:45 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 23:07 - 2010-05-20 23:50 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-01-12 09:10 - 2014-10-03 20:09 - 00013084 _____ () C:\Users\Dave\Documents\Danielle Best Buy Payment.xlsx
2015-01-09 10:06 - 2014-09-14 10:59 - 00153256 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2015-01-09 10:06 - 2014-09-14 10:59 - 00114176 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2015-01-09 10:06 - 2014-09-14 10:59 - 00103816 _____ (Webroot) C:\Windows\system32\WRusr.dll
2015-01-08 20:21 - 2010-08-24 07:59 - 00040960 _____ () C:\Users\Dave\Documents\401k Withdrawal.XLS
2015-01-02 13:43 - 2010-10-23 08:48 - 00000000 ____D () C:\Users\Dave\Documents\My Scans
2015-01-01 10:00 - 2013-12-20 16:51 - 00014177 _____ () C:\Users\Dave\Documents\2014 MRD Withdrawal.xlsx
2014-12-31 20:46 - 2013-11-14 22:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-31 20:37 - 2013-12-20 16:47 - 00061991 _____ () C:\Users\Dave\Documents\401k 2014.xlsx
2014-12-31 15:34 - 2010-08-23 14:32 - 00000000 ____D () C:\Users\Dave\AppData\Local\VirtualStore
2014-12-29 18:35 - 2010-08-23 14:28 - 00000000 ____D () C:\Users\Dave
2014-12-29 18:33 - 2014-09-14 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2014-12-29 18:33 - 2014-09-14 10:59 - 00000000 ____D () C:\Program Files\Webroot
2014-12-29 18:33 - 2011-11-02 20:10 - 00000000 ____D () C:\Users\Dave\AppData\Local\Akamai
2014-12-29 18:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-12-29 18:31 - 2010-08-24 09:46 - 00000000 ____D () C:\ProgramData\Real
2014-12-29 15:43 - 2014-08-12 08:06 - 00000000 ____D () C:\Users\Dave\AppData\Local\Deployment

==================== Files in the root of some directories =======

2014-09-14 11:00 - 2014-09-14 11:01 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2013-12-20 08:28 - 2014-02-13 16:29 - 0000136 _____ () C:\Users\Dave\AppData\Roaming\WB.CFG
2013-08-12 08:57 - 2013-08-12 08:57 - 0000005 _____ () C:\Users\Dave\AppData\Roaming\WBPU-TTL.DAT
2010-08-24 18:34 - 2014-09-13 09:48 - 0025600 _____ () C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-26 15:55 - 2013-11-07 10:45 - 0000036 _____ () C:\Users\Dave\AppData\Local\housecall.guid.cache
2010-08-24 16:33 - 2010-08-24 16:33 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-08-23 19:26 - 2014-05-09 20:49 - 0025939 _____ () C:\ProgramData\hpzinstall.log
2010-10-07 11:40 - 2010-10-22 12:39 - 0010869 _____ () C:\ProgramData\lxdu.log

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.6540.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 12:58

==================== End Of Log ============================

 

 

 

Addition.txt

Link to post
Share on other sites

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

warning.gif Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

  • Double-click the icon to start the tool.
  • It will ask you where to extract it, then it will start.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
Link to post
Share on other sites

Thanks for helping here are the files and FRST.txt and Addition.txt are attachments.

 

"mbar-log-2015-01-29 (18-26-57).txt"

 

Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
  main:    v2015.01.29.10
  rootkit: v2015.01.14.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
Dave :: DAVE-PC [administrator]

1/29/2015 6:26:57 PM
mbar-log-2015-01-29 (18-26-57).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 370860
Time elapsed: 17 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

"system-log.txt"

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.3.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17501

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.261000 GHz
Memory total: 4081606656, free: 2013376512

