Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

winerror.info [Solved]


  • This topic is locked This topic is locked

#1
BIGROD

BIGROD

    Member

  • Member
  • PipPip
  • 87 posts
Occasionally when surfing the web, I'm getting redirected to a "winerror.info" popup that consists of a blue screen saying that my system has been compromised and I need to call the provided number to speak to a Microsoft rep immediately. This is obviously malware. Any assistance in removal is greatly appreciated.
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by Roberts Family (administrator) on IONGRAPHX (15-09-2015 20:47:20)
Running from C:\Users\Roberts Family\Desktop
Loaded Profiles: Roberts Family (Available Profiles: Roberts Family)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Octoshape ApS) C:\Users\Roberts Family\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(Spotify Ltd) C:\Users\Roberts Family\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
() C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(Nike) C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(David Ayton) C:\Program Files (x86)\CDisplay\CDisplay.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avrestart.exe
(RockMelt Inc.) C:\Users\Roberts Family\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Users\Roberts Family\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Roberts Family\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Roberts Family\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Roberts Family\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Roberts Family\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Roberts Family\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Roberts Family\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Roberts Family\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Roberts Family\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Roberts Family\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Roberts Family\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Roberts Family\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Roberts Family\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Roberts Family\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-03-26] (Nero AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1648048 2013-12-23] (Ask)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [377800 2012-11-07] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-08-26] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [Nike+ Connect] => C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe [71680 2015-02-01] (Nike)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66936 2015-08-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKU\S-1-5-21-4190836313-3339163880-859448109-1001\...\Run: [Google Update] => C:\Users\Roberts Family\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-4190836313-3339163880-859448109-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-4190836313-3339163880-859448109-1001\...\Run: [Octoshape Streaming Services] => C:\Users\Roberts Family\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS)
HKU\S-1-5-21-4190836313-3339163880-859448109-1001\...\Run: [RockMelt Update] => C:\Users\Roberts Family\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [136336 2011-08-19] (RockMelt Inc.)
HKU\S-1-5-21-4190836313-3339163880-859448109-1001\...\Run: [Spotify Web Helper] => C:\Users\Roberts Family\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-06-05] (Spotify Ltd)
HKU\S-1-5-21-4190836313-3339163880-859448109-1001\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-11-25] ()
HKU\S-1-5-21-4190836313-3339163880-859448109-1001\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [6983768 2013-03-22] (SlySoft, Inc.)
HKU\S-1-5-21-4190836313-3339163880-859448109-1001\...\Run: [uTorrent] => C:\Users\Roberts Family\AppData\Roaming\uTorrent\uTorrent.exe [1696096 2015-09-09] (BitTorrent Inc.)
HKU\S-1-5-21-4190836313-3339163880-859448109-1001\...\Run: [CmTray] => C:\Program Files (x86)\Content Manager\launchCM.exe [94208 2011-12-28] ()
HKU\S-1-5-21-4190836313-3339163880-859448109-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21648480 2014-07-02] (Skype Technologies S.A.)
HKU\S-1-5-21-4190836313-3339163880-859448109-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-4190836313-3339163880-859448109-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-4190836313-3339163880-859448109-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-4190836313-3339163880-859448109-1001\...\Run: [Spotify] => C:\Users\Roberts Family\AppData\Roaming\Spotify\Spotify.exe [7323192 2015-06-05] (Spotify Ltd)
HKU\S-1-5-21-4190836313-3339163880-859448109-1001\...\Run: [GoogleChromeAutoLaunch_404CB0ED4D5342B49CBD6BAE6FC58785] => C:\Users\Roberts Family\AppData\Local\Google\Chrome\Application\chrome.exe [815944 2015-08-27] (Google Inc.)
HKU\S-1-5-21-4190836313-3339163880-859448109-1001\...\Run: [Dropbox Update] => C:\Users\Roberts Family\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-26] (Dropbox, Inc.)
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2236792 2013-03-15] (Eastman Kodak Company)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-03-22]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Roberts Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-10]
ShortcutTarget: Dropbox.lnk -> C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 208.59.247.45 208.59.247.46 192.168.1.1
Tcpip\..\Interfaces\{BD87AFBD-6DA4-4C77-95F7-A56E0B2AAB7E}: [DhcpNameServer] 208.59.247.45 208.59.247.46 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.coupons.com/
HKU\S-1-5-21-4190836313-3339163880-859448109-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.coupons.com/
HKU\S-1-5-21-4190836313-3339163880-859448109-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-4190836313-3339163880-859448109-1001\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://g.msn.com/HPDSK/1
URLSearchHook: HKU\S-1-5-21-4190836313-3339163880-859448109-1001 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {522055EF-C496-444D-9574-B78AE8C3575D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {522055EF-C496-444D-9574-B78AE8C3575D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-4190836313-3339163880-859448109-1001 -> DefaultScope {4D643B2B-B043-4F6D-B426-1E10B87328F6} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4190836313-3339163880-859448109-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MA95B2F96-1D49-4F0A-B353-4F9FC179A0B5&SearchSource=58&CUI=&UM=6&UP=SPAB6D3E2D-81DA-4956-81F6-5D0849904D27&q={searchTerms}&SSPV=SP21726TA_sp_ie
SearchScopes: HKU\S-1-5-21-4190836313-3339163880-859448109-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4190836313-3339163880-859448109-1001 -> {2B22ECC0-FEB4-4912-94FF-C491A05E5B06} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=kw&q={searchTerms}&locale=&apn_ptnrs=^FV&apn_dtid=^YYYYYY^YY^US&apn_uid=FD8FDC34-78E7-4797-AA90-21E480671C58&apn_sauid=B5668CF0-8BF0-4E29-9922-8C31E22CCD03
SearchScopes: HKU\S-1-5-21-4190836313-3339163880-859448109-1001 -> {4D643B2B-B043-4F6D-B426-1E10B87328F6} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4190836313-3339163880-859448109-1001 -> {522055EF-C496-444D-9574-B78AE8C3575D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-4190836313-3339163880-859448109-1001 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = hxxp://search.coupons.com/search.asp?p=df&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4190836313-3339163880-859448109-1001 -> {9B97950D-482C-1D79-568F-FC7B9D40C785} URL = hxxp://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20110812&iesrc={referrer:source}
SearchScopes: HKU\S-1-5-21-4190836313-3339163880-859448109-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-26] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2013-12-23] (Ask)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-26] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Freemake.YoutubeButton -> {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: TBSB07898 Class -> {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -> C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll [2013-07-15] ()
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2013-12-23] (Ask)
Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll [2013-07-15] ()
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {36103610-3232-3610-3610-323236103610} hxxps://sharecenter.myngc.com/im7/webdav/otdavview361.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ff
