Can you see what is stopping my Disk Defrag from being able to open and run with this?? If so, can we work on fixing that as well please?? Thank you.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-07-2017
Ran by breakmydreams (administrator) on HANSONNUTT (13-07-2017 14:21:16)
Running from C:\Users\breakmydreams\Desktop
Loaded Profiles: breakmydreams (Available Profiles: breakmydreams)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\windows\System32\atiesrxx.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter3\NielsenOnline64.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) C:\windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\windows\System32\GWX\GWXConfigManager.exe
(Microsoft Corporation) C:\windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\windows\System32\wbem\WMIADAP.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588456 2010-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [NielsenOnline] => C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe [194400 2016-03-03] (The Nielsen Company)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23743808 2016-05-04] (Dropbox, Inc.)
HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-04-29] (Valve Corporation)
HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\MountPoints2: {c1d8d66d-0f6c-11e3-b96b-00266c08a449} - G:\windows\AutoRun.exe {430A8AE3-8898-4DAB-8C5B-5E8ADA7D571E} 3.0.0.02 VID_19D2&PID_0358 {9B00E99F-83A4-40d4-B987-7EB04F722BB7}
HKU\S-1-5-21-2178555272-1815042791-136943586-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
Startup: C:\Users\breakmydreams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2540 series.lnk [2017-07-10]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{63C4EE6D-8FF2-47D1-A936-3E88325F2848}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{D3814425-7DAD-4CAF-9D53-DB5F7D0F323B}: [DhcpNameServer] 192.168.42.129
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {18C3FD15-74F6-4280-9C98-3590C966B7B8} hxxp://www.worldwinner.com/games/v47/skillgam/skillgam.cab
DPF: HKLM-x32 {2C153C75-8476-434B-B3C3-57B63A3D1939} hxxp://www.worldwinner.com/games/v48/brickout/brickout.cab
DPF: HKLM-x32 {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} hxxp://www.worldwinner.com/games/v50/pool/pool.cab
DPF: HKLM-x32 {483EB14D-AF1C-4951-81B0-4E2B41829FF6} hxxps://assess.shlonline.com/cabs/QOLCheck.ocx
DPF: HKLM-x32 {555F1BBC-6EC2-474F-84AF-633EF097FF54} hxxp://www.worldwinner.com/games/v53/wwhearts/wwhearts.cab
DPF: HKLM-x32 {61900274-3323-4446-BDCD-91548D32AF1B} hxxp://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab
DPF: HKLM-x32 {62969CF2-0F7A-433B-A221-FD8818C06C2F} hxxp://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} hxxp://www.worldwinner.com/games/v41/freecell/freecell.cab
DPF: HKLM-x32 {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: HKLM-x32 {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} hxxp://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab
DPF: HKLM-x32 {95A311CD-EC8E-452A-BCEC-B844EB616D03} hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
DPF: HKLM-x32 {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} hxxp://www.worldwinner.com/games/v41/hangman/hangman.cab
DPF: HKLM-x32 {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} hxxp://www.worldwinner.com/games/v42/tilecity/tilecity.cab
DPF: HKLM-x32 {BB637307-92FA-47EC-B3F7-6969078673CC} hxxp://www.worldwinner.com/games/v45/royal/royal.cab
DPF: HKLM-x32 {C5326A4D-E9AA-40AD-A09A-E74304D86B47} hxxp://www.worldwinner.com/games/v52/dinerdash/dinerdash.cab
DPF: HKLM-x32 {C82BB209-F528-46F9-96D5-69DEF7260916} hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
DPF: HKLM-x32 {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} hxxp://www.worldwinner.com/games/v43/paint/paint.cab
DPF: HKLM-x32 {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} hxxp://www.worldwinner.com/games/v44/golfsol/golfsol.cab
DPF: HKLM-x32 {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} hxxp://www.worldwinner.com/games/v54/wwspades/wwspades.cab
FireFox:
========
FF ProfilePath: C:\Users\breakmydreams\AppData\Roaming\Mozilla\Firefox\Profiles\3uictqyy.default-1444867216056 [2017-07-06]
FF Extension: (Qmee) - C:\Users\breakmydreams\AppData\Roaming\Mozilla\Firefox\Profiles\3uictqyy.default-1444867216056\Extensions\
[email protected] [2016-01-05]
FF Extension: (No Name) - C:\Users\breakmydreams\AppData\Roaming\Mozilla\Firefox\Profiles\3uictqyy.default-1444867216056\extensions\
[email protected] [not found]
FF Extension: (Nielsen NetSight) - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter3\FirefoxAddOns\
[email protected] [2017-07-10]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.2.0.23388\npSkypeWebPlugin64.dll [2014-11-03] (Skype)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll [2014-01-28] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-02-22] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-07-19] (Pando Networks)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.2.0.23388\npSkypeWebPlugin.dll [2014-11-03] (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-05] (Google Inc.)