Downloaded database version: v2015.01.29.10
Downloaded database version: v2015.01.14.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
------------ Kernel report ------------
     01/29/2015 18:26:43
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\drivers\WRkrn.sys
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\NDIS.SYS
\SystemRoot\System32\drivers\TDI.SYS
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw5s64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\risdpe64.sys
\SystemRoot\system32\DRIVERS\rimspe64.sys
\SystemRoot\system32\DRIVERS\rixdpe64.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\Acceler.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\wanatw64.sys
\SystemRoot\system32\DRIVERS\pneteth.sys
\SystemRoot\system32\DRIVERS\pnetmdm64.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\CtClsFlt.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\dot4usb.sys
\SystemRoot\system32\DRIVERS\Dot4.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\Dot4Prt.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\difxapi.dll
\Windows\System32\user32.dll
\Windows\System32\lpk.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\urlmon.dll
\Windows\System32\gdi32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\advapi32.dll
\Windows\System32\iertutil.dll
\Windows\System32\kernel32.dll
\Windows\System32\shell32.dll
\Windows\System32\sechost.dll
\Windows\System32\usp10.dll
\Windows\System32\setupapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\nsi.dll
\Windows\System32\normaliz.dll
\Windows\System32\shlwapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\ole32.dll
\Windows\System32\imm32.dll
\Windows\System32\wininet.dll
\Windows\System32\clbcatq.dll
\Windows\System32\comdlg32.dll
\Windows\System32\msctf.dll
\Windows\System32\msvcrt.dll
\Windows\System32\imagehlp.dll
\Windows\System32\psapi.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\userenv.dll
\Windows\System32\crypt32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2015.01.29.10
  rootkit: v2015.01.14.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004bc5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004bc5b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004bc5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800490b550, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E64000E2

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 80262

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 80325  Numsec = 30720000
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 30800325  Numsec = 945970795

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa80050f6060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006268b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80050f6060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006261b60, DeviceName: \Device\0000008b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-80325-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 

Addition.txt

FRST.txt

Link to post
Share on other sites

remove%20outdated.jpg Uninstall some programs
 
We need to uninstall some unwanted/unneeded programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

  • Download Updater
  • SaveSense
  • Search App by Ask
  • Strongvault Online Backup

After completing uninstalls, please manually reboot your machine!
 
Note: If you get the message like: An error occurred while trying to uninstall, just press Yes.
 
 
 
 
FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.
 
 
 
 

adwcleaner_new.png Fix with AdwCleaner
 
Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait until the database is updated.
  • Accept the Terms of use and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.

Please upload report in your reply.
 
Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

fixlist.txt

Link to post
Share on other sites

Okay have done above. The file Strongvault Online Backup I did not find when deleting programs.

 