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2009-05-12] (DivX,Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-11-25] (Pando Networks)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4190836313-3339163880-859448109-1001: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF Plugin HKU\S-1-5-21-4190836313-3339163880-859448109-1001: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Roberts Family\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll [2013-12-18] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-4190836313-3339163880-859448109-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Roberts Family\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4190836313-3339163880-859448109-1001: @talk.google.com/O1DPlugin -> C:\Users\Roberts Family\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4190836313-3339163880-859448109-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Roberts Family\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-4190836313-3339163880-859448109-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Roberts Family\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-4190836313-3339163880-859448109-1001: @us-w1.rockmelt.com/RockMelt Update;version=8 -> C:\Users\Roberts Family\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll [2011-08-19] (RockMelt Inc.)
FF Plugin HKU\S-1-5-21-4190836313-3339163880-859448109-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-11-25] (Pando Networks)
FF Plugin HKU\S-1-5-21-4190836313-3339163880-859448109-1001: revtrax.com/RevTraxPrintMyCoupon -> C:\Users\Roberts Family\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll [2014-10-15] (RevTrax)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\libdivx.dll [2009-05-01] (The OpenSSL Project, http://www.openssl.org/)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2011-09-10] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2014-03-20] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdivx32.dll [2009-05-12] (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2014-09-03] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-09-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-09-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-09-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-09-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-09-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ssldivx.dll [2009-05-01] (The OpenSSL Project, http://www.openssl.org/)
FF Plugin ProgramFiles/Appdata: C:\Users\Roberts Family\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Roberts Family\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Roberts Family\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2014-06-15] (Octoshape ApS)
FF SearchPlugin: C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\searchplugins\askcom.xml [2015-04-26]
FF SearchPlugin: C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\searchplugins\bing-zugo.xml [2011-08-12]
FF SearchPlugin: C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\searchplugins\bingp.xml [2013-07-25]
FF Extension: Ask Toolbar - C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\Extensions\[email protected] [2012-04-28]
FF Extension: Greasemonkey - C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012-08-06]
FF Extension: DivX Web Player - C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\Extensions\[email protected] [2011-07-26]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2012-07-07]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-10-07]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected] [2014-02-04]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected] [2014-02-04]
FF HKLM-x32\...\Firefox\Extensions: [{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}] - C:\Program Files (x86)\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi
FF Extension: Coupons.com CouponBar - C:\Program Files (x86)\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi [2014-03-12]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP6235994A-288E-468F-8E8F-8EE0F72D5CDB&SSPV=SP21726TA_sp_ch
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Roberts Family\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Roberts Family\AppData\Local\Google\Chrome\Application\45.0.2454.85\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Users\Roberts Family\AppData\Local\Google\Chrome\Application\45.0.2454.85\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Roberts Family\AppData\Local\Google\Chrome\Application\45.0.2454.85\pdf.dll => No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Users\Roberts Family\AppData\Local\Google\Chrome\Application\plugins\NPcol400.dll (Catalina Marketing Corporation)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\Roberts Family\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Octoshape Streaming Services) - C:\Users\Roberts Family\AppData\Roaming\Mozilla\plugins\npoctoshape.dll (Octoshape ApS)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll => No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Roberts Family\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll => No File
CHR Plugin: (RockMelt Update) - C:\Users\Roberts Family\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\Roberts Family\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Roberts Family\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Octoshape Streaming Services) - C:\Users\Roberts Family\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll => No File
CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll => No File
CHR Profile: C:\Users\Roberts Family\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dropbox for Gmail) - C:\Users\Roberts Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2015-05-29]
CHR Extension: (Freemake Youtube Download Button) - C:\Users\Roberts Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2013-06-22]
CHR Extension: (Avira Browser Safety) - C:\Users\Roberts Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-14]
CHR Extension: (AdBlock) - C:\Users\Roberts Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-05]
CHR Extension: (Freemake Video Converter) - C:\Users\Roberts Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2013-06-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Roberts Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Roberts Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR HKU\S-1-5-21-4190836313-3339163880-859448109-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [incfcgceegpikennjoplhfghaaikdgei] - C:\Users\Roberts Family\AppData\Roaming\StartNow Toolbar\CR\zcrx.crx [2012-11-19]
CHR HKLM-x32\...\Chrome\Extension: [aaaapoldfpilohhfkhihnhdckpackghi] - C:\Users\Roberts Family\AppData\Local\APN\GoogleCRXs\aaaapoldfpilohhfkhihnhdckpackghi_7.15.29.0.crx [2014-08-31]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-02-04]
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2014-02-04]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2012-07-07]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
StartMenuInternet: Google Chrome - C:\Users\Roberts Family\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-10-13] (Advanced Micro Devices, Inc.) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-07-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-08-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-08-26] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-08-26] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [228104 2015-08-13] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177648 2014-09-05] (Coupons.com Inc.)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-02-04] (Ellora Assets Corp.) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [289256 2015-06-26] (McAfee, Inc.)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2011-02-04] (Nalpeiron Ltd.) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File not signed]
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [179200 2014-08-22] (Company) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [142424 2013-03-18] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [142424 2013-03-18] (SlySoft, Inc.)
S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55424 2011-06-24] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162528 2015-07-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-07-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-14] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-02-12] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2486416 2014-12-31] (MediaTek Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-15 20:47 - 2015-09-15 20:48 - 00047358 _____ C:\Users\Roberts Family\Desktop\FRST.txt
2015-09-15 20:46 - 2015-09-15 20:47 - 00000000 ____D C:\FRST
2015-09-15 20:45 - 2015-09-15 20:45 - 02191360 _____ (Farbar) C:\Users\Roberts Family\Desktop\FRST64.exe