FF Plugin-x32: @worldwinner.com/Launcher2,version=1.10.0.25 -> C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll [2011-03-17] (WorldWinner.com, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2178555272-1815042791-136943586-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\breakmydreams\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2178555272-1815042791-136943586-1001: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\breakmydreams\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll [2010-10-19] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-2178555272-1815042791-136943586-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-07-19] (Pando Networks)
FF Plugin HKU\S-1-5-21-2178555272-1815042791-136943586-1001: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\npGameTreatWidget.dll [No File]
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.bing.com/?pc=U162&form=U162HP
CHR StartupUrls: Default -> "hxxp://www.bing.com/?pc=U162&form=U162HP","hxxp://www.cassiopessa.com/?f=7&a=csp_tight2_15_27&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtAtA0D0AtB0A0EtCyCtDtN0D0Tzu0StCtByBzztN1L2XzutAtFtCtCtFtAtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StC0AtDtAyBzzyCyDtGtBzzyD0AtGyDzztBzztGyEzytB0CtGtDyDzyyEyBzyyCzytAtC0E0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzytCzyzz0F0AyCtGyE0DtC0BtGyEyEtB0CtGzyzyyDyCtGyC0EyD0CyEtAyEtB0A0D0DyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztCzy&cr=1511828159&ir=","hxxp://www.cassiopessa.com/?f=1&a=csp_tight2_15_27&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtAtA0D0AtB0A0EtCyCtDtN0D0Tzu0StCtByBzztN1L2XzutAtFtCtCtFtAtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StC0AtDtAyBzzyCyDtGtBzzyD0AtGyDzztBzztGyEzytB0CtGtDyDzyyEyBzyyCzytAtC0E0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzytCzyzz0F0AyCtGyE0DtC0BtGyEyEtB0CtGzyzyyDyCtGyC0EyD0CyEtAyEtB0A0D0DyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztCzy&cr=1511828159&ir=&uref=chmm"
CHR Profile: C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default [2017-07-10]
CHR Extension: (Nielsen NetSight) - C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpgmmbefnahabhcchpfkobeindpppflc [2017-07-05]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2017-07-07]
CHR Extension: (Savings Alerts) - C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\gflpeapppfijfecjmibidlnfggdifmic [2017-07-05]
CHR Extension: (Screenwise Meter) - C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmieefkpoaagiboijfjhidningfpomge [2017-07-05]
CHR Extension: (Piggy - Automatic Coupons & Cash Back) - C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfapbcheiepjppjbnkphkmegjlipojba [2017-07-05]
CHR Extension: (OneStopGPT) - C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\iahagolkpaghhinaljhjihagjgomdokb [2014-03-10] [UpdateUrl: hxxps://s3.amazonaws.com/com.alexa.toolbar/autoupdate/atbpg/update.xml] <==== ATTENTION
CHR Extension: (Klout) - C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjaakbhpcbpmojkhpiaacepfcaniglak [2015-07-12]
CHR Extension: (Skype) - C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-07-05]
CHR Extension: (Qmee) - C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbaanpgkpkoamihninlcegnjclcpibde [2017-07-05]
CHR Extension: (MyPoints Score) - C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcglgmippekbdbmniknikdgkmnnpdnmh [2017-07-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-05]
CHR Extension: (Chrome Media Router) - C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-07]
CHR HKLM\...\Chrome\Extension: [bpgmmbefnahabhcchpfkobeindpppflc] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2178555272-1815042791-136943586-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [iahagolkpaghhinaljhjihagjgomdokb] - C:\Users\breakmydreams\AppData\Local\Alexa\atbpg-SmCPIj-1.3.crx [2014-01-10]