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-01-2015
Ran by Dave at 2015-01-30 12:38:21 Run:1
Running from C:\Users\Dave\Desktop
Loaded Profiles: Dave (Available profiles: Dave)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
closeprocesses:
CustomCLSID: HKU\S-1-5-21-701031341-2016158309-2654834284-1000_Classes\CLSID\{BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B}\InprocServer32 -> C:\Program Files (x86)\Zoner\Photo Studio 12\Program\SHELLEXT64.DLL No File
CustomCLSID: HKU\S-1-5-21-701031341-2016158309-2654834284-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\msvcp60.dll No File
Task: {08D342AE-7255-42AD-9119-D63E9DCDF696} - \EPUpdater No Task File <==== ATTENTION
Task: {AF7B6BC1-7BE7-44B0-8A54-570D89F89C47} - System32\Tasks\Test TimeTrigger => C:\Users\Dave\AppData\Local\Temp\Runner.exe <==== ATTENTION
C:\Users\Dave\AppData\Local\Temp\Runner.exe
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
C:\Program Files (x86)\AskPartnerNetwork
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2039192 2014-11-24] (APN)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyServer: [s-1-5-21-701031341-2016158309-2654834284-1000] => http=127.0.0.1:49191;https=127.0.0.1:49191
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?mtmhp=hyplogusaolp00000092
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?pc=BDT3&ocid=BDT3DHP
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.tb.ask.com/index.jhtml?n=77FD7B63&p2=^HJ^xdm003^S08336^us&ptb=EC70E1D1-B345-48E3-B21D-892A2F53EBF8&si=CNGf87rJxrsCFc07Ogod43MASw
URLSearchHook: HKLM-x32 - AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL =
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKLM -> {B57C0924-A5D7-4A0B-BEB5-E5C5702DFD41} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {92382979-CF3A-4856-BF4A-84242B68055B} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {147C3694-4F08-4C33-9A09-0B4720A2EB44} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aol.rTB50CL-chromesbox-en-us&tb_uuid=20100823211901223&tb_oid=23-08-2010&tb_mrud=20-09-2012
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\S-1-5-21-701031341-2016158309-2654834284-1000 -> {622C7D37-7802-46F9-9173-2A17CFB645A1} URL = http://search.aol.com/aol/search?q={searchTerms}&s_it=clireset-ie
Toolbar: HKU\S-1-5-21-701031341-2016158309-2654834284-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-701031341-2016158309-2654834284-1000 -> No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226
Tcpip\..\Interfaces\{258E8A67-A0F5-4DC8-9B64-1155E5A0D6C5}: [NameServer] 0.0.0.0
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} -  No File
FF SearchPlugin: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ozbqmcad.default\searchplugins\aolsearch.xml
FF SearchPlugin: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ozbqmcad.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ozbqmcad.default\searchplugins\bingp.xml