2015-09-14 07:35 - 2015-09-14 07:35 - 00001847 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-09-14 07:35 - 2015-09-14 07:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-09-14 07:35 - 2015-09-14 07:35 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-09-11 20:22 - 2015-09-11 20:22 - 00011288 _____ C:\Users\Roberts Family\Downloads\Message (2).pgp
2015-09-11 12:22 - 2015-09-11 12:30 - 1480308598 ____R C:\Users\Roberts Family\Downloads\Jurassic.World.2015.HDRip.XViD.AC3-ETRG.avi
2015-09-11 12:22 - 2015-09-11 12:23 - 01533676 _____ C:\Users\Roberts Family\Downloads\~uTorrentPartFile_59BAB65B.dat
2015-09-11 10:03 - 2015-09-11 10:03 - 01574218 _____ C:\Users\Roberts Family\Downloads\Football--Coop-11-09-2015.mp4
2015-09-11 09:16 - 2015-09-11 09:17 - 13155552 _____ (Microsoft Corporation) C:\Users\Roberts Family\Downloads\Silverlight_x64.exe
2015-09-09 18:17 - 2015-09-09 18:17 - 00000040 _____ C:\Windows\system32\`Ê
2015-09-09 11:40 - 2015-09-09 11:40 - 42723838 _____ C:\Users\Roberts Family\Downloads\Batman 044 (2015) (2 covers) (Digital) (Zone-Empire).cbr
2015-09-08 20:42 - 2015-09-08 21:11 - 560972785 _____ C:\Users\Roberts Family\Downloads\ovrnght.mkv
2015-09-06 20:11 - 2015-09-06 20:26 - 1471871646 _____ C:\Users\Roberts Family\Downloads\RSHTM.2015.HDRip.XviD.AC3-EVO.avi
2015-09-06 09:02 - 2015-09-06 09:02 - 00080384 _____ C:\Users\Roberts Family\Downloads\32d8b135-812d-4005-aca4-a5cddd5825a0.wiz
2015-09-04 00:22 - 2015-09-04 00:22 - 00000000 ____D C:\Users\Roberts Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-03 11:17 - 2015-09-03 11:26 - 2780478375 _____ C:\Users\Roberts Family\Downloads\Minions.2015.720p.HDRip.X264.AC3-EVO.mkv
2015-09-02 18:57 - 2015-09-02 19:03 - 22573757 _____ C:\Users\Roberts Family\Downloads\Injustice - Gods Among Us - Year Four 018 (2015) (digital) (Son of Ultron-Empire).cbr
2015-09-02 15:12 - 2015-09-02 15:14 - 62067488 _____ C:\Users\Roberts Family\Downloads\We Stand On Guard 003 (2015) (digital) (Minutemen-Spaztastic).cbr
2015-09-02 12:55 - 2015-09-02 12:57 - 333228490 _____ C:\Users\Roberts Family\Downloads\Fear.The.Walking.Dead.S01E02.HDTV.x264-KILLERS.mp4
2015-08-28 16:23 - 2015-08-28 16:31 - 1048806728 _____ C:\Users\Roberts Family\Downloads\Southpaw.2015.720p.WEB-DL.999MB.ShAaNiG.mkv
2015-08-26 12:58 - 2015-08-26 12:58 - 46862876 _____ C:\Users\Roberts Family\Downloads\Fight Club 2 004 (2015) (digital) (Son of Ultron-Empire).cbr
2015-08-26 12:58 - 2015-08-26 12:58 - 29626597 _____ C:\Users\Roberts Family\Downloads\East of West 020 (2015) (Digital) (Zone-Empire).cbr
2015-08-26 12:57 - 2015-08-26 12:58 - 47735611 _____ C:\Users\Roberts Family\Downloads\Justice League Of America 03 (2015) (Webrip) (The Last Kryptonian-DCP).cbr
2015-08-26 12:57 - 2015-08-26 12:57 - 39899947 _____ C:\Users\Roberts Family\Downloads\Cyborg 02 (2015) (Webrip) (The Last Kryptonian-DCP).cbr
2015-08-26 12:36 - 2015-08-26 13:05 - 1301482535 _____ C:\Users\Roberts Family\Downloads\Avengers.Age.of.Ultron.2015.WEB-DL.x264-RARBG.mp4
2015-08-26 08:36 - 2015-09-15 20:41 - 00000954 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4190836313-3339163880-859448109-1001UA.job
2015-08-26 08:36 - 2015-08-26 08:36 - 00003942 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4190836313-3339163880-859448109-1001UA
2015-08-26 08:35 - 2015-09-15 08:40 - 00000902 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4190836313-3339163880-859448109-1001Core.job
2015-08-26 08:35 - 2015-08-26 08:35 - 00003546 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4190836313-3339163880-859448109-1001Core
2015-08-26 08:35 - 2015-08-26 08:35 - 00000000 ____D C:\Users\Roberts Family\AppData\Local\Dropbox
2015-08-26 08:35 - 2015-08-26 08:35 - 00000000 ____D C:\ProgramData\Dropbox
2015-08-25 19:25 - 2015-08-25 19:29 - 24364768 _____ C:\Users\Roberts Family\Downloads\Injustice - Gods Among Us - Year Four 017 (2015) (digital) (Son of Ultron-Empire).cbr
2015-08-25 19:21 - 2015-08-25 19:30 - 669029301 _____ C:\Users\Roberts Family\Downloads\452Aau.2015.720p.web-dl.x265_hevc_-_Team_Encodex265_-_Copy.mkv
2015-08-21 08:55 - 2015-08-21 08:58 - 1322774402 _____ C:\Users\Roberts Family\Downloads\A.A.G.2015.720p.HDRip.HEVC.x265.AC3-SANTi.mkv
2015-08-19 19:10 - 2015-08-19 19:14 - 22359838 _____ C:\Users\Roberts Family\Downloads\Injustice - Gods Among Us - Year Four 016 (2015) (digital) (Son of Ultron-Empire).cbr
2015-08-19 19:08 - 2015-08-19 19:08 - 36900148 _____ C:\Users\Roberts Family\Downloads\Invincible 122 (2015) (Digital) (Zone-Empire).cbr
2015-08-19 19:06 - 2015-08-19 19:07 - 40805055 _____ C:\Users\Roberts Family\Downloads\Justice League 043 (2015) (Webrip) (The Last Kryptonian-DCP).cbr
2015-08-19 19:05 - 2015-08-19 19:11 - 32776271 _____ C:\Users\Roberts Family\Downloads\Robin - Son of Batman 003 (2015) (digital-Oroboros).cbr
2015-08-16 18:13 - 2015-08-16 18:13 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-08-16 18:13 - 2015-08-16 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-16 18:12 - 2015-08-16 18:13 - 00000000 ____D C:\Program Files\iTunes
2015-08-16 18:12 - 2015-08-16 18:12 - 00000000 ____D C:\Program Files\iPod
2015-08-16 18:12 - 2015-08-16 18:12 - 00000000 ____D C:\Program Files (x86)\iTunes
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-15 20:31 - 2012-04-22 18:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-15 20:13 - 2011-07-26 12:46 - 00000944 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4190836313-3339163880-859448109-1001UA.job
2015-09-15 20:05 - 2011-08-19 12:00 - 00000964 _____ C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4190836313-3339163880-859448109-1001UA.job
2015-09-15 19:20 - 2011-04-02 01:38 - 00000000 ____D C:\ProgramData\PDFC
2015-09-15 18:34 - 2012-11-15 11:55 - 00000000 ____D C:\ProgramData\Kodak
2015-09-15 18:24 - 2011-07-24 12:06 - 02071633 _____ C:\Windows\WindowsUpdate.log
2015-09-15 14:13 - 2011-07-26 12:46 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4190836313-3339163880-859448109-1001Core.job
2015-09-15 14:08 - 2011-07-26 12:46 - 00003932 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4190836313-3339163880-859448109-1001UA
2015-09-15 14:08 - 2011-07-26 12:46 - 00003536 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4190836313-3339163880-859448109-1001Core
2015-09-15 12:05 - 2011-08-19 12:00 - 00000912 _____ C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4190836313-3339163880-859448109-1001Core.job
2015-09-15 08:21 - 2011-07-26 17:39 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-09-15 02:00 - 2011-08-14 20:26 - 00000000 ____D C:\Users\Roberts Family\AppData\Local\Adobe
2015-09-12 21:21 - 2011-07-24 12:12 - 00353048 _____ C:\Users\Roberts Family\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-12 17:23 - 2011-07-28 09:18 - 00000000 ____D C:\Users\Roberts Family\AppData\Roaming\uTorrent
2015-09-11 09:26 - 2013-05-17 14:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-11 09:26 - 2013-05-17 14:42 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-11 09:26 - 2013-05-17 14:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-09-10 16:53 - 2011-07-26 12:46 - 00000000 ____D C:\Users\Roberts Family\AppData\Local\Google
2015-09-10 09:07 - 2009-07-14 00:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-10 09:07 - 2009-07-14 00:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-09 20:35 - 2012-08-07 21:28 - 00000000 ____D C:\Users\Roberts Family\AppData\Roaming\Skype
2015-09-09 20:33 - 2011-08-17 11:44 - 00000000 ____D C:\Users\Roberts Family\AppData\Local\Spotify
2015-09-09 20:31 - 2011-08-17 11:44 - 00000000 ____D C:\Users\Roberts Family\AppData\Roaming\Spotify
2015-09-09 18:51 - 2012-11-25 16:31 - 00000000 ____D C:\Users\Roberts Family\AppData\Local\PMB Files
2015-09-09 18:24 - 2014-08-12 16:53 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-09 18:24 - 2012-10-08 18:03 - 00000000 ___RD C:\Users\Roberts Family\Dropbox
2015-09-09 18:23 - 2013-01-12 16:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-09-09 18:23 - 2012-10-08 17:59 - 00000000 ____D C:\Users\Roberts Family\AppData\Roaming\Dropbox
2015-09-09 18:20 - 2013-06-23 13:48 - 00000040 ___SH C:\ProgramData\.zreglib
2015-09-09 18:18 - 2015-01-06 09:22 - 00000368 _____ C:\Windows\Tasks\HPCeeScheduleForRoberts Family.job
2015-09-09 18:18 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-09 18:15 - 2011-07-29 21:08 - 00000000 ____D C:\Users\Roberts Family\AppData\Roaming\SoftGrid Client
2015-09-04 09:09 - 2011-07-26 12:46 - 00002414 _____ C:\Users\Roberts Family\Desktop\Google Chrome.lnk
2015-08-26 18:14 - 2015-01-06 09:22 - 00003240 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRoberts Family
2015-08-25 21:33 - 2012-11-17 21:29 - 00003220 _____ C:\Windows\System32\Tasks\HPCeeScheduleForIONGRAPHX$
2015-08-25 21:33 - 2012-11-17 21:29 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForIONGRAPHX$.job
2015-08-16 18:12 - 2011-07-27 22:02 - 00000000 ____D C:\Program Files\Common Files\Apple
 