CHR HKLM-x32\...\Chrome\Extension: [bpgmmbefnahabhcchpfkobeindpppflc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-11] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-11] (Dropbox, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 NielsenUpdate; C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe [3170144 2016-03-03] (The Nielsen Company)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [123320 2011-07-19] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AppObserver; C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter3\appobserver64.sys [15200 2016-03-03] (The Nielsen Company)
S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [109272 2017-07-06] (Malwarebytes)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R1 nnfwdk; C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter3\nnfwdk64.sys [26464 2016-03-03] (The Nielsen Company)
R3 RTWlanE; C:\windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation )
S3 usbrndis6; C:\windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
R1 VBoxNetAdp; C:\windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-07-09] (Oracle Corporation)
R1 VBoxNetLwf; C:\windows\System32\DRIVERS\VBoxNetLwf.sys [146072 2015-07-09] (Oracle Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-13 14:21 - 2017-07-13 14:22 - 00021934 _____ C:\Users\breakmydreams\Desktop\FRST.txt
2017-07-12 19:30 - 2017-07-12 19:30 - 00001072 _____ C:\July 12th Scan log.txt
2017-07-12 19:30 - 2017-07-12 19:30 - 00000334 _____ C:\July 12th Protection log.txt
2017-07-12 19:29 - 2017-07-12 19:29 - 00005435 _____ C:\July 5th Protection Log.txt
2017-07-12 19:29 - 2017-07-12 19:29 - 00004885 _____ C:\July 5th Scan Log.txt
2017-07-12 19:28 - 2017-07-12 19:28 - 00000247 _____ C:\July 4th 2017 Protection log.txt
2017-07-10 17:10 - 2017-07-10 17:10 - 00007184 _____ C:\Users\breakmydreams\Desktop\JRT.txt
2017-07-10 16:28 - 2017-07-10 16:51 - 00000000 ____D C:\AdwCleaner
2017-07-10 16:27 - 2017-07-10 16:26 - 01663672 _____ (Malwarebytes) C:\Users\breakmydreams\Desktop\JRT.exe
2017-07-10 16:27 - 2017-07-10 16:21 - 04110280 _____ C:\Users\breakmydreams\Desktop\adwcleaner_6.047.exe
2017-07-06 18:04 - 2017-07-07 16:41 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-07-06 17:51 - 2017-07-07 16:41 - 00000000 ____D C:\Users\breakmydreams\Desktop\mbar
2017-07-06 17:50 - 2017-07-06 17:06 - 16563352 _____ (Malwarebytes Corp.) C:\Users\breakmydreams\Desktop\mbar-1.09.3.1001.exe
2017-07-06 13:44 - 2017-07-06 13:44 - 00000000 ____D C:\Users\breakmydreams\AppData\Roaming\Google
2017-07-06 13:36 - 2017-07-06 13:40 - 00024946 _____ C:\Users\breakmydreams\Desktop\Fixlog.txt
2017-07-05 19:51 - 2017-07-05 19:55 - 00050408 _____ C:\Users\breakmydreams\Downloads\Addition.txt
2017-07-05 19:48 - 2017-07-05 19:55 - 00034937 _____ C:\Users\breakmydreams\Downloads\FRST.txt
2017-07-05 19:46 - 2017-07-13 14:21 - 00000000 ____D C:\FRST
2017-07-05 19:45 - 2017-07-13 14:10 - 02435584 _____ (Farbar) C:\Users\breakmydreams\Desktop\FRST64.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-13 14:21 - 2009-07-14 01:13 - 00006502 _____ C:\windows\system32\PerfStringBackup.INI
2017-07-13 14:17 - 2016-02-11 18:09 - 00000922 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-07-13 14:16 - 2012-04-24 22:36 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2017-07-12 19:26 - 2014-06-28 10:37 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-12 19:22 - 2016-02-11 18:08 - 00000918 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-07-12 13:53 - 2009-07-14 00:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-12 13:53 - 2009-07-14 00:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-10 16:49 - 2014-10-30 15:46 - 00000000 ____D C:\Program Files (x86)\Steam
2017-07-10 16:45 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-07-10 16:38 - 2012-04-24 22:29 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2017-07-10 16:37 - 2012-04-24 22:36 - 00000000 ____D C:\Users\breakmydreams\AppData\LocalLow\Yahoo!