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP", "hxxp://search.conduit.com/?ctid=CT3279411&SearchSource=48&CUI=UN30045654633006477&UM=4"
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSearchURL: Default -> http://www.bing.com/search?FORM=BDT3DF&PC=BDT3&q={searchTerms}
CHR DefaultSuggestURL: Default -> http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}&form=BDT3DF&PC=BDT3
CHR HKLM\...\Chrome\Extension: [aaaaadgepjkdffhjbkfjgnnffnfcffbg] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaadgepjkdffhjbkfjgnnffnfcffbg.crx [2014-11-24]
CHR HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Chrome\Extension: [dlaidocmldibgopdbjiopphnjhaehnbn] - C:\Users\Dave\AppData\Local\CRE\dlaidocmldibgopdbjiopphnjhaehnbn.crx [Not Found]
CHR HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Chrome\Extension: [ebfmlbdgbekinmmpfmpjjkfclcgedhgj] - C:\Users\Dave\AppData\Local\CRE\ebfmlbdgbekinmmpfmpjjkfclcgedhgj.crx [Not Found]
CHR HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Chrome\Extension: [lbgldkjohmeimlapiahkhkbeoohlflnk] - C:\Users\Dave\AppData\Local\CRE\lbgldkjohmeimlapiahkhkbeoohlflnk.crx [Not Found]
CHR HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Chrome\Extension: [nlndmljfcnlkbcbbneenigbpikmdfcdh] - C:\Users\Dave\AppData\Local\CRE\nlndmljfcnlkbcbbneenigbpikmdfcdh.crx [Not Found]
CHR HKU\S-1-5-21-701031341-2016158309-2654834284-1000\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - C:\Program Files (x86)\Amazon\ABB\AmazonChrome-bds-amzn.crx [2012-02-28]
CHR HKLM-x32\...\Chrome\Extension: [aaaaadgepjkdffhjbkfjgnnffnfcffbg] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaadgepjkdffhjbkfjgnnffnfcffbg.crx [2014-11-24]
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - No Path
CHR HKLM-x32\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - No Path
CHR HKLM-x32\...\Chrome\Extension: [dlaidocmldibgopdbjiopphnjhaehnbn] - C:\Users\Dave\AppData\Local\CRE\dlaidocmldibgopdbjiopphnjhaehnbn.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ebfmlbdgbekinmmpfmpjjkfclcgedhgj] - C:\Users\Dave\AppData\Local\CRE\ebfmlbdgbekinmmpfmpjjkfclcgedhgj.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lbgldkjohmeimlapiahkhkbeoohlflnk] - C:\Users\Dave\AppData\Local\CRE\lbgldkjohmeimlapiahkhkbeoohlflnk.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [nlndmljfcnlkbcbbneenigbpikmdfcdh] - C:\Users\Dave\AppData\Local\CRE\nlndmljfcnlkbcbbneenigbpikmdfcdh.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [odbbfaealmlpnodchplhdomkgpdkeeal] - C:\Program Files (x86)\RebateInformer\Chrome\rebateinformer_c.crx [Not Found]
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-10-30] (APN LLC.)
S3 cpuz132; \??\C:\Users\Dave\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
U0 SR; No ImagePath
U2 srservice; No ImagePath
U2 TMAgent; No ImagePath