==================== Files in the root of some directories =======
 
2012-05-23 23:28 - 2012-05-23 23:32 - 0000132 _____ () C:\Users\Roberts Family\AppData\Roaming\Adobe GIF Format CS5 Prefs
2013-03-02 09:40 - 2013-03-02 09:41 - 0000132 _____ () C:\Users\Roberts Family\AppData\Roaming\Adobe GIF Format CS6 Prefs
2013-12-19 14:22 - 2013-12-19 14:22 - 0000132 _____ () C:\Users\Roberts Family\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2011-08-31 11:36 - 2012-09-17 00:21 - 0000132 _____ () C:\Users\Roberts Family\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-10-22 16:08 - 2015-04-23 17:44 - 0000132 _____ () C:\Users\Roberts Family\AppData\Roaming\Adobe PNG Format CS6 Prefs
2012-12-18 16:04 - 2012-12-21 21:11 - 0000580 _____ () C:\Users\Roberts Family\AppData\Local\cookies.ini
2012-11-15 23:55 - 2013-10-17 22:39 - 0029876 _____ () C:\Users\Roberts Family\AppData\Local\installer.log
2013-06-23 13:48 - 2015-09-09 18:20 - 0000040 ___SH () C:\ProgramData\.zreglib
 
Some files in TEMP:
====================
C:\Users\Roberts Family\AppData\Local\Temp\avgnt.exe
C:\Users\Roberts Family\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphfumtw.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-11 00:19
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Roberts Family (2015-09-15 20:49:04)
Running from C:\Users\Roberts Family\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-07-24 16:06:53)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4190836313-3339163880-859448109-500 - Administrator - Disabled)
Guest (S-1-5-21-4190836313-3339163880-859448109-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4190836313-3339163880-859448109-1002 - Limited - Enabled)
Roberts Family (S-1-5-21-4190836313-3339163880-859448109-1001 - Administrator - Enabled) => C:\Users\Roberts Family
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-4190836313-3339163880-859448109-1001\...\uTorrent) (Version: 3.4.4.40911 - BitTorrent Inc.)
AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
AMD Catalyst Install Manager (HKLM\...\{6F483F38-6162-7606-1D0B-054852C8E011}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.1.7.0 - SlySoft)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARO 2013 (HKLM\...\ARO 2013_is1) (Version: 8.0 - Support.com)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.29.0 - Ask.com) <==== ATTENTION
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.12.420 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{315dd168-0794-4cf1-8355-f195cde642fc}) (Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG) Hidden
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BitPim 1.0.7 (HKLM-x32\...\{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1) (Version: 1.0.7 - Joe Pham <[email protected]>)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
center (x32 Version: 7.7.2.0 - Eastman Kodak Company) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Combined Community Codec Pack 2011-11-11 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.11.11.0 - CCCP Project)
Content Manager (HKLM-x32\...\{B64BC516-2406-43AE-A21A-1E387A2343B1}) (Version: 2.70 - Magellan)
CoreAAC Audio Decoder (remove only) (HKLM-x32\...\CoreAAC Audio Decoder) (Version:  - )
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.2) (Version: 5.0.1.2 - Coupons.com Incorporated)
CouponBar (HKLM-x32\...\CouponBar5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated) <==== ATTENTION
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DC++ 0.782 (HKLM-x32\...\DC++) (Version: 0.782 - Jacek Sieka)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DivX Web Player (HKLM-x32\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.5.0 - DivX,Inc.)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-4190836313-3339163880-859448109-1001\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
essentials (x32 Version: 7.7.2.0 - Eastman Kodak Company) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
ffdshow [rev 3299] [2010-03-03] (HKLM-x32\...\ffdshow_is1) (Version: 1.0.0.3299 - )
FileZilla Client 3.5.1 (HKLM-x32\...\FileZilla Client) (Version: 3.5.1 - FileZilla Project)
FormatFactory 2.95 (HKLM-x32\...\FormatFactory) (Version: 2.95 - Free Time)
Free Studio version 5.1.4 (HKLM-x32\...\Free Studio_is1) (Version:  - DVDVideoSoft Limited.)
Freemake Video Converter version 4.0.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.0.4 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.6.2 - Ellora Assets Corporation)
Freemake Youtube Mp3 Converter (HKLM-x32\...\Freemake Youtube Mp3 Converter_is1) (Version: 3.5.1 - Ellora Assets Corporation)
Freemake YouTube To MP3 Boom (HKLM-x32\...\Freemake YouTube To MP3 Boom_is1) (Version: 1.0.0 - Ellora Assets Corporation)
Freez FLV to AVI/MPEG/WMV Converter (HKLM-x32\...\Freez FLV to AVI/MPEG/WMV Converter v1.6_is1) (Version: 1.6 - www.smallvideosoft.com)
Google Chrome (HKU\S-1-5-21-4190836313-3339163880-859448109-1001\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google SketchUp 8 (HKLM-x32\...\{3544DED1-07DB-40C0-98F3-435A6DA195C7}) (Version: 3.0.14346 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Hawken (HKU\S-1-5-21-4190836313-3339163880-859448109-1001\...\Hawken) (Version:  - Meteor Entertainment)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
High-Definition Video Playback 10 (x32 Version: 7.0.11400.29.0 - Nero AG) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP LinkUp (HKLM-x32\...\{C1AD9241-3ADD-483F-914D-071F3E50855A}) (Version: 2.01.026 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BB760C1D-98F4-4E38-8CC4-3B67329AA981}) (Version: 1.0.6.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
Hulu Desktop (HKU\S-1-5-21-4190836313-3339163880-859448109-1001\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
HydraVision (x32 Version: 4.2.218.0 - Advanced Micro Devices, Inc.) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
iWisoft Flash SWF to Video Converter 3.4 (HKLM-x32\...\iWisoft Flash SWF to Video Converter_is1) (Version: 3.4.0 - www.flash-swf-converter.com)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.7.6.0 - Eastman Kodak Company)
Kodak AiO Software Patch (HKLM-x32\...\{A2879F30-135D-4744-97C0-9D5FCD3E8D34}) (Version: 7.6.12.20 - Eastman Kodak Company)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3609 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3609 - CyberLink Corp.) Hidden
Learning Lodge Navigator (HKLM-x32\...\VTechDownloadManager) (Version:  - VTech)
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )
LightScribe System Software (HKLM-x32\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.149.2 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MKV to AVI Converter (HKLM-x32\...\{729E66B3-1B80-4F3F-8D19-342A89631E1A}_is1) (Version:  - )
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPublisher (HKLM-x32\...\MyPublisher) (Version:  - MyPublisher, Inc.)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11600.19.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.11100.10.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.11000.12.100 - Nero AG)
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10900.11.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10800.7.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.11000.10.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10800.8.100 - Nero AG)
Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.13400.11.100 - Nero AG)
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13100 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10900.4.100 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10900.9.100 - Nero AG)
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10600.2.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.11200.12.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0017 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.11100.8.100 - Nero AG)
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10600.2.100 - Nero AG)
Nike+ Connect (HKLM-x32\...\Nike+ Connect) (Version: 6.6.32 - Nike)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
Octoshape Streaming Services (HKU\S-1-5-21-4190836313-3339163880-859448109-1001\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)
[email protected] (HKLM-x32\...\{CF594DB8-CFB0-45B4-86DA-8BB4AC0941F8}) (Version: 3.0.7.0 - Valassis)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.35 - PDF Complete, Inc)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDFMate Free PDF Merger 1.0.8 (HKLM-x32\...\PDFMate Free PDF Merger_is1) (Version:  - pdfmate.com)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Perfect Resize 7.0.1 Professional Edition (HKLM-x32\...\{FCADA4FF-142C-42A8-B73C-0A54A7F83345}) (Version: 7.0.1 - onOne Software)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 4.3 - Popcorn Time)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4817 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4817 - CyberLink Corp.) Hidden
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 -  NewspaperDirect Inc.)
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.53.0 - Mediatek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3621 - CyberLink Corp.) Hidden
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RevTraxPrintMyCoupon (HKLM-x32\...\{19E8EBBF-55F3-41FB-AC8E-373BA0436939}) (Version: 1.0.0.0 - RevTrax) <==== ATTENTION
RockMelt (HKU\S-1-5-21-4190836313-3339163880-859448109-1001\...\RockMelt) (Version: 0.16.91.483 - RockMelt, Inc.)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.0.0.4 - Shutterfly, Inc.)
Shutterfly Express Uploader (x32 Version: 1.0.0 - Shutterfly, Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.5.2 - )
Spotify (HKU\S-1-5-21-4190836313-3339163880-859448109-1001\...\Spotify) (Version: 0.8.3.222.g317ab79d - Spotify AB)
Star Trek Online (HKLM-x32\...\Star Trek Online) (Version:  - Cryptic Studios)
SWF to AVI (HKLM-x32\...\{3315B802-84C6-47BC-907A-9B77A4646197}_is1) (Version:  - www.swftoavi.com)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.6.1 - Tweaking.com)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Updater (HKU\S-1-5-21-4190836313-3339163880-859448109-1001\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.4.35882 - Ask.com) <==== ATTENTION
VC80CRTRedist - 8.0.50727.762 (x32 Version: 1.0.0 - DivX, Inc) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC Streamer 2.51 (HKLM-x32\...\VLC Streamer_is1) (Version:  - )
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 4.1.2.0 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Wondershare Dr.Fone for iOS(Build 4.1.1.5) (HKLM-x32\...\{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1) (Version: 4.1.1.5 - Wondershare Software Co.,Ltd.)
XMedia Recode version 3.1.2.2 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.2.2 - XMedia Recode)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4190836313-3339163880-859448109-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4190836313-3339163880-859448109-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Roberts Family\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4190836313-3339163880-859448109-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Roberts Family\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4190836313-3339163880-859448109-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Roberts Family\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4190836313-3339163880-859448109-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Roberts Family\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4190836313-3339163880-859448109-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Roberts Family\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4190836313-3339163880-859448109-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Roberts Family\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4190836313-3339163880-859448109-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Roberts Family\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4190836313-3339163880-859448109-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Roberts Family\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4190836313-3339163880-859448109-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Roberts Family\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4190836313-3339163880-859448109-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Roberts Family\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4190836313-3339163880-859448109-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4190836313-3339163880-859448109-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4190836313-3339163880-859448109-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4190836313-3339163880-859448109-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4190836313-3339163880-859448109-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4190836313-3339163880-859448109-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4190836313-3339163880-859448109-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4190836313-3339163880-859448109-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4190836313-3339163880-859448109-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4190836313-3339163880-859448109-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4190836313-3339163880-859448109-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Roberts Family\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points =========================
 