2017-07-07 16:25 - 2015-04-05 06:57 - 00000000 ___SD C:\windows\SysWOW64\GWX
2017-07-07 16:25 - 2015-04-05 06:57 - 00000000 ___SD C:\windows\system32\GWX
2017-07-07 16:24 - 2012-05-19 16:41 - 00002155 _____ C:\windows\epplauncher.mif
2017-07-07 16:24 - 2012-05-19 16:40 - 00002128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2017-07-07 16:24 - 2012-05-19 16:40 - 00000000 ____D C:\Program Files\Microsoft Security Client
2017-07-07 16:23 - 2012-05-19 16:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2017-07-07 16:22 - 2014-12-10 20:24 - 00000000 ____D C:\windows\system32\appraiser
2017-07-06 17:51 - 2014-06-28 10:36 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2017-07-06 13:44 - 2014-02-22 13:46 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-07-06 13:40 - 2012-04-19 16:06 - 00000000 ____D C:\Users\breakmydreams\AppData\LocalLow\Temp
2017-07-06 13:38 - 2012-04-18 22:08 - 00000000 ____D C:\Users\breakmydreams
2017-07-06 13:34 - 2012-02-25 09:44 - 00002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-05 19:20 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\NDF
2017-07-05 19:08 - 2012-02-25 09:44 - 00003330 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-07-05 19:08 - 2012-02-25 09:44 - 00003202 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-07-05 19:04 - 2016-02-11 18:09 - 00003918 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineUA
2017-07-05 19:04 - 2016-02-11 18:08 - 00003666 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineCore
2017-07-04 22:07 - 2009-07-13 23:20 - 00000000 ____D C:\windows\inf
==================== Files in the root of some directories =======
2013-03-06 01:03 - 2012-09-21 05:29 - 0196608 _____ () C:\Users\breakmydreams\AppData\Local\common_functions.dll
2012-09-21 05:29 - 2012-09-21 05:29 - 0114688 _____ () C:\Users\breakmydreams\AppData\Local\ie_runner_app.exe
2013-03-06 01:03 - 2012-06-26 06:59 - 0940544 _____ (Apache Software Foundation) C:\Users\breakmydreams\AppData\Local\log4cxx.dll
2015-08-25 23:41 - 2015-08-25 23:41 - 0000057 _____ () C:\ProgramData\Ament.ini
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-01-23 08:21
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-07-2017
Ran by breakmydreams (13-07-2017 14:24:02)
Running from C:\Users\breakmydreams\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-04-19 02:08:12)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2178555272-1815042791-136943586-500 - Administrator - Disabled)
breakmydreams (S-1-5-21-2178555272-1815042791-136943586-1001 - Administrator - Enabled) => C:\Users\breakmydreams
Guest (S-1-5-21-2178555272-1815042791-136943586-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2178555272-1815042791-136943586-1008 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Any Video Converter 5.0.9 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{4ACA5AE7-E68C-5A48-F8E6-D67946267506}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.1.0 - Conexant)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.9) (Version: 5.0.0.9 - Coupons.com Incorporated)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo II (HKLM-x32\...\Diablo II) (Version: - Blizzard Entertainment)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.19.34 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.61.1 - Dropbox, Inc.) Hidden
ETDWare PS/2-X64 8.0.8.0_R01 (HKLM\...\Elantech) (Version: 8.0.8.0 - ELAN Microelectronic Corp.)