*****************

Processes closed successfully.
"HKU\S-1-5-21-701031341-2016158309-2654834284-1000_Classes\CLSID\{BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B}" => Key deleted successfully.
"HKU\S-1-5-21-701031341-2016158309-2654834284-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08D342AE-7255-42AD-9119-D63E9DCDF696}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08D342AE-7255-42AD-9119-D63E9DCDF696}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF7B6BC1-7BE7-44B0-8A54-570D89F89C47}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF7B6BC1-7BE7-44B0-8A54-570D89F89C47}" => Key deleted successfully.
C:\Windows\System32\Tasks\Test TimeTrigger => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Test TimeTrigger" => Key deleted successfully.
"C:\Users\Dave\AppData\Local\Temp\Runner.exe" => File/Directory not found.
"HKU\.DEFAULT\Software\Classes\exefile" => Key deleted successfully.
"HKU\.DEFAULT\Software\Classes\.exe" => Key deleted successfully.
HKU\.DEFAULT\Software\Classes\exefile => Key not found.
"HKU\S-1-5-19\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-19\Software\Classes\.exe" => Key deleted successfully.
HKU\S-1-5-19\Software\Classes\exefile => Key not found.
"HKU\S-1-5-20\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-20\Software\Classes\.exe" => Key deleted successfully.
HKU\S-1-5-20\Software\Classes\exefile => Key not found.
"HKU\S-1-5-21-701031341-2016158309-2654834284-1000\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-21-701031341-2016158309-2654834284-1000\Software\Classes\.exe" => Key deleted successfully.
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\Software\Classes\exefile => Key not found.
"C:\Program Files (x86)\AskPartnerNetwork" => File/Directory not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon => Value not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value deleted successfully.
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}" => Key deleted successfully.
HKCR\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully.
HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B57C0924-A5D7-4A0B-BEB5-E5C5702DFD41}" => Key deleted successfully.
HKCR\CLSID\{B57C0924-A5D7-4A0B-BEB5-E5C5702DFD41} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{147C3694-4F08-4C33-9A09-0B4720A2EB44}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{147C3694-4F08-4C33-9A09-0B4720A2EB44} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
"HKU\S-1-5-21-701031341-2016158309-2654834284-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{622C7D37-7802-46F9-9173-2A17CFB645A1}" => Key deleted successfully.
HKCR\CLSID\{622C7D37-7802-46F9-9173-2A17CFB645A1} => Key not found.
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKU\S-1-5-21-701031341-2016158309-2654834284-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA00B7B1-0351-477A-B948-23E3EE5A73D4} => value deleted successfully.
HKCR\CLSID\{BA00B7B1-0351-477A-B948-23E3EE5A73D4} => Key not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value deleted successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{258E8A67-A0F5-4DC8-9B64-1155E5A0D6C5}\\NameServer => value deleted successfully.
"HKCR\PROTOCOLS\Handler\rebinfo" => Key deleted successfully.
HKCR\CLSID\{AF808758-C780-404C-A4EE-4526323FD9B6} => Key not found.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ozbqmcad.default\searchplugins\aolsearch.xml => Moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ozbqmcad.default\searchplugins\ask-search.xml => Moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ozbqmcad.default\searchplugins\bingp.xml => Moved successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaadgepjkdffhjbkfjgnnffnfcffbg => Key not found.
"C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaadgepjkdffhjbkfjgnnffnfcffbg.crx" => File/Directory not found.
"HKU\S-1-5-21-701031341-2016158309-2654834284-1000\SOFTWARE\Google\Chrome\Extensions\dlaidocmldibgopdbjiopphnjhaehnbn" => Key deleted successfully.
"HKU\S-1-5-21-701031341-2016158309-2654834284-1000\SOFTWARE\Google\Chrome\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj" => Key deleted successfully.
"HKU\S-1-5-21-701031341-2016158309-2654834284-1000\SOFTWARE\Google\Chrome\Extensions\lbgldkjohmeimlapiahkhkbeoohlflnk" => Key deleted successfully.
"HKU\S-1-5-21-701031341-2016158309-2654834284-1000\SOFTWARE\Google\Chrome\Extensions\nlndmljfcnlkbcbbneenigbpikmdfcdh" => Key deleted successfully.
"HKU\S-1-5-21-701031341-2016158309-2654834284-1000\SOFTWARE\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam" => Key deleted successfully.
C:\Program Files (x86)\Amazon\ABB\AmazonChrome-bds-amzn.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaadgepjkdffhjbkfjgnnffnfcffbg => Key not found.
"C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaadgepjkdffhjbkfjgnnffnfcffbg.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dflinnddekagfkncpgojoppgnppfkbkj" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlaidocmldibgopdbjiopphnjhaehnbn" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lbgldkjohmeimlapiahkhkbeoohlflnk" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nlndmljfcnlkbcbbneenigbpikmdfcdh" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\odbbfaealmlpnodchplhdomkgpdkeeal" => Key deleted successfully.
APNMCP => Service not found.
cpuz132 => Service deleted successfully.
SR => Service deleted successfully.
srservice => Service deleted successfully.
TMAgent => Service deleted successfully.