02-09-2015 00:04:38 Scheduled Checkpoint
09-09-2015 01:47:22 Scheduled Checkpoint
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2015-07-29 18:53 - 00000128 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost
਍⸰⸰⸰ऱ獭灳畬⹳捭晡敥挮浯਍
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {080AD066-1532-4BC6-B584-32A3DF72750D} - System32\Tasks\HPCeeScheduleForIONGRAPHX$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {0FE88D3A-9B16-4A7E-A213-D5AB7BF063D9} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2010-12-21] (CyberLink)
Task: {158003A2-290C-4ECB-BE8E-503FDCA9A4F1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2972E87A-4577-4122-9B51-1CE61D151706} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {30753F31-1FB7-49F5-83A8-252D74C2C177} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {333B0D89-14F7-43FB-A917-0F06F0DDF448} - System32\Tasks\{60A5FCC0-96EF-4439-840D-FD0AEE7AC45B} => pcalua.exe -a "C:\Users\Roberts Family\Downloads\FirmwareFlashLauncher.exe" -d "C:\Users\Roberts Family\Downloads"
Task: {4009F7F4-7B35-4F4A-A928-8EE725851CED} - System32\Tasks\RockMeltUpdateTaskUserS-1-5-21-4190836313-3339163880-859448109-1001UA => C:\Users\Roberts Family\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2011-08-19] (RockMelt Inc.)
Task: {59CF60D2-C000-4F96-A3DD-6518DE80F8B5} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-12-23] () <==== ATTENTION
Task: {6F11749F-6893-4B49-8723-80D4B707707D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4190836313-3339163880-859448109-1001Core => C:\Users\Roberts Family\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {792DB1AC-0811-457F-9446-7EC64DFB46EF} - System32\Tasks\{17629013-34CE-48BB-85AE-CFD33CADD85B} => pcalua.exe -a "C:\Users\Roberts Family\Downloads\64bit_Win7_Win8_Win81_R275.exe" -d "C:\Users\Roberts Family\Downloads"
Task: {83FEE5DD-CDD4-4B34-B94D-18C78472848D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4190836313-3339163880-859448109-1001UA => C:\Users\Roberts Family\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {8998E8B3-DB39-4213-B7BB-53A7E96C130B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {97BD8FAF-8C7F-427E-A324-07AE61FEC6D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-08-27] (Hewlett-Packard)
Task: {98637FC5-1338-41E1-8E97-51AA9AB34DF0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {9F3BEA8B-E7A8-436A-9409-7535BB273C84} - System32\Tasks\AdobeAAMUpdater-1.0-IONGRAPHX-Roberts Family => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {A3CDDDF2-6C33-44F3-AAF9-5CD6B1BB2BCD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {A7319C59-6135-493A-9CAB-21266F8313E8} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4190836313-3339163880-859448109-1001Core => C:\Users\Roberts Family\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-26] (Dropbox, Inc.)
Task: {CC295274-F2DD-4DF9-BEF6-514C9B924E66} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4190836313-3339163880-859448109-1001UA => C:\Users\Roberts Family\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-26] (Dropbox, Inc.)
Task: {D191A647-4CC9-439C-BB0C-D3FBA9ECE6C3} - System32\Tasks\HPCeeScheduleForRoberts Family => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {DD02294F-0274-4BCA-A38E-A1B4A697F459} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP SoftPaq Installer => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Tasks.exe [2013-11-04] (Hewlett-Packard Company)
Task: {F3548499-6DEF-4119-9907-AFE2AD813FAE} - System32\Tasks\RockMeltUpdateTaskUserS-1-5-21-4190836313-3339163880-859448109-1001Core => C:\Users\Roberts Family\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2011-08-19] (RockMelt Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4190836313-3339163880-859448109-1001Core.job => C:\Users\Roberts Family\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4190836313-3339163880-859448109-1001UA.job => C:\Users\Roberts Family\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4190836313-3339163880-859448109-1001Core.job => C:\Users\Roberts Family\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4190836313-3339163880-859448109-1001UA.job => C:\Users\Roberts Family\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForIONGRAPHX$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForRoberts Family.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4190836313-3339163880-859448109-1001Core.job => C:\Users\Roberts Family\AppData\Local\RockMelt\Update\RockMeltUpdate.exe
Task: C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4190836313-3339163880-859448109-1001UA.job => C:\Users\Roberts Family\AppData\Local\RockMelt\Update\RockMeltUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-08-12 14:32 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2011-10-13 15:44 - 2011-10-13 15:44 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-07 23:10 - 2012-11-07 22:26 - 00377800 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
2010-02-03 09:36 - 2010-02-03 09:36 - 00087488 _____ () C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
2011-10-13 15:44 - 2011-10-13 15:44 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-10-13 16:01 - 2011-10-13 16:01 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-11-02 14:03 - 2011-11-02 14:03 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-02-28 02:33 - 2010-02-28 02:33 - 00077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2009-06-17 11:40 - 2009-06-17 11:40 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2009-06-17 11:40 - 2009-06-17 11:40 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2009-06-17 11:40 - 2009-06-17 11:40 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-09 18:21 - 2015-09-09 18:21 - 00071168 ____N () c:\Users\Roberts Family\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphfumtw.dll
2015-08-26 08:40 - 2015-08-05 01:26 - 00012800 _____ () C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-08-26 08:40 - 2015-08-05 01:26 - 00779776 _____ () C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-08-26 08:40 - 2015-08-05 01:26 - 00056320 _____ () C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-08-26 08:40 - 2015-08-05 01:26 - 00012288 _____ () C:\Users\Roberts Family\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2012-02-09 22:46 - 2010-06-23 21:16 - 02150400 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll
2012-02-09 22:46 - 2010-07-13 09:07 - 07826432 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll
2012-02-09 22:46 - 2010-06-01 22:29 - 00934912 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll
2012-02-09 22:46 - 2010-06-01 22:28 - 00335360 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll
2012-11-07 23:10 - 2012-08-06 05:54 - 09843640 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll
2012-02-09 22:46 - 2010-06-01 22:56 - 00232960 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll
2012-02-09 22:46 - 2010-06-01 22:54 - 02530816 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll
2012-02-09 22:46 - 2010-07-05 05:19 - 00116736 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
2012-02-09 22:46 - 2010-11-11 05:24 - 00028160 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll
2012-02-09 22:46 - 2010-06-02 01:05 - 00119808 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll
2011-08-28 17:19 - 2011-08-28 17:19 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2002-05-14 18:26 - 2002-05-14 18:26 - 00158208 _____ () C:\Program Files (x86)\CDisplay\UNRAR.DLL
2015-09-04 09:08 - 2015-08-27 20:17 - 01501512 _____ () C:\Users\Roberts Family\AppData\Local\Google\Chrome\Application\45.0.2454.85\libglesv2.dll
2015-09-04 09:08 - 2015-08-27 20:17 - 00081224 _____ () C:\Users\Roberts Family\AppData\Local\Google\Chrome\Application\45.0.2454.85\libegl.dll
2015-09-04 09:08 - 2015-08-27 20:17 - 16393032 _____ () C:\Users\Roberts Family\AppData\Local\Google\Chrome\Application\45.0.2454.85\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4190836313-3339163880-859448109-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Roberts Family\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.59.247.45 - 208.59.247.46
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{83042AF0-5A5E-4CC3-B9FB-B5198A7E4DB8}] => (Allow) LPort=9322
FirewallRules: [{2782CFDE-CF11-4D6C-904E-7814F24F4753}] => (Allow) LPort=5353
FirewallRules: [TCP Query User{23D5A6B2-AF24-49B8-B930-94EEA0D7CC8C}C:\program files (x86)\pando networks\media booster\pmb.exe] => (Block) C:\program files (x86)\pando networks\media booster\pmb.exe
FirewallRules: [UDP Query User{369CBD84-5416-4292-A2E5-F9A0B5F32C5B}C:\program files (x86)\pando networks\media booster\pmb.exe] => (Block) C:\program files (x86)\pando networks\media booster\pmb.exe
FirewallRules: [TCP Query User{5B795AA6-6680-433F-BB6A-8CACD6B5189B}C:\program files (x86)\dc++\dcplusplus.exe] => (Allow) C:\program files (x86)\dc++\dcplusplus.exe
FirewallRules: [UDP Query User{6EBFCC0E-599D-40F9-A978-BB5977239ADF}C:\program files (x86)\dc++\dcplusplus.exe] => (Allow) C:\program files (x86)\dc++\dcplusplus.exe
FirewallRules: [{2D2085EC-541E-4E41-91F1-0792C0F67C0B}] => (Allow) C:\Users\Roberts Family\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{8697E4C8-C6AD-4A90-8D5B-E90FD646A2D3}] => (Allow) C:\Users\Roberts Family\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [TCP Query User{86A65A69-2AA0-4C31-B82F-6F3D1D5CA217}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{EFF13437-5EBB-406F-990D-9BC956DB8694}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{0BE3D82C-D0FF-4D34-AE76-8C4CA54F36A0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{139FED09-7609-476D-AF95-16148EA4CFBB}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [UDP Query User{AC5723B3-B969-4F1B-ACD5-72292C73AFB3}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [{33FC73BB-D5F0-456F-9514-4053F2ED49FB}] => (Allow) C:\Users\Roberts Family\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{128A2D79-6662-4369-8CF8-7A7BB143BC7F}] => (Allow) C:\Users\Roberts Family\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{47A69025-E1D3-444B-96F9-77A27B14A6EF}] => (Allow) LPort=5353
FirewallRules: [{960F7A65-D619-47CF-946A-2EF400DAA473}] => (Allow) LPort=9322
FirewallRules: [{5B4023D7-8E86-47C6-9AB0-70C12C9CFF75}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{0E3E83D1-8874-4A1C-96E9-1344B26B0DCF}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{4408FA2D-8C95-46DA-B0B0-77F993C76227}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{A0277DB0-1EF8-4668-9BC7-9A9A03EDB635}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{A4A8C19B-DBD4-4ABA-A2F8-E7884146F71C}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{DA9CA7E7-5B4D-49C0-8C93-3573AF6315E3}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{64053710-C725-4204-8A60-B86934C9FA58}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{ADF0AB6D-A59A-41F1-97C7-82DD230F1F9F}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{58A89EFA-5A99-47B8-AC2B-C33E45E0C202}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{8E55F0BD-E9FF-424C-A37D-9DC02D11FADA}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [TCP Query User{BC7AE3A4-6545-4F5B-AEB9-123BC89404B9}C:\program files (x86)\pando networks\media booster\pmb.exe] => (Block) C:\program files (x86)\pando networks\media booster\pmb.exe
FirewallRules: [UDP Query User{A7D80A96-C334-40F5-8C85-0B7E4AC688A8}C:\program files (x86)\pando networks\media booster\pmb.exe] => (Block) C:\program files (x86)\pando networks\media booster\pmb.exe
FirewallRules: [TCP Query User{A4B5F6A5-1864-41AC-823E-D7EC670D75CF}C:\users\roberts family\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\roberts family\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{08AEA3B2-FF02-4C5B-9900-E78BC068E7B5}C:\users\roberts family\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\roberts family\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{E1CEE0E8-83D9-4E42-BB4B-B4C2135423E5}C:\users\roberts family\downloads\pct\popcorn-time.exe] => (Allow) C:\users\roberts family\downloads\pct\popcorn-time.exe
FirewallRules: [UDP Query User{C11855E1-F790-4C58-AFF8-FB1CBAC7C687}C:\users\roberts family\downloads\pct\popcorn-time.exe] => (Allow) C:\users\roberts family\downloads\pct\popcorn-time.exe
FirewallRules: [{7183E2C6-04EC-48F1-AD52-1D44FE51F9DB}] => (Allow) C:\Users\Roberts Family\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2A5F1AD5-7543-44CD-900B-D9094B381ACA}] => (Allow) C:\Users\Roberts Family\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{18577929-7015-4F66-BCD2-0289B2486B55}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{D19BF8C7-4FC0-40B3-88F2-930575DFBBE8}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{0B134501-0508-46CE-834F-4AE89E53FBB8}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeUpdater.exe
FirewallRules: [{F35C6DB5-45CD-40E4-8A24-3B7C8E599CF4}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeUpdater.exe
FirewallRules: [{82FD62D0-F2A4-470A-964F-2557A49B6AC5}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
FirewallRules: [{0D18EB4F-EBF2-4E9B-A399-F83A51011021}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
FirewallRules: [TCP Query User{0415A473-1E75-4683-93C9-114FC4A5B343}C:\users\roberts family\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\roberts family\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{2792CDF3-A264-4A79-BA23-14367D869D07}C:\users\roberts family\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\roberts family\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{F2D06F68-3E70-4334-858D-902A25A585BD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0FC7D48E-7FEC-43C0-AF8E-D8D320C3C205}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{96033908-FE7A-4E6C-9D9C-898697ECCE64}C:\users\roberts family\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\roberts family\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{BC8A0CE6-5864-4442-A035-B81A360CFDA4}C:\users\roberts family\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\roberts family\appdata\roaming\spotify\spotify.exe
FirewallRules: [{0AF6F949-3E49-424A-9DE1-026F345B2DAF}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{BA7CAC52-158D-4DDA-9637-39715342C9DE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/15/2015 08:05:14 PM) (Source: Google Update) (EventID: 20) (User: IONGRAPHX)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072
 