Firefly Online Cortex (HKLM-x32\...\Steam App 343750) (Version: - Spark Plug Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HP Deskjet 2540 series Basic Device Software (HKLM\...\{7AF1A318-2914-41CC-9B24-041C2D4AAAD7}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
iSpQ VideoChat 9 (HKLM-x32\...\{A03E40E6-5395-46FC-A128-6997FC9D7080}) (Version: 9.1.25 - nanoCom Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
Nielsen (HKLM-x32\...\NetSight) (Version: - )
Oracle VM VirtualBox 5.0.0 (HKLM\...\{FCD0B365-2189-45F3-9AF2-2BCED86C121A}) (Version: 5.0.0 - Oracle Corporation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{446CCB22-B632-4A1D-BF84-DA8DB0575F98}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype Web Plugin (HKLM-x32\...\{15AF46DB-9EBA-4662-AA52-29EF23585035}) (Version: 3.2.0.23388 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SwagButton (HKLM-x32\...\{7967795F-ADBE-477F-8777-AF6195210D2B}) (Version: 167.0.107 - Prodege)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.44109 - TeamViewer)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.01.01 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}) (Version: 2.1.0.3 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.15.0 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{0AF17224-CF88-40B8-BB1A-D179369847B4}) (Version: 2.1.0.2 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.7 - TOSHIBA)
Unity Web Player (HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WorldWinner Games (HKLM-x32\...\{2A82EBFC-89AB-41EA-80E8-A07C73C752A0}) (Version: 1.10.0.25 - WorldWinner.com, Inc.)
Yahoo! BrowserPlus 2.9.8 (HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\Yahoo! BrowserPlus) (Version: - Yahoo! Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
Zuma's Revenge! (HKLM-x32\...\Zuma's Revenge!) (Version: - PopCap Games)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-04] (Dropbox, Inc.)
ContextMenuHandlers01: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-04] (Dropbox, Inc.)
ContextMenuHandlers01: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers01: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers01: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers02: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2015-10-05] (Malwarebytes)
ContextMenuHandlers04: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-04] (Dropbox, Inc.)
ContextMenuHandlers04: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2011-06-08] (Advanced Micro Devices, Inc.)
ContextMenuHandlers05: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-04] (Dropbox, Inc.)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2015-10-05] (Malwarebytes)
ContextMenuHandlers06: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers06: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {10295993-B5CF-4E7B-8BCD-A7B059CA6EF1} - System32\Tasks\{45F4F7F7-8066-40B5-A10D-DB16E710B817} => C:\Users\breakmydreams\Documents\MapleStory\MapleStorySetupV151.exe
Task: {368AFE89-DCB8-4692-8B3B-38E911DF4503} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {451E0786-11FD-4F89-88C7-AE517EF60174} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {519B7C82-5BFD-4200-BDD3-FE5C77A008D7} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-11] (Dropbox, Inc.)
Task: {54B09701-C83A-4066-A9CF-2025C2C5C53C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {64DDCDD2-C577-4DCC-9BA5-1987CFB7B181} - System32\Tasks\{5432D8DA-BFCC-454E-83F8-E822B2191864} => C:\Program Files (x86)\Diablo II\Diablo II.exe [2012-05-18] (Blizzard North)
Task: {7A7A551C-16BF-408A-A17E-CF5D4C10D5CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {8F72254D-B3FC-45EC-8A8F-4D558A0F1A87} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {98E1924F-96FE-48CB-9BF5-44306D1B4CF0} - System32\Tasks\{19121881-E303-4594-9947-4BCEB8C7513C} => C:\Program Files (x86)\Diablo II\Diablo II.exe [2012-05-18] (Blizzard North)
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\windows\system32\srtasks.exe
Task: {A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\windows\System32\LocationNotificationWindows.exe
Task: {B5EBE78B-DE8F-4953-9358-4B84AF2194E1} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {BD82E19D-148A-44AA-95E6-9E13E5AA1AE3} - System32\Tasks\{EE8A8259-326C-451C-999E-A40DF7183AA3} => C:\Program Files (x86)\Diablo II\Diablo II.exe [2012-05-18] (Blizzard North)
Task: {BEA72C03-771C-4E95-A7FE-D49A10529E23} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {C654A81A-6872-441B-8381-8EAF74CBCABE} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-11] (Dropbox, Inc.)