The system needed a reboot.

==== End of Fixlog 12:38:30 ====

 

AdwCleaner[s0].txt

 

 

# AdwCleaner v4.109 - Report created 30/01/2015 at 12:55:58
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dave - DAVE-PC
# Running from : C:\Users\Dave\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Skype C2C Service

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\Program Files (x86)\Amazon\ABB
Folder Deleted : C:\Program Files (x86)\AOL Toolbar
Folder Deleted : C:\Program Files (x86)\Bench
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\VideoDownloadConverter
Folder Deleted : C:\Program Files (x86)\Viewpoint
Folder Deleted : C:\Windows\SysWOW64\ARFC
Folder Deleted : C:\Windows\SysWOW64\jmdp
Folder Deleted : C:\Windows\SysWOW64\WNLT
Folder Deleted : C:\Users\Dave\AppData\Local\Temp\apn
Folder Deleted : C:\Windows\System32\ljkb
Folder Deleted : C:\Users\Dave\AppData\Local\Conduit
Folder Deleted : C:\Users\Dave\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Dave\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Dave\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Dave\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Performer
File Deleted : C:\END
File Deleted : C:\Windows\System32\ImhxxpComm.dll
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Dave\AppData\LocalLow\SkwConfig.bin
File Deleted : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ozbqmcad.default\invalidprefs.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\nsprotector.js
File Deleted : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ozbqmcad.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{ED76C299-85BC-4891-9237-74A140C28832}]
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CShared.TB4Client
Key Deleted : HKLM\SOFTWARE\Classes\CShared.TB4Script
Key Deleted : HKLM\SOFTWARE\Classes\CShared.TB4Server
Key Deleted : HKLM\SOFTWARE\Classes\CShared.TB4Server2
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\RebateInf.RebateInfObj
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter.ScriptHelper
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter.ScriptHelper.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@funwebproducts.com/Plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_ScriptHelper.com/Plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{997E3BFB-F821-411C-8B96-D61D415EC8FA}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4EF645BD-65B0-4F98-AD56-D0437B7045F6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8A4E8BCB-5598-4CAF-9DEC-4D452760E28D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{93D3100A-BBB6-456C-96FC-82CAC5F383AC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{997E3BFB-F821-411C-8B96-D61D415EC8FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CDDAB3A4-E64D-4AE0-9E1D-F3132F5F913F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E66A759D-367F-433E-85C6-ED7F040BCC32}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9DFFAA5F-44C6-4FF2-80EE-76368D0A2E75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B8445FED-900C-4137-AD15-DDD2F6306B62}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BB27DF2F-6F05-4A42-9FFD-14696D795750}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{993161E3-CF87-46CF-A702-3FD05D3DEDDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0510789C-5E5D-4FA3-A3EF-2D56FDE5090A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{385F1935-3784-48D0-A61F-6385493DED3C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{438B047C-C041-4D15-98CF-A97C6B366C28}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BC153A3C-0BB7-4EED-83AE-28E6E398F56E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A3866408-A46D-4421-816F-F34D7247A046}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8A4E8BCB-5598-4CAF-9DEC-4D452760E28D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27CE191D-733B-4450-AFCD-096D105288C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D6F0AC3-0C2E-4E07-8FDA-11268AB51211}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89CC5A31-B592-4BB3-82F5-BD8ACA3E0BF0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22714877-95E3-480E-A313-4EC440965E4F}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA021789-C8CD-4676-BC40-90077A19D5CD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9DFFAA5F-44C6-4FF2-80EE-76368D0A2E75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B34A6A15-1F6F-4A19-A9DD-8B44C874A20B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B8445FED-900C-4137-AD15-DDD2F6306B62}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BB27DF2F-6F05-4A42-9FFD-14696D795750}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C00F4B2B-A33C-40FC-8E47-4D18DCD4B01E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C242AC08-2AE7-46A5-A62D-E7F1B9BE489C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F3EC3AFF-8FD8-4253-ABA2-F2ABE0A5524A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F85503FF-ED21-4493-9A4A-B6765EB45D94}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FEEAF56C-C91B-4D1C-9FC8-BAFD85F5F2B3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7007FA4C-E372-4485-ADFA-213B9E38D87F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AE769DF-F151-4541-B820-031726E76E06}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8684A596-308C-4872-ACA7-FF6093BBEEF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{934063FB-A81D-4849-B02C-478446DF3219}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{993161E3-CF87-46CF-A702-3FD05D3DEDDD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0510789C-5E5D-4FA3-A3EF-2D56FDE5090A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32CC4D2E-999C-4853-9D3E-5DE4C02D57C6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4B8E39FD-ED07-4A41-9681-3D78DAFCEE66}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5A06A37E-F036-42EC-9D51-E738FACBFEB5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]
Key Deleted : HKCU\Software\Alexa Internet
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\CToolbar
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\CToolbar
Key Deleted : HKLM\SOFTWARE\firstsearch
Key Deleted : HKLM\SOFTWARE\ImInstaller
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\SearchquSRTB
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\VBMZ
Key Deleted : HKLM\SOFTWARE\VideoDownloadConverter
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloadConverter
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : [x64] HKLM\SOFTWARE\WNLT
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveSenseLive.exe
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>;<local>

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0.1 (x86 en-US)

[ozbqmcad.default\prefs.js] - Line Deleted : user_pref("CT2117678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[ozbqmcad.default\prefs.js] - Line Deleted : user_pref("CT2117678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[ozbqmcad.default\prefs.js] - Line Deleted : user_pref("CT2117678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
[ozbqmcad.default\prefs.js] - Line Deleted : user_pref("CT2117678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
[ozbqmcad.default\prefs.js] - Line Deleted : user_pref("CT2117678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[ozbqmcad.default\prefs.js] - Line Deleted : user_pref("CT2117678.SearchEngine", "Searchhxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2117678&octid=EB_ORIGINAL_CTID&SearchSource=1");
[ozbqmcad.default\prefs.js] - Line Deleted : user_pref("CT2117678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
[ozbqmcad.default\prefs.js] - Line Deleted : user_pref("CT2117678.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
[ozbqmcad.default\prefs.js] - Line Deleted : user_pref("CT2117678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2117678");
[ozbqmcad.default\prefs.js] - Line Deleted : user_pref("CT2117678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
[ozbqmcad.default\prefs.js] - Line Deleted : user_pref("CT2117678.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[ozbqmcad.default\prefs.js] - Line Deleted : user_pref("CT2117678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
[ozbqmcad.default\prefs.js] - Line Deleted : user_pref("CT2117678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
[ozbqmcad.default\prefs.js] - Line Deleted : user_pref("CT2117678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[ozbqmcad.default\prefs.js] - Line Deleted : user_pref("CT2117678.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[ozbqmcad.default\prefs.js] - Line Deleted : user_pref("CT2724386.1000234.weatherData", "{\"icon\":\"26.png\",\"temperature\":\"66?F\",\"temperatureClear\":\"66?F\",\"highTemperature\":\"66?F\",\"lowTemperature\":\"60?F\",\"feelsLike\":\"66?F\",[...]
[ozbqmcad.default\prefs.js] - Line Deleted : user_pref("CT2724386.installId", "ConduitNSISIntegration");
[ozbqmcad.default\prefs.js] - Line Deleted : user_pref("CT2724386.installType", "ConduitNSISIntegration");
[ozbqmcad.default\prefs.js] - Line Deleted : user_pref("CT2724386.isPerformedSmartBarTransition", "true");
[ozbqmcad.default\prefs.js] - Line Deleted : user_pref("CT2724386.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3268934&SearchSource=2&CUI=UN15316547701189944&UM=2&q=");
[ozbqmcad.default\prefs.js] - Line Deleted : user_pref("CT2724386.smartbar.CTID", "CT2724386");
[ozbqmcad.default\prefs.js] - Line Deleted : user_pref("CT2724386.smartbar.Uninstall", "0");
[ozbqmcad.default\prefs.js] - Line Deleted : user_pref("CT2724386.smartbar.isHidden", true);
[ozbqmcad.default\prefs.js] - Line Deleted : user_pref("CT2724386.smartbar.toolbarName", "IncrediMail MediaBar 2 ");
[ozbqmcad.default\prefs.js] - Line Deleted : user_pref("CT3158970..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[ozbqmcad.default\prefs.js] - Line Deleted : user_pref("CT3158970..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");

-\\ Google Chrome v40.0.2214.93

[C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN30045654633006477&ctid=CT3279411&UM=4

*************************

AdwCleaner[R0].txt - [19448 octets] - [30/01/2015 12:52:31]
AdwCleaner[s0].txt - [19472 octets] - [30/01/2015 12:55:58]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [19533 octets] ##########
 

Link to post
Share on other sites

I believe the problem was somewhere within Firefox as when a new tab was opened it would then redirect to a spam page.

 

Have gone into Help>Troubleshooting information and then done a refresh to set up a new profile, used mozbackup to bring over his bookmarks and the redirects seem to be solved for now and hopefully forever until my friend clicks on another problem.

 

Thanks for your help as besides this he had a lot of malware.

Link to post
Share on other sites

Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)
 
 

Recommended reading:

 
 
icon_exclaim.gifMUST READ - security tips:

icon_exclaim.gifMUST READ - general maintenance:

The Importance of Software Updating:

 

 
In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.
 
Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

Recommended additional software:

 
 
icon_arrow.gifTFC - to clean unneeded temporary files.
icon_arrow.gifMalwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gifMalwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gifMcShield - to prevent infections spread by removable media.
icon_arrow.gifUnchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gifAdblock - to surf the web without annoying ads! 
 
 

Post-cleanup procedures:

 

 
Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report. You do not need to attach it.

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning. 
 
 
 


My help is free for everybody.

If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation: 
btn_donateCC_LG.gif

 

Thank you!

 
 
Stay safe,
TwinHeadedEagle   :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.