Error: (09/15/2015 07:05:14 PM) (Source: Google Update) (EventID: 20) (User: IONGRAPHX)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072
 
Error: (09/15/2015 06:05:14 PM) (Source: Google Update) (EventID: 20) (User: IONGRAPHX)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072
 
Error: (09/15/2015 05:05:14 PM) (Source: Google Update) (EventID: 20) (User: IONGRAPHX)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072
 
Error: (09/15/2015 04:05:14 PM) (Source: Google Update) (EventID: 20) (User: IONGRAPHX)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072
 
Error: (09/15/2015 03:05:14 PM) (Source: Google Update) (EventID: 20) (User: IONGRAPHX)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072
 
Error: (09/15/2015 02:05:14 PM) (Source: Google Update) (EventID: 20) (User: IONGRAPHX)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072
 
Error: (09/15/2015 01:05:14 PM) (Source: Google Update) (EventID: 20) (User: IONGRAPHX)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072
 
Error: (09/15/2015 12:05:14 PM) (Source: Google Update) (EventID: 20) (User: IONGRAPHX)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072
 
Error: (09/15/2015 11:05:14 AM) (Source: Google Update) (EventID: 20) (User: IONGRAPHX)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072
 
 
System errors:
=============
Error: (09/13/2015 02:33:42 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer LINKSYS31859
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BD87AFBD-6DA4-4C77-95F7-A56E0B2AAB7E}.
The master browser is stopping or an election is being forced.
 
Error: (09/13/2015 01:27:49 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer LINKSYS31859
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BD87AFBD-6DA4-4C77-95F7-A56E0B2AAB7E}.
The master browser is stopping or an election is being forced.
 
Error: (09/09/2015 07:47:09 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
 
Error: (09/09/2015 06:19:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Media Center Extender Service service failed to start due to the following error: 
%%1079
 
Error: (09/09/2015 06:19:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update service service failed to start due to the following error: 
%%1053
 
Error: (09/09/2015 06:19:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Update service service to connect.
 
Error: (09/09/2015 06:19:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.
 
Error: (08/28/2015 05:19:00 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
 
Error: (08/28/2015 05:19:00 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
 
Error: (08/28/2015 05:19:00 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
 
 
CodeIntegrity:
===================================
  Date: 2011-07-26 10:54:02.180
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-07-25 15:19:56.811
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-07-25 14:46:11.599
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-07-25 13:41:13.199
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-07-25 13:25:39.086
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-07-25 13:08:11.866
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-07-25 12:48:12.826
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-07-25 10:57:17.998
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-07-25 10:14:06.341
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-07-25 09:41:19.989
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ II X4 645 Processor
Percentage of memory in use: 57%
Total physical RAM: 5887.29 MB
Available physical RAM: 2526.22 MB
Total Virtual: 11772.75 MB
Available Virtual: 5488.6 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:920.27 GB) (Free:286.92 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.15 GB) (Free:1.36 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive j: (ROBERTS HD) (Fixed) (Total:1863.01 GB) (Free:1461.69 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2DE1A8EB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: F36F89A7)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Edited by BIGROD, 16 September 2015 - 05:56 AM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you still getting the redirects ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\S-1-5-21-4190836313-3339163880-859448109-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MA95B2F96-1D49-4F0A-B353-4F9FC179A0B5&SearchSource=58&CUI=&UM=6&UP=SPAB6D3E2D-81DA-4956-81F6-5D0849904D27&q={searchTerms}&SSPV=SP21726TA_sp_ie
URLSearchHook: HKU\S-1-5-21-4190836313-3339163880-859448109-1001 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-4190836313-3339163880-859448109-1001 -> {2B22ECC0-FEB4-4912-94FF-C491A05E5B06} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=kw&q={searchTerms}&locale=&apn_ptnrs=^FV&apn_dtid=^YYYYYY^YY^US&apn_uid=FD8FDC34-78E7-4797-AA90-21E480671C58&apn_sauid=B5668CF0-8BF0-4E29-9922-8C31E22CCD03
FF Extension: Ask Toolbar - C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\Extensions\[email protected] [2012-04-28]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP6235994A-288E-468F-8E8F-8EE0F72D5CDB&SSPV=SP21726TA_sp_ch
CHR HKU\S-1-5-21-4190836313-3339163880-859448109-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [incfcgceegpikennjoplhfghaaikdgei] - C:\Users\Roberts Family\AppData\Roaming\StartNow Toolbar\CR\zcrx.crx [2012-11-19]
Task: {59CF60D2-C000-4F96-A3DD-6518DE80F8B5} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-12-23] () <==== ATTENTION
Hosts:
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
BIGROD