Task: {D3868BD1-B97E-45D2-A262-DE8B3DA9498D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2178555272-1815042791-136943586-1001
Task: {DDED528F-F43C-4667-BB63-A1E95547F1C5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {E8ADC78E-B21E-4E2B-913B-EC9D984524AB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {F1990D08-226D-494E-93DC-396EFDA77788} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)
Task: {F75EF8F4-EFEB-4880-994A-CF56EB2AE5B4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2010-11-18 21:18 - 2010-11-18 21:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2014-08-28 12:15 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-28 12:15 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-28 12:15 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-11-25 12:44 - 2016-03-03 10:21 - 00791392 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\nsmmc.dll
2016-04-12 14:01 - 2016-03-03 10:17 - 00791392 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter3\communication.dll
2016-04-12 14:01 - 2016-03-03 10:17 - 00183136 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter3\npsp1.dll
2016-04-12 14:01 - 2016-03-03 10:17 - 00252256 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter3\npwmi.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7867 more sites.
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\123simsen.com -> www.123simsen.com
There are 7867 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2017-07-05 17:00 - 00450892 ____R C:\windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123moviedownload.com
127.0.0.1 123moviedownload.com
There are 15464 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2178555272-1815042791-136943586-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\breakmydreams\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: NielsenOnline => C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{A75294BF-6D28-4190-9F30-9486B0656966}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D09F841C-3ED7-4C01-9C4F-C0D9B114F558}] => (Allow) LPort=2869
FirewallRules: [{43FD5422-C754-41E9-80F0-F7306695CD76}] => (Allow) LPort=1900
FirewallRules: [{18E36171-96E6-486F-BF4E-777316285C52}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3C8ED9E3-A07F-4BF8-8452-E16E2B3ACD0F}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{6456AFDB-4290-4254-8265-5B7759FCC094}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{159DAE23-93B7-410E-A322-317D0060FE5C}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{E3C3F4D8-65CE-49C2-8BCE-51E1AB67B982}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{A5323A45-B96A-4E79-9667-8D8E2F5DFF3B}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{7D09C87E-E4B8-4E27-879A-565DB476E2E3}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{D71C8364-87C2-4051-936D-299C4F19C286}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{8340C004-18D4-4414-9871-A8E2461939E4}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{ABC655AB-D160-4C23-ADDF-55490663256E}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{3EF08668-23E2-4589-BF2C-D3A2774F148B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{047506A7-3849-43A2-98DB-DCA89A4B869C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{96CA532F-0995-45F5-9146-9FA7928B306D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{22725756-734A-42F8-A2B5-F8B334137F86}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B4718761-2FEF-4F5B-A509-87E28D5F34AD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FireflyOnlineCortex\FireflyCortex.exe
FirewallRules: [{B339AB6A-D974-436D-888D-CA4C20858653}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FireflyOnlineCortex\FireflyCortex.exe
FirewallRules: [{2948D0D1-E136-4C8C-93EC-AC2D08F68D27}] => (Allow) C:\Program Files (x86)\SkypeWebPlugin\3.2.0.23388\SkypeWebPlugin.exe
FirewallRules: [{C0346D53-A8EB-488E-8E18-CB03FFCC398D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{69D0E40F-921E-4A8F-9289-01EA93643109}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{32C20140-73F5-4B24-ACDA-54BC15922DAC}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{E0906B54-0810-4D99-97D2-678A2660D0D7}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [TCP Query User{4D261E4E-7B4A-4DA3-AFB0-9C3478BF20C7}C:\program files (x86)\ispq videochat 9\ispqvideochat9.exe] => (Allow) C:\program files (x86)\ispq videochat 9\ispqvideochat9.exe
FirewallRules: [UDP Query User{240E493B-02FE-4E26-A384-0208F12257A3}C:\program files (x86)\ispq videochat 9\ispqvideochat9.exe] => (Allow) C:\program files (x86)\ispq videochat 9\ispqvideochat9.exe
FirewallRules: [{CEC0EF4E-9A9D-4B3C-9BBE-7F1A1F0CBD83}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{90496004-87A5-4CDE-9461-1399B6C75B1F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8CAE4574-7455-4622-87C5-3527869C3070}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{AB37E0E9-2CF2-45B6-A0A0-8133C9C9EB1B}] => (Allow) LPort=5357
FirewallRules: [{1336BF40-D205-4F7B-864D-9C0CBEC771DA}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{B3706DC5-81DF-4DBB-85BD-821A48579443}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
FirewallRules: [{69434080-33AD-48C3-ACB3-46273988541A}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
FirewallRules: [{D605537C-F814-4A99-8852-857901CE69A6}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{228FDAD0-749B-403F-B40A-AF76BCD044EF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
07-05-2016 08:30:18 Windows Update
07-05-2016 17:59:52 Windows Update
09-05-2016 23:03:06 Removed iSpQ VideoChat 9
09-05-2016 23:25:53 Windows Update
31-12-2016 13:40:38 Windows Backup
01-01-2017 23:28:28 Restore Operation
05-07-2017 18:26:42 Windows Update
06-07-2017 13:36:24 Restore Point Created by FRST
07-07-2017 16:20:11 Windows Update
10-07-2017 17:02:10 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/13/2017 02:21:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (07/13/2017 02:21:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (07/13/2017 02:19:13 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (07/13/2017 02:19:13 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (07/12/2017 07:34:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (07/12/2017 07:34:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (07/12/2017 07:23:27 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (07/12/2017 07:23:27 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (07/12/2017 01:49:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (07/12/2017 01:49:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
System errors:
=============
Error: (07/12/2017 07:33:45 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {005A3A96-BAC4-4B0A-94EA-C0CE100EA736} did not register with DCOM within the required timeout.
Error: (07/12/2017 07:32:25 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 117.2.0.0
Update Source: Microsoft Malware Protection Center
Update Stage: Search
Signature Type: Network Inspection System
Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version:
Previous Engine Version: 2.1.13804.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Error: (07/12/2017 07:32:20 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.247.516.0
Update Source: Microsoft Malware Protection Center
Update Stage: Search
Signature Type: AntiSpyware
Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version:
Previous Engine Version: 1.1.13903.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Error: (07/12/2017 07:32:20 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.247.516.0
Update Source: Microsoft Malware Protection Center
Update Stage: Search
Signature Type: AntiVirus
Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version:
Previous Engine Version: 1.1.13903.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Error: (07/12/2017 07:32:14 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.247.516.0
Update Source: Microsoft Update Server
Update Stage: Search
Signature Type: AntiVirus
Update Type: Full
User: NT AUTHORITY\SYSTEM
Current Engine Version:
Previous Engine Version: 1.1.13903.0
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Error: (07/12/2017 07:29:58 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 117.2.0.0
Update Source: Microsoft Malware Protection Center
Update Stage: Search
Signature Type: Network Inspection System
Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version:
Previous Engine Version: 2.1.13804.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Error: (07/12/2017 07:29:53 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.247.516.0
Update Source: Microsoft Malware Protection Center
Update Stage: Search
Signature Type: AntiSpyware
Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version:
Previous Engine Version: 1.1.13903.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Error: (07/12/2017 07:29:53 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.247.516.0
Update Source: Microsoft Malware Protection Center
Update Stage: Search
Signature Type: AntiVirus
Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version:
Previous Engine Version: 1.1.13903.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Error: (07/12/2017 07:29:48 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.247.516.0
Update Source: Microsoft Update Server
Update Stage: Search
Signature Type: AntiVirus
Update Type: Full
User: NT AUTHORITY\SYSTEM
Current Engine Version:
Previous Engine Version: 1.1.13903.0
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Error: (07/12/2017 02:05:23 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 117.2.0.0
Update Source: Microsoft Malware Protection Center
Update Stage: Search
Signature Type: Network Inspection System
Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version:
Previous Engine Version: 2.1.13804.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
==================== Memory info ===========================
Processor: AMD E-300 APU with Radeon HD Graphics
Percentage of memory in use: 41%
Total physical RAM: 2662.87 MB
Available physical RAM: 1559.72 MB
Total Virtual: 5323.92 MB
Available Virtual: 3781.27 MB
==================== Drives ================================
Drive c: (TI106302W0C) (Fixed) (Total:282.92 GB) (Free:126.11 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 20C94C86)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=282.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=17)
==================== End of Addition.txt ============================