BIGROD

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
# AdwCleaner v5.008 - Logfile created 18/09/2015 at 10:25:50
# Updated 18/09/2015 by Xplode
# Database : 2015-09-17.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Roberts Family - IONGRAPHX
# Running from : C:\Users\Roberts Family\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[x] Service Not Deleted : CouponPrinterService
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\Ask.com
[-] Folder Deleted : C:\Program Files (x86)\Coupons.com CouponBar
[-] Folder Deleted : C:\Program Files (x86)\Coupons
[!] Folder Not Deleted : C:\Program Files (x86)\Coupons
[!] Folder Not Deleted : C:\Program Files (x86)\Coupons.com CouponBar
[-] Folder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB
[-] Folder Deleted : C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
[-] Folder Deleted : C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[!] Folder Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[-] Folder Deleted : C:\Users\Roberts Family\AppData\Local\apn
[-] Folder Deleted : C:\Users\Roberts Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
[-] Folder Deleted : C:\Users\Roberts Family\AppData\LocalLow\AskToolbar
[-] Folder Deleted : C:\Users\Roberts Family\AppData\LocalLow\Toolbar4
[-] Folder Deleted : C:\Users\Roberts Family\AppData\Roaming\OpenCandy
[-] Folder Deleted : C:\Users\Roberts Family\AppData\Roaming\StartNow Toolbar
[-] Folder Deleted : C:\Users\Roberts Family\AppData\Roaming\RHEng
[-] Folder Deleted : C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\Extensions\[email protected]
[-] Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
 
***** [ Files ] *****
 
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
[-] File Deleted : C:\Users\Roberts Family\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage
[-] File Deleted : C:\Users\Roberts Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Roberts Family\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Check PC for Errors.lnk
[-] File Deleted : C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\searchplugins\Askcom.xml
[-] File Deleted : C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\searchplugins\bingp.xml
[-] File Deleted : C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\searchplugins\yahoo.xml
[-] File Deleted : C:\Users\Roberts Family\Desktop\Check PC for Errors.lnk
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : Scheduled Update for Ask Toolbar
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
[-] Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
[-] Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
[-] Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
[-] Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\incfcgceegpikennjoplhfghaaikdgei
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8660E5B3-6C41-44DE-8503-98D99BBECD41}
[!] Key Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8660E5B3-6C41-44DE-8503-98D99BBECD41}
[!] Key Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8660E5B3-6C41-44DE-8503-98D99BBECD41}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
[-] Key Deleted : HKCU\Software\APN
[-] Key Deleted : HKCU\Software\Ask.com
[-] Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
[-] Key Deleted : HKLM\SOFTWARE\APN
[-] Key Deleted : HKLM\SOFTWARE\AskToolbar
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.2
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CouponBar5.0.0.4
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19E8EBBF-55F3-41FB-AC8E-373BA0436939}
[!] Key Not Deleted : [x64] HKCU\Software\APN
[!] Key Not Deleted : [x64] HKCU\Software\Ask.com
[!] Key Not Deleted : HKU\S-1-5-21-4190836313-3339163880-859448109-1001\Software\AppDataLow\Software\AskToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
[!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2B22ECC0-FEB4-4912-94FF-C491A05E5B06}
[!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2B22ECC0-FEB4-4912-94FF-C491A05E5B06}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
[!] Key Not Deleted : HKU\S-1-5-21-4190836313-3339163880-859448109-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
[!] Key Not Deleted : HKU\S-1-5-21-4190836313-3339163880-859448109-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2B22ECC0-FEB4-4912-94FF-C491A05E5B06}
[!] Key Not Deleted : HKU\S-1-5-21-4190836313-3339163880-859448109-1001\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("browser.startup.homepage", "hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ff");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.apn_dbr", "cr_36.0.1985.143");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.cbid", "^FV");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.config-updated", false);
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.cr-o", "14594cr");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.crumb", "2014.08.31+13.19.06-dfprdapntlfe2-US-QnJpc3RvdyxWQSxVbml0ZWQgU3RhdGVz");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.displaybehavior", "");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.displaytext", "");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^US");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", true);
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.first-restart-after-config-update", true);
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.fresh-install", false);
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.guid", "FD8FDC34-78E7-4797-AA90-21E480671C58");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.hpr", "YES");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxps://websearch.ask.com\", [...]
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.if", "su");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.keyword-toggled-in-session", false);
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.last-config-req", "1430097090672");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.locale", "en_US");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.location", "Bristow,VA,United States");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.lstation", "");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.new-tab-enabled", true);
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.news-native-on", true);
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.nthp", "YES");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.nthp_prev", "0");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.o", "14594");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.pstate", "");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.qsrc", "2871");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.r", "21");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.sa", "YES");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.saguid", "B5668CF0-8BF0-4E29-9922-8C31E22CCD03");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.silent-upgrade", true);
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.slwo", "0");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.socialmini-first", true);
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.socialmini-speed", "10000");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false);
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.themeid", "");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.timeinstalled", "8/31/2014 1:19:29 PM");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.to", "");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.v", "3.15.29.100013");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.version", "5.15.29.67612");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.volume", "");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,%7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:0.9.22,fmconverter%40gmail.com:1.0.0,fmdownloader%40gmail.com:1.0.0,ytfmdownloader%[...]
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\4kqza45f.default\prefs.js] [Preference] Deleted : user_pref("id_couponscom.searchengine", "Yahoo");
[-] [C:\Users\Roberts Family\AppData\Roaming\Mozilla\Firefox\Profiles\p47t0h43.default\prefs.js] [Preference] Deleted : user_pref("browser.startup.homepage", "hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ff");
[-] [C:\Users\Roberts Family\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\Roberts Family\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb
[-] [C:\Users\Roberts Family\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : incfcgceegpikennjoplhfghaaikdgei
[-] [C:\Users\Roberts Family\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jbolfgndggfhhpbnkgnpjkfhinclbigj
[-] [C:\Users\Roberts Family\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://search.conduit.com/?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP6235994A-288E-468F-8E8F-8EE0F72D5CDB&SSPV=SP21726TA_sp_ch
 
*************************
 
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner[S1].txt - [8940 bytes] - [22/06/2013 12:56:00]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [32018 bytes] ##########

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are the redirects still occurring ? Also are there any other problems
  • 0

#5
BIGROD

BIGROD

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts

The issue seems to be corrected now. Haven't seen the pop-up lately.


